From fc22d62d7a2dbfb88bc152da6f8e57baac984af0 Mon Sep 17 00:00:00 2001 From: root Date: Tue, 12 Jul 2016 08:58:38 -0700 Subject: [PATCH] Sn1per by 1N3 @CrowdShield --- README.md | 1 + sniper | 6 +++--- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 46f7ee27..fbe6ab96 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,7 @@ https://gist.github.com/1N3/8214ec2da2c91691bcbc ``` ## CHANGELOG: +* v1.8a - Updated sub-domain hijack list of domains (CC: th3gundy) * v1.8 - Added sub-domain hijack scans for all sub-domains * v1.8 - Added auto explort of all sub-domains to /domains directory * v1.8 - Added additional stealth and airstrike checks for port 80 and 443 diff --git a/sniper b/sniper index 518d454c..56408070 100644 --- a/sniper +++ b/sniper @@ -226,7 +226,7 @@ if [ "$MODE" = "stealth" ]; then python Sublist3r/sublist3r.py -d $TARGET -vvv -o loot/domains/domains-$TARGET.txt 2>/dev/null dos2unix loot/domains/domains-$TARGET.txt 2>/dev/null echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET" - for a in `cat loot/domains/domains-$TARGET.txt`; do dig $a CNAME | egrep -i "heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr" 2>/dev/null; done; + for a in `cat loot/domains/domains-$TARGET.txt`; do dig $a CNAME | egrep -i "heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot" 2>/dev/null; done; echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET" python SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null fi @@ -323,7 +323,7 @@ if [ "$MODE" = "airstrike" ]; then python Sublist3r/sublist3r.py -d $a -vvv -o loot/domains/domains-$a.txt 2>/dev/null dos2unix loot/domains/domains-$a.txt 2>/dev/null echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET" - for b in `cat loot/domains/domains-$a.txt`; do dig $b CNAME | egrep -i 'heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr' 2>/dev/null; done; + for b in `cat loot/domains/domains-$a.txt`; do dig $b CNAME | egrep -i 'heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done; echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET" python SimpleEmailSpoofer/spoofcheck.py $a 2>/dev/null fi @@ -446,7 +446,7 @@ then python Sublist3r/sublist3r.py -d $TARGET -vvv -o loot/domains/domains-$TARGET.txt 2>/dev/null dos2unix loot/domains/domains-$TARGET.txt 2>/dev/null echo -e "$OKGREEN + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +$RESET" - for a in `cat loot/domains/domains-$TARGET.txt`; do dig $a CNAME | egrep -i 'heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr' 2>/dev/null; done; + for a in `cat loot/domains/domains-$TARGET.txt`; do dig $a CNAME | egrep -i 'heroku|github|bitbucket|squarespace|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign monitor|cargocollective|statuspage|tumblr|amazonaws|hubspot' 2>/dev/null; done; echo -e "$OKGREEN + -- ----------------------------=[Checking Email Security]=----------------- -- +$RESET" python SimpleEmailSpoofer/spoofcheck.py $TARGET 2>/dev/null fi