sniper.conf

INSTALL_DIR="/usr/share/sniper"
SNIPER_PRO=$INSTALL_DIR/pro.sh
PLUGINS_DIR="$INSTALL_DIR/plugins"

# COLORS
OKBLUE='\033[94m'
OKRED='\033[91m'
OKGREEN='\033[92m'
OKORANGE='\033[93m'
RESET='\e[0m'
REGEX='^[0-9]+$'

# AUX MODE OVERRIDE
# AUTO_BRUTE="0"
# FULLNMAPSCAN="0"
# OSINT="0"
VULNSCAN="0"

# DEFAULT SETTINGS
ENABLE_AUTO_UPDATES="1"
REPORT="1"
LOOT="1"

# OUT OF SCOPE
OUT_OF_SCOPE=("www.sn1persecurity.com" "sn1persecurity.com" "*.sn1persecurity.com")

# SN1PER PROFESSIONAL SETTINGS
SNIPER_PRO_CONSOLE_OUTPUT="0"
SN1PER_AUTOLOAD="0"
MAX_HOSTS="2000"

# DEFAULT BROWSER
BROWSER="firefox"

# BURP 2.0 SCANNER CONFIG
BURP_HOST="127.0.0.1"
BURP_PORT="1338"

# OPENVAS CONFIG
OPENVAS="0"
OPENVAS_HOST="127.0.0.1"
OPENVAS_PORT="9390"
OPENVAS_USERNAME="admin"
OPENVAS_PASSWORD=""
OPENVAS_RUNAS_USER="kali"

# NESSUS CONFIG
NESSUS="0"
NESSUS_HOST="127.0.0.1:8834"
NESSUS_USERNAME="admin"
NESSUS_PASSWORD=""
NESSUS_POLICY_ID="c3cbcd46-329f-a9ed-1077-554f8c2af33d0d44f09d736969bf"

# METASPLOIT SCANNER CONFIG
METASPLOIT_IMPORT="0"
MSF_LHOST="127.0.0.1"
MSF_LPORT="4444"

# SHODAN API KEY
SHODAN_API_KEY=""

# CENSYS API KEYS
CENSYS_APP_ID=""
CENSYS_API_SECRET=""

# HUNTER.IO API KEY
HUNTERIO_KEY=""

# TOMBA.IO API
TOMBAIO_KEY=""
TOMBAIO_SECRET=""

# GITHUB API KEY
GITHUB_API_KEY=""

# WPSCAN API KEY
WP_API_KEY=""

# SLACK API
SLACK_NOTIFICATIONS="0"
SLACK_NOTIFICATIONS_THEHARVESTER="0"
SLACK_NOTIFICATIONS_EMAIL_SECURITY="0"
SLACK_NOTIFICATIONS_DOMAINS_NEW="0"
SLACK_NOTIFICATIONS_TAKEOVERS_NEW="0"
SLACK_NOTIFICATIONS_SUBOVER_NEW="0"
SLACK_NOTIFICATIONS_SUBJACK_NEW="0"
SLACK_NOTIFICATIONS_S3_BUCKETS="0"
SLACK_NOTIFICATIONS_SUBNETS="0"
SLACK_NOTIFICATIONS_DIRSEARCH_NEW="0"
SLACK_NOTIFICATIONS_SPIDER_NEW="0"
SLACK_NOTIFICATIONS_WHATWEB="0"
SLACK_NOTIFICATIONS_NMAP="0"
SLACK_NOTIFICATIONS_NMAP_DIFF="0"
SLACK_NOTIFICATIONS_BRUTEFORCE="0"
SLACK_NOTIFICATIONS_WHOIS="0"
SLACK_NOTIFICATIONS_METAGOOFIL="0"
SLACK_NOTIFICATIONS_ARACHNI_SCAN="0"
SLACK_NOTIFICATIONS_EMAIL_FORMAT="0"

# ACTIVE WEB BRUTE FORCE STAGES
WEB_BRUTE_STEALTHSCAN="1"
WEB_BRUTE_COMMONSCAN="1"
WEB_BRUTE_FULLSCAN="0"
WEB_BRUTE_EXPLOITSCAN="0"
WEB_JAVASCRIPT_ANALYSIS="1"
MAX_JAVASCRIPT_FILES="25"

# WEB BRUTE FORCE WORDLISTS
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
WEB_BRUTE_COMMON="$INSTALL_DIR/wordlists/web-brute-common.txt"
WEB_BRUTE_FULL="$INSTALL_DIR/wordlists/web-brute-full.txt"
WEB_BRUTE_EXPLOITS="$INSTALL_DIR/wordlists/web-brute-exploits.txt"
WEB_BRUTE_EXTENSIONS="htm,html,asp,aspx,php,jsp,js"
WEB_BRUTE_EXCLUDE_CODES="400,403,404,405,406,429,500,502,503,504"

