From e7d933efcbfb5899df547301073f2487b5aada57 Mon Sep 17 00:00:00 2001 From: WP Engine Marketing Date: Mon, 12 Nov 2018 12:00:05 -0700 Subject: [PATCH] Sn1per Community Edition by @xer0dayz - https://xerosecurity.com --- CHANGELOG.md | 1 + modes/airstrike.sh | 1 - modes/bruteforce.sh | 16 ++++++++++++++++ modes/discover.sh | 27 +++++++++++++++------------ modes/flyover.sh | 6 +++--- modes/fullportonly.sh | 3 ++- modes/fullportscan.sh | 16 ++++++++++++++++ modes/normal.sh | 41 ++++++----------------------------------- modes/osint.sh | 4 ++-- modes/recon.sh | 2 +- 10 files changed, 62 insertions(+), 55 deletions(-) create mode 100644 modes/bruteforce.sh create mode 100644 modes/fullportscan.sh diff --git a/CHANGELOG.md b/CHANGELOG.md index 7cda1a1e..260d3dd3 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ ## CHANGELOG: +* v6.0 - Improved scan options for discover mode scans * v6.0 - Fixed issue with pip3 dependency package missing * v6.0 - Removed iceweasel from install.sh to fix apt error * v5.9 - Fixed issue with auto updates not notifying users of updates diff --git a/modes/airstrike.sh b/modes/airstrike.sh index ab5f89a5..73f856af 100644 --- a/modes/airstrike.sh +++ b/modes/airstrike.sh @@ -57,7 +57,6 @@ if [ "$MODE" = "airstrike" ]; then echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" echo -e "$OKRED | ||. | | | ||| |||||" echo -e "$OKRED __________________________________________________________" - echo -e "$OKRED Bomb raid (contributed by Michael aka SNOOPY@DRYCAS.CLUB.CC.CMU.EDU)" echo -e "$RESET" if [ ! -z "$WORKSPACE_DIR" ]; then echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt diff --git a/modes/bruteforce.sh b/modes/bruteforce.sh new file mode 100644 index 00000000..cc298b20 --- /dev/null +++ b/modes/bruteforce.sh @@ -0,0 +1,16 @@ +if [ "$AUTOBRUTE" = "0" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED SKIPPING BRUTE FORCE $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" +else + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING BRUTE FORCE $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + brutex $TARGET | tee $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null > $LOOT_DIR/credentials/brutex-$TARGET.txt 2> /dev/null + rm -f $LOOT_DIR/credentials/brutex-$TARGET + cd $INSTALL_DIR + rm -f hydra.restore + rm -f scan.log + echo "" +fi \ No newline at end of file diff --git a/modes/discover.sh b/modes/discover.sh index 6d736ae0..ea6691d2 100644 --- a/modes/discover.sh +++ b/modes/discover.sh @@ -6,7 +6,8 @@ if [ "$MODE" = "discover" ]; then LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" mkdir -p $LOOT_DIR 2> /dev/null - mkdir $LOOT_DIR/domains 2> /dev/null + mkdir $LOOT_DIR/ips 2> /dev/null + mkdir $LOOT_DIR/ips 2> /dev/null mkdir $LOOT_DIR/screenshots 2> /dev/null mkdir $LOOT_DIR/nmap 2> /dev/null mkdir $LOOT_DIR/notes 2> /dev/null @@ -20,7 +21,7 @@ if [ "$MODE" = "discover" ]; then exit fi echo -e "$OKRED ____ /\\" - echo -e "$OKRED Sn1per by 1N3 @CrowdShield \ \\" + echo -e "$OKRED Sn1per by @xer0dayz @XeroSecurity \ \\" echo -e "$OKRED https://xerosecurity.com \ \\" echo -e "$OKRED ___ / \\" echo -e "$OKRED \ \\" @@ -38,25 +39,27 @@ if [ "$MODE" = "discover" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING PING DISCOVERY SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -sP $TARGET | tee $LOOT_DIR/domains/sniper-$OUT_FILE-ping-ips.txt - cat $LOOT_DIR/domains/sniper-$OUT_FILE-ping-ips.txt | grep "scan report" | awk '{print $5}' > $LOOT_DIR/domains/sniper-$OUT_FILE-ping-ips-sorted.txt + nmap -sP $TARGET | tee $LOOT_DIR/ips/sniper-$OUT_FILE-ping.txt + cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping.txt 2> /dev/null | grep "scan report" | awk '{print $5}' > $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING TCP PORT SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -T4 -v -sC -sA -sV -F $TARGET 2>/dev/null | tee $LOOT_DIR/domains/sniper-$OUT_FILE-tcp-ports.txt 2>/dev/null - cat $LOOT_DIR/domains/sniper-$OUT_FILE-tcp-ports.