#!/bin/bash # + -- --=[Sn1per by @xer0dayz # + -- --=[https://xerosecurity.com # VER="5.9" INSTALL_DIR="/usr/share/sniper" # LOAD SNIPER CONFIGURATION FILE if [ -f ~/.sniper.conf ]; then source ~/.sniper.conf echo -e "$OKBLUE[*] Loaded configuration file from ~/.sniper.conf [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" else source $INSTALL_DIR/sniper.conf echo -e "$OKBLUE[*] Loaded configuration file from $INSTALL_DIR/sniper.conf [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" fi DISTRO=$(cat /etc/*-release | grep DISTRIB_ID= | cut -d'=' -f2) # REMOVE HOST FROM WORKSPACE sed -i "/www.test.com/d" domains/targets-all-sorted.txt domains/domains-all-sorted.txt domains/targets.txt function help { echo -e "$OKRED ____ $RESET" echo -e "$OKRED _________ / _/___ ___ _____$RESET" echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET" echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET" echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET" echo -e "$OKRED /_/ $RESET" echo "" echo -e "$OKORANGE + -- --=[https://xerosecurity.com$RESET" echo -e "$OKORANGE + -- --=[sniper v$VER by @xer0dayz$RESET" echo "" echo ' [*] NORMAL MODE' echo ' sniper -t|--target ' echo "" echo ' [*] NORMAL MODE + OSINT + RECON' echo ' sniper -t|--target -o|--osint -re|--recon' echo "" echo ' [*] STEALTH MODE + OSINT + RECON' echo ' sniper -t|--target -m|--mode stealth -o|--osint -re|--recon' echo "" echo ' [*] DISCOVER MODE' echo ' sniper -t|--target -m|--mode discover -w|--workspace ' echo "" echo ' [*] SCAN ONLY SPECIFIC PORT' echo ' sniper -t|--target -m port -p|--port ' echo "" echo ' [*] FULLPORTONLY SCAN MODE' echo ' sniper -t|--target -fp|--fullportonly' echo "" echo ' [*] PORT SCAN MODE' echo ' sniper -t|--target -m|--mode port -p|--port ' echo "" echo ' [*] WEB MODE - PORT 80 + 443 ONLY!' echo ' sniper -t|--target -m|--mode web' echo "" echo ' [*] HTTP WEB PORT MODE' echo ' sniper -t|--target -m|--mode webporthttp -p|--port ' echo "" echo ' [*] HTTPS WEB PORT MODE' echo ' sniper -t|--target -m|--mode webporthttps -p|--port ' echo "" echo ' [*] ENABLE BRUTEFORCE' echo ' sniper -t|--target -b|--bruteforce' echo "" echo ' [*] AIRSTRIKE MODE' echo ' sniper -f|--file /full/path/to/targets.txt -m|--mode airstrike' echo "" echo ' [*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED' echo ' sniper -f--file /full/path/to/targets.txt -m|--mode nuke -w|--workspace ' echo "" echo ' [*] LIST WORKSPACES' echo ' sniper --list' echo "" echo ' [*] GET SNIPER SCAN STATUS' echo ' sniper --status' echo "" echo ' [*] LOOT REIMPORT FUNCTION' echo ' sniper -w --reimport' echo "" echo ' [*] LOOT REIMPORT FUNCTION' echo ' sniper -w --reload' echo "" echo ' [*] UPDATE SNIPER' echo ' sniper -u|--update' echo "" echo "" exit } function logo { echo -e "$OKRED ____ $RESET" echo -e "$OKRED _________ / _/___ ___ _____$RESET" echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET" echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET" echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET" echo -e "$OKRED /_/ $RESET" echo "" echo -e "$OKORANGE + -- --=[https://xerosecurity.com$RESET" echo -e "$OKORANGE + -- --=[sniper v$VER by @xer0dayz$RESET" echo "" } function sniper_status { watch -n 1 -c 'ps -ef | egrep "hydra|ruby|python|dirsearch|amass|nmap|metasploit|curl|wget" && echo "NETWORK CONNECTIONS..." && netstat -an | egrep "TIME_WAIT|EST"' } function check_online { if [ ! -z "$ONLINE" ]; then ONLINE=$(curl --connect-timeout 3 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13) if [ -z "$ONLINE" ]; then ONLINE="0" echo -e "$OKBLUE[*] Checking for active internet connection [$RESET${OKRED}FAIL${RESET}$OKBLUE]" echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] sniper is running in offline mode.