# GREP PATTERNS
STATIC_GREP_SEARCH="1"
GREP_MAX_LINES="10"
GREP_INTERESTING_SUBDOMAINS="admin|jenkins|test|proxy|stage|test|dev|devops|staff|db|qa|internal"
GREP_EXTENSIONS="\.action|\.adr|\.ascx|\.asmx|\.axd|\.backup|\.bak|\.bkf|\.bkp|\.bok|\.achee|\.cfg|\.cfm|\.cgi|\.cnf|\.conf|\.config|\.crt|\.csr|\.csv|\.dat|\.doc|\.docx|\.eml|\.env|\.exe|\.gz|\.ica|\.inf|\.ini|\.java|\.json|\.key|\.log|\.lst|\.mai|\.mbox|\.mbx|\.md|\.mdb|\.nsf|\.old|\.ora|\.pac|\.passwd|\.pcf|\.pdf|\.pem|\.pgp|\.pl| plist|\.pwd|\.rdp|\.reg|\.rtf|\.skr|\.sql|\.swf|\.tpl|\.txt|\.url|\.wml|\.xls|\.xlsx|\.xml|\.xsd|\.yml"
GREP_PARAMETERS="template=|preview=|id=|view=|activity=|name=|content=|redirect=|(&|[?])access(&|=)|(&|[?])admin(&|=)|(&|[?])dbg(&|=)|(&|[?])debug(&|=)|(&|[?])edit(&|=)|(&|[?])grant(&|=)|(&|[?])test(&|=)|(&|[?])alter(&|=)|(&|[?])clone(&|=)|(&|[?])create(&|=)|(&|[?])delete(&|=)|(&|[?])disable(&|=)|(&|[?])enable(&|=)|(&|[?])exec(&|=)|(&|[?])execute(&|=)|(&|[?])load(&|=)|(&|[?])make(&|=)|(&|[?])modify(&|=)|(&|[?])rename(&|=)|(&|[?])reset(&|=)|(&|[?])shell(&|=)|(&|[?])toggle(&|=)|(&|[?])adm(&|=)|(&|[?])root(&|=)|(&|[?])cfg(&|=)|(&|[?])dest(&|=)|(&|[?])redirect(&|=)|(&|[?])uri(&|=)|(&|[?])path(&|=)|(&|[?])continue(&|=)|(&|[?])url(&|=)|(&|[?])window(&|=)|(&|[?])next(&|=)|(&|[?])data(&|=)|(&|[?])reference(&|=)|(&|[?])site(&|=)|(&|[?])html(&|=)|(&|[?])val(&|=)|(&|[?])validate(&|=)|(&|[?])domain(&|=)|(&|[?])callback(&|=)|(&|[?])return(&|=)|(&|[?])feed(&|=)|(&|[?])host(&|=)|(&|[?])port(&|=)|(&|[?])to(&|=)|(&|[?])out(&|=)|(&|[?])view(&|=)|(&|[?])dir(&|=)|(&|[?])show(&|=)|(&|[?])navigation(&|=)|(&|[?])open(&|=)|(&|[?])file(&|=)|(&|[?])document(&|=)|(&|[?])folder(&|=)|(&|[?])pg(&|=)|(&|[?])php_path(&|=)|(&|[?])style(&|=)|(&|[?])doc(&|=)|(&|[?])img(&|=)|(&|[?])filename(&|=)|id=|select=|report=|role=|update=|query=|user=|name=|sort=|where=|search=|params=|process=|row=|view=|table=|from=|sel=|results=|sleep=|fetch=|order=|keyword=|column=|field=|delete=|string=|number=|filter=|(&|[?])callback=|(&|[?])cgi-bin/redirect.cgi|(&|[?])checkout=|(&|[?])checkout_url=|(&|[?])continue=|(&|[?])data=|(&|[?])dest=|(&|[?])destination=|(&|[?])dir=|(&|[?])domain=|(&|[?])feed=|(&|[?])file=|(&|[?])file_name=|(&|[?])file_url=|(&|[?])folder=|(&|[?])folder_url=|(&|[?])forward=|(&|[?])from_url=|(&|[?])go=|(&|[?])goto=|(&|[?])host=|(&|[?])html=|(&|[?])image_url=|(&|[?])img_url=|(&|[?])load_file=|(&|[?])load_url=|(&|[?])login_url=|(&|[?])logout=|(&|[?])navigation=|(&|[?])next=|(&|[?])next_page=|(&|[?])Open=|(&|[?])out=|(&|[?])page_url=|(&|[?])path=|(&|[?])port=|(&|[?])redir=|(&|[?])redirect=|(&|[?])redirect_to=|(&|[?])redirect_uri=|(&|[?])redirect_url=|(&|[?])reference=|(&|[?])return=|(&|[?])return_path=|(&|[?])return_to=|(&|[?])returnTo=|(&|[?])return_url=|(&|[?])rt=|(&|[?])rurl=|(&|[?])show=|(&|[?])site=|(&|[?])target=|(&|[?])to=|(&|[?])uri=|(&|[?])url=|(&|[?])val=|(&|[?])validate=|(&|[?])view=|(&|[?])window=|daemon=|upload=|dir=|execute=|download=|log=|ip=|cli=|cmd=|file=|document=|folder=|root=|path=|pg=|style=|pdf=|template=|php_path=|doc=|page=|name=|id=|user=|account=|number=|order=|no=|doc=|key=|email=|group=|profile=|edit=|report=|access=|admin=|dbg=|debug=|edit=|grant=|test=|alter=|clone=|create=|delete=|disable=|enable=|exec=|execute=|load=|make=|modify=|rename=|reset=|shell=|toggle=|adm=|root=|cfg=|config="
GREP_XSS="q=|s=|search=|lang=|keyword=|query=|page=|keywords=|year=|view=|email=|type=|name=|p=|callback=|jsonp=|api_key=|api=|password=|email=|emailto=|token=|username=|csrf_token=|unsubscribe_token=|id=|item=|page_id=|month=|immagine=|list_type=|url=|terms=|categoryid=|key=|l=|begindate=|enddate="
GREP_SSRF="access|admin|dbg|debug|edit|grant|test|alter|clone|create|delete|disable|enable|exec|execute|load|make|modify|rename|reset|shell|toggle|adm|root|cfg|dest|redirect|uri|path|continue|url|window|next|data|reference|site|html|val|validate|domain|callback|return|page|feed|host|port|to|out|view|dir|show|navigation|open"
GREP_REDIRECT="forward=|dest=|redirect=|uri=|path=|continue=|url=|window=|to=|out=|view=|dir=|show=|navigation=|Open=|file=|val=|validate=|domain=|callback=|return=|page=|feed=|host=|port=|next=|data=|reference=|site=|html="
GREP_RCE="daemon|upload|dir|execute|download|log|ip|cli|cmd"
GREP_IDOR="id|user|account|number|order|no|doc|key|email|group|profile|edit|report"
GREP_SQL="id|select|report|role|update|query|user|name|sort|where|search|params|process|row|view|table|from|sel|results|sleep|fetch|order|keyword|column|field|delete|string|number|filter"
GREP_LFI="file|document|folder|root|path|pg|style|pdf|template|php_path|doc"
GREP_SSTI="template|preview|id|view|activity|name|content|redirect"
GREP_DEBUG="access|admin|dbg|debug|edit|grant|test|alter|clone|create|delete|disable|enable|exec|execute|load|make|modify|rename|reset|shell|toggle|adm|root|cfg|config"