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/domains/sniper-$OUT_FILE-tcp-ips.txt + #nmap -T4 -v -sC -sA -sV -F $TARGET 2>/dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null + nmap -T4 -v -p $QUICK_PORTS -sS $TARGET 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null + cat $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED CURRENT TARGETS $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - cat $LOOT_DIR/domains/sniper-$OUT_FILE-ping-ips-sorted.txt $LOOT_DIR/domains/sniper-$OUT_FILE-tcp-ips.txt > $LOOT_DIR/domains/sniper-$OUT_FILE-ips-unsorted.txt - sort -u $LOOT_DIR/domains/sniper-$OUT_FILE-ips-unsorted.txt > $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt - cat $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt + cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt 2> /dev/null > $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt + sort -u $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt > $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt + cat $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt echo "" - echo -e "$OKRED[+]$RESET Target list saved to $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt " - echo -e "$OKRED[i] To scan all IP's, use sniper -f $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt -m flyover, airstrike or nuke modes. $RESET" + echo -e "$OKRED[+]$RESET Target list saved to $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt " + echo -e "$OKRED[i] To scan all IP's, use sniper -f $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt -m flyover -w $WORKSPACE $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED SCAN COMPLETE! $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - loot + #loot + sniper -f $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt -m flyover -w $WORKSPACE exit fi \ No newline at end of file diff --git a/modes/flyover.sh b/modes/flyover.sh index 23badd9f..c4072f38 100644 --- a/modes/flyover.sh +++ b/modes/flyover.sh @@ -87,17 +87,17 @@ if [ "$MODE" = "flyover" ]; then fi done - sort -u $LOOT_DIR/domains/targets.txt >> $LOOT_DIR/domains/domains-all-sorted.txt + sort -u $LOOT_DIR/domains/targets.txt 2>/dev/null >> $LOOT_DIR/domains/domains-all-sorted.txt sleep 20 - rm -f $INSTALL_DIR/wget-log* + rm -f $INSTALL_DIR/wget-log* 2> /dev/null echo -e "$OKRED=====================================================================================$RESET" if [ "$LOOT" = "1" ]; then loot exit else - for HOST in `sort -u $LOOT_DIR/domains/domains-all-sorted.txt $LOOT_DIR/domains/targets-all-sorted.txt`; do + for HOST in `sort -u $LOOT_DIR/domains/domains-all-sorted.txt $LOOT_DIR/domains/targets-all-sorted.txt 2> /dev/null`; do TARGET="$HOST" echo -e "$OKRED=====================================================================================$RESET" echo -e "${OKBLUE}HOST:$RESET $TARGET" diff --git a/modes/fullportonly.sh b/modes/fullportonly.sh index 5fe86087..4795f971 100644 --- a/modes/fullportonly.sh +++ b/modes/fullportonly.sh @@ -25,7 +25,8 @@ if [ "$MODE" = "fullportonly" ]; then logo echo "$TARGET" >> $LOOT_DIR/domains/targets.txt if [ -z "$PORT" ]; then - nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt + #nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt + nmap -vv -sT -O -A -T4 -oX $LOOT_DIR/nmap/nmap-$TARGET.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET.txt xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET" diff --git a/modes/fullportscan.sh b/modes/fullportscan.sh new file mode 100644 index 00000000..52f69059 --- /dev/null +++ b/modes/fullportscan.sh @@ -0,0 +1,16 @@ +if [ "$FULLNMAPSCAN" = "0" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED SKIPPING FULL NMAP PORT SCAN $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" +else + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING FULL PORT SCAN $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + #nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt + nmap -vv -sT -O -A -T4 -oX $LOOT_DIR/nmap/nmap-$TARGET.