Skip to content

Commit

Permalink
Sn1per by 1N3@CrowdShield
Browse files Browse the repository at this point in the history
  • Loading branch information
1N3 committed Jul 4, 2018
1 parent 9f1560f commit 1bc50f5
Show file tree
Hide file tree
Showing 3 changed files with 6 additions and 10 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
## CHANGELOG:
* v5.1 - Fixed minor bugs with CloudHunter and SubOver tools not working
* v5.1 - Added dnscan to install.sh and updated sniper references which were broken
* v5.1 - Removed CloudHunter and SubOver references (CC. 爱上平顶山)
* v5.0 - Added Sn1per Pro reporting interface (see https://xerosecurity.com for more details)
* v5.0 - Added GPON Router RCE auto exploit
* v5.0 - Added Cloudapp.net Azure subdomain takeover check
Expand Down
2 changes: 2 additions & 0 deletions install.sh
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,8 @@ git clone https://github.com/deibit/cansina
git clone https://github.com/1N3/jexboss.git
git clone https://github.com/maurosoria/dirsearch.git
git clone https://github.com/jekyc/wig.git
git clone https://github.com/rbsec/dnscan.git
pip install -r $PLUGINS_DIR/dnscan/requirements.txt
mv $INSTALL_DIR/bin/slurp.zip $PLUGINS_DIR
unzip slurp.zip
rm -f slurp.zip
Expand Down
11 changes: 2 additions & 9 deletions sniper
Original file line number Diff line number Diff line change
Expand Up @@ -988,7 +988,7 @@ if [ "$MODE" = "stealth" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
python /pentest/recon/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
python $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-ips-$TARGET.txt
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET| awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
echo ""
Expand Down Expand Up @@ -1028,7 +1028,6 @@ if [ "$MODE" = "stealth" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done;
#cd $PLUGINS_DIR/SubOver/ && go subover.go -l $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/takeovers-$TARGET-subover.txt 2>/dev/null
cd $INSTALL_DIR
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED STARTING PUBLIC S3 BUCKET SCAN $RESET"
Expand Down Expand Up @@ -1444,7 +1443,7 @@ if [ "$RECON" = "1" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
python /pentest/recon/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-$TARGET-ips.txt
python $PLUGINS_DIR/dnscan/dnscan.py -d $TARGET -w $DOMAINS_FULL -o $LOOT_DIR/domains/domains-dnscan-$TARGET.txt -i $LOOT_DIR/domains/domains-$TARGET-ips.txt
cat $LOOT_DIR/domains/domains-dnscan-$TARGET.txt | grep $TARGET | awk '{print $3}' | sort -u >> $LOOT_DIR/domains/domains-$TARGET.txt 2> /dev/null
dos2unix $LOOT_DIR/domains/domains-$TARGET.txt 2>/dev/null
echo ""
Expand All @@ -1469,13 +1468,7 @@ if [ "$RECON" = "1" ]; then
echo -e "${OKGREEN}====================================================================================${RESET}"
dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null
for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i 'wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp' | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done;
#cd $PLUGINS_DIR/SubOver/ && go subover.go -l $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/takeovers-$TARGET-subover.txt 2>/dev/null
cd $INSTALL_DIR
#echo -e "${OKGREEN}====================================================================================${RESET}"
#echo -e "$OKRED CHECKING FOR S3 PUBLIC BUCKETS $RESET"
#echo -e "${OKGREEN}====================================================================================${RESET}"
#cloudhunter -d $a | tee $LOOT_DIR/nmap/takeovers-$TARGET-aws.txt 2>/dev/null
#cloudhunter -w $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/takeovers-$TARGET-aws-all.txt 2>/dev/null
echo -e "${OKGREEN}====================================================================================${RESET}"
echo -e "$OKRED CHECKING EMAIL SECURITY $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}"
Expand Down

0 comments on commit 1bc50f5

Please sign in to comment.