$RESET" else ONLINE="1" echo -e "$OKBLUE[*] Checking for active internet connection [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" fi fi } function check_update { if [ "$ENABLE_AUTO_UPDATES" == "1" ] && [ "$ONLINE" == "1" ]; then LATEST_VER=$(curl --connect-timeout 3 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13) if [ "$LATEST_VER" != "$VER" ]; then echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] sniper v$LATEST_VER is available to download... To update, type$OKRED \"sniper update\" $RESET" fi fi } function update { logo echo -e "$OKBLUE[*] Checking for updates...[$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" if [ "$ONLINE" = "0" ]; then echo "You will need to download the latest release manually at https://github.com/1N3/Sn1per/" else LATEST_VER=$(curl --connect-timeout 3 -s https://api.github.com/repos/1N3/Sn1per/tags | grep -Po '"name":.*?[^\\]",'| head -1 | cut -c11-13) if [ "$LATEST_VER" != "$VER" ]; then echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE] Sn1per $LATEST_VER is available to download...Do you want to update? (y or n)$RESET" read ans if [ "$ans" = "y" ]; then rm -Rf /tmp/Sn1per/ 2>/dev/null git clone https://github.com/1N3/Sn1per /tmp/Sn1per/ cd /tmp/Sn1per/ chmod +rx install.sh bash install.sh rm -Rf /tmp/Sn1per/ 2>/dev/null exit fi fi fi } if [ "$UPDATE" = "1" ]; then update exit fi # COMMAND LINE SWITCHES POSITIONAL=() while [[ $# -gt 0 ]] do key="$1" case $key in -h|--help) help shift # past argument ;; -t|--target) TARGET="$2" shift # past argument shift # past argument ;; -b|--bruteforce) AUTOBRUTE="1" shift # past argument ;; -fp|--fullportscan) FULLNMAPSCAN="1" shift # past argument ;; -o|--osint) OSINT="1" shift # past argument ;; -re|--recon) RECON="1" shift # past argument ;; -m|--mode) MODE="$2" shift # past argument shift # past argument ;; -p|--port) PORT="$2" shift # past argument shift # past argument ;; -f|--file) FILE="$(realpath $2)" shift # past argument shift # past argument ;; -ri|--reimport) REIMPORT="1" shift # past argument ;; -rl|--reload) RELOAD="1" shift # past argument ;; -n|--noreport) REPORT="0" shift # past argument ;; -nl|--noloot) LOOT="0" NOLOOT="1" shift # past argument ;; -w|--workspace) WORKSPACE="$2" WORKSPACE_DIR="$INSTALL_DIR/loot/workspace/$WORKSPACE" shift # past argument shift # past argument ;; --list) logo ls -l $INSTALL_DIR/loot/workspace/ echo "" echo "cd /usr/share/sniper/loot/workspace/" exit shift ;; -s|--status) sniper_status exit shift ;; -u|--update) UPDATE="1" update exit shift # past argument ;; *) # unknown option POSITIONAL+=("$1") # save it in an array for later echo "Unknown scan option $POSITIONAL...refer to the help menu for usage details." exit shift # past argument ;; esac done set -- "${POSITIONAL[@]}" # restore positional parameters if [ -z "$TARGET" ] && [ -z "$WORKSPACE" ]; then logo echo "You need to specify a target or workspace to use. Type sniper --help for command usage." exit fi LOOT_DIR="/usr/share/sniper/loot/$TARGET" cd $INSTALL_DIR function init { if [ ! -z $WORKSPACE_DIR ]; then LOOT_DIR=$WORKSPACE_DIR fi echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" mkdir -p $LOOT_DIR 2> /dev/null mkdir $LOOT_DIR/domains 2> /dev/null mkdir $LOOT_DIR/screenshots 2> /dev/null mkdir $LOOT_DIR/nmap 2> /dev/null mkdir $LOOT_DIR/reports 2> /dev/null mkdir $LOOT_DIR/output 2> /dev/null mkdir $LOOT_DIR/credentials 2> /dev/null mkdir $LOOT_DIR/osint 2> /dev/null mkdir $LOOT_DIR/vulnerabilities 2> /dev/null mkdir $LOOT_DIR/exploits 2> /dev/null mkdir $LOOT_DIR/web 2> /dev/null mkdir $LOOT_DIR/notes 2> /dev/null mkdir $LOOT_DIR/scans 2> /dev/null TARGET="$(echo $TARGET | sed 's/https:\/\///g' | sed 's/http:\/\///g')" /etc/init.d/metasploit start 2> /dev/null > /dev/null 2>&1 & msfdb start 2> /dev/null > /dev/null if [ "$AUTOBRUTE" == "1" ]; then touch $LOOT_DIR/scans/$TARGET-autobrute.txt 2> /dev/null fi if [ "$FULLNMAPSCAN" == "1" ]; then touch $LOOT_DIR/scans/$TARGET-fullnmapscan.txt 2> /dev/null fi if [ "$OSINT" == "1" ]; then touch $LOOT_DIR/scans/$TARGET-osint.txt 2> /dev/null fi if [ "$RECON" == "1" ]; then touch $LOOT_DIR/scans/$TARGET-recon.txt 2> /dev/null fi } function loot { echo -e "$OKRED ____ $RESET" echo -e "$OKRED _________ / _/___ ___ _____$RESET" echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET" echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET" echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET" echo -e "$OKRED /_/ $RESET" echo "" if [ ! -z $WORKSPACE_DIR ]; then LOOT_DIR=$WORKSPACE_DIR fi echo -e "$OKBLUE[*] Opening loot directory $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" cd $LOOT_DIR if [ "$METASPLOIT_IMPORT" == "1" ]; then echo -e "$OKORANGE + -- --=[Starting Metasploit service...$RESET" /etc/init.d/metasploit start 2> /dev/null > /dev/null msfdb start echo -e "$OKORANGE + -- --=[Importing NMap XML files into Metasploit...$RESET" msfconsole -x "workspace -a $WORKSPACE; workspace $WORKSPACE; db_import $LOOT_DIR/nmap/nmap*.xml; hosts; services; exit;" | tee $LOOT_DIR/notes/msf-$WORKSPACE.txt fi echo -e "$OKORANGE + -- --=[Current reports...$RESET" ls -lh $LOOT_DIR/output/*.txt 2> /dev/null > /dev/null echo -e "$OKORANGE + -- --=[Generating reports...$RESET" cd ./output for a in `ls sniper-*.txt 2>/dev/null`; do # HTML OUTPUT cat "$a" 2> /dev/null | sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" 2> /dev/null > $LOOT_DIR/reports/$a.txt 2> /dev/null echo "$a" 2> /dev/null | aha 2> /dev/null > $LOOT_DIR/reports/$a.html 2> /dev/null cat "$a" 2> /dev/null | aha 2> /dev/null >> $LOOT_DIR/reports/$a.html 2> /dev/null #$INSTALL_DIR/bin/pyText2pdf.py -o $LOOT_DIR/reports/$a.pdf $LOOT_DIR/reports/$a.txt 2> /dev/null > /dev/null done cd .. echo -e "$OKORANGE + -- --=[Sorting all domains...$RESET" touch $LOOT_DIR/domains/domains-all-sorted.txt 2> /dev/null sort -u $LOOT_DIR/domains/*-full.txt > $LOOT_DIR/domains/domains-all-sorted.txt 2> /dev/null sort -u $LOOT_DIR/domains/targets.txt > $LOOT_DIR/domains/targets-all-sorted.txt 2> /dev/null diff $LOOT_DIR/domains/targets-all-sorted.txt $LOOT_DIR/domains/domains-all-sorted.txt | grep \> | awk '{print $2}' > $LOOT_DIR/domains/targets-all-unscanned.txt echo -e "$OKORANGE + -- --=[Removing blank screenshots...$RESET" cd $LOOT_DIR/screenshots/ find $LOOT_DIR/screenshots/ -type f -size -9000c -exec rm -f {} \; cd $LOOT_DIR SNIPER_PRO=$INSTALL_DIR/pro.sh if [ -f $SNIPER_PRO ]; then echo -e "$OKORANGE + -- --=[Loading Sn1per Professional...$RESET" source $INSTALL_DIR/pro.sh echo -e "$OKORANGE + -- --=[Opening workspace directory...$RESET" $BROWSER $LOOT_DIR/sniper-report.html 2> /dev/null > /dev/null & else echo -e "$OKRED + -- --=[Sn1per Professional is not installed. To download Sn1per Professional, go to https://xerosecurity.com. $RESET" $BROWSER https://xerosecurity.com 2> /dev/null > /dev/null & fi echo -e "$OKORANGE + -- --=[Done!$RESET" } if [ "$REIMPORT" = "1" ]; then if [ ! -z "$WORKSPACE_DIR" ]; then loot exit fi fi if [ "$RELOAD" = "1" ]; then if [ ! -z "$WORKSPACE_DIR" ]; then $BROWSER $WORKSPACE_DIR/sniper-report.html 2> /dev/null > /dev/null & exit fi fi if [[ ${TARGET:0:1} =~ $REGEX ]]; then SCAN_TYPE="IP" else SCAN_TYPE="DOMAIN" fi # INITILIZE init # CHECK CONNECTION STATUS check_online # CHECK FOR UPDATES check_update # CHECK FOR BLACKARCH LINUX if grep -q BlackArch /etc/issue; then DISTRO='blackarch' echo "Detected BlackArch GNU/Linux" INSTALL_DIR=$(pwd) echo "Setting current path to $INSTALL_DIR" fi source modes/discover.sh source modes/flyover.sh source modes/fullportonly.sh source modes/web.sh source modes/webporthttp.sh source modes/webporthttps.sh source modes/stealth.sh source modes/airstrike.sh source modes/nuke.sh source modes/normal.sh exit 0