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET.txt + xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + nmap -Pn -sU -A -T4 -v -p$DEFAULT_UDP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml +fi \ No newline at end of file diff --git a/modes/normal.sh b/modes/normal.sh index 0c2521e9..4f6bb587 100644 --- a/modes/normal.sh +++ b/modes/normal.sh @@ -355,7 +355,9 @@ else echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING INURLBR OSINT QUERIES $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET.txt | tee $LOOT_DIR/osint/inurlbr-$TARGET.txt + php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET | tee $LOOT_DIR/osint/inurlbr-$TARGET + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/osint/inurlbr-$TARGET > $LOOT_DIR/osint/inurlbr-$TARGET.txt 2> /dev/null + rm -f $LOOT_DIR/osint/inurlbr-$TARGET rm -Rf output/ cookie.txt exploits.conf GHDB="1" fi @@ -1203,40 +1205,9 @@ else ruby yasuo.rb -r $TARGET -b all | tee $LOOT_DIR/vulnerabilities/yasuo-$TARGET.txt 2> /dev/null fi -cd $SNIPER_DIR - -if [ "$FULLNMAPSCAN" = "0" ]; then - echo -e "${OKGREEN}====================================================================================${RESET}" - echo -e "$OKRED SKIPPING FULL NMAP PORT SCAN $RESET" - echo -e "${OKGREEN}====================================================================================${RESET}" -else - echo -e "${OKGREEN}====================================================================================${RESET}" - echo -e "$OKRED RUNNING FULL PORT SCAN $RESET" - echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt - xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null - echo -e "${OKGREEN}====================================================================================${RESET}" - echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET" - echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -Pn -sU -A -T4 -v -p$DEFAULT_UDP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml -fi - -if [ "$AUTOBRUTE" = "0" ]; then - echo -e "${OKGREEN}====================================================================================${RESET}" - echo -e "$OKRED SKIPPING BRUTE FORCE $RESET" - echo -e "${OKGREEN}====================================================================================${RESET}" -else - echo -e "${OKGREEN}====================================================================================${RESET}" - echo -e "$OKRED RUNNING BRUTE FORCE $RESET" - echo -e "${OKGREEN}====================================================================================${RESET}" - brutex $TARGET | tee $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null - sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/credentials/brutex-$TARGET > $LOOT_DIR/credentials/brutex-$TARGET.txt 2> /dev/null - rm -f $LOOT_DIR/credentials/brutex-$TARGET - cd $INSTALL_DIR - rm -f hydra.restore - rm -f scan.log - echo "" -fi +cd $INSTALL_DIR +source modes/fullportscan.sh +source modes/bruteforce.sh rm -f $LOOT_DIR/.fuse_* 2> /dev/null diff --git a/modes/osint.sh b/modes/osint.sh index 1d3561f9..2172d4f9 100644 --- a/modes/osint.sh +++ b/modes/osint.sh @@ -2,6 +2,6 @@ if [ "$OSINT" = "1" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED GATHERING OSINT INFO $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - python2.7 $THEHARVESTER -d $TARGET -l 100 -b all 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null - metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null + python2.7 $THEHARVESTER -d $TARGET -l 100 -b all 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null + metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null fi \ No newline at end of file diff --git a/modes/recon.sh b/modes/recon.sh index f2b44f1f..65474bfb 100644 --- a/modes/recon.sh +++ b/modes/recon.sh @@ -21,7 +21,7 @@ if [ "$RECON" = "1" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBFINDER $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -w $DOMAINS_DEFAULT -d $TARGET 2>/dev/null + subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET 2>/dev/null fi echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"