# DOMAIN WORDLISTS
DOMAINS_QUICK="$INSTALL_DIR/wordlists/domains-quick.txt"
DOMAINS_DEFAULT="$INSTALL_DIR/wordlists/domains-default.txt"
# DOMAINS_FULL="$INSTALL_DIR/wordlists/domains-all.txt"

# DEFAULT USER/PASS WORDLISTS
USER_FILE="/usr/share/brutex/wordlists/simple-users.txt"
PASS_FILE="/usr/share/brutex/wordlists/password.lst"
DNS_FILE="/usr/share/brutex/wordlists/namelist.txt"

# TOOL DIRECTORIES
SAMRDUMP="$INSTALL_DIR/bin/samrdump.py"
INURLBR="$INSTALL_DIR/bin/inurlbr.php"

# FLYOVER MODE TUNING
FLYOVER_MAX_HOSTS="5"
FLYOVER_DELAY="10"

# NMAP OPTIONS
NMAP_OPTIONS="--script-args http.useragent='' --open"

# NMAP PORT CONFIGURATIONS
QUICK_PORTS="21,22,80,443,8000,8080,8443"
DEFAULT_PORTS="10000,1099,110,111,123,135,137,139,1433,1524,161,162,16992,2049,21,2121,2181,22,23,25,264,27017,27018,27019,28017,3128,3306,3310,3389,3632,389,443,4443,445,49152,49180,500,512,513,514,53,5432,5555,5800,5900,5984,623,624,6667,67,68,69,7001,79,80,8000,8001,8080,8180,8443,8888,9200,9495"
FULL_PORTSCAN_PORTS="T:1-65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:500,U:520,U:2049"
THREADS="100"

# NETWORK PLUGINS
NMAP_SCRIPTS="1"
METASPLOIT_EXPLOIT="1"
MSF_LEGACY_WEB_EXPLOITS="0"
SSH_AUDIT="1"
SSH_ENUM="1"
LIBSSH_BYPASS="1"
SMTP_USER_ENUM="1"
FINGER_TOOL="1"
SHOW_MOUNT="1"
RPC_INFO="1"
SMB_ENUM="1"
AMAP="0"

# OSINT PLUGINS
WHOIS="1"
GOOHAK="1"
INURLBR="1"
THEHARVESTER="1"
METAGOOFIL="1"
HUNTERIO="0"
TOMBAIO="0"
INTODNS="1"
EMAILFORMAT="1"
ULTRATOOLS="1"
URLCRAZY="1"
VHOSTS="0"
H8MAIL="0"
GITHUB_SECRETS="0"
URLSCANIO="1"

# DYNAMIC APPLICATION SCANNERS
BURP_SCAN="0"
ARACHNI_SCAN="0"
ZAP_SCAN="0"

# ACTIVE WEB PLUGINS
SC0PE_VULNERABLITY_SCANNER="1"
NUCLEI="1"
DIRSEARCH="1"
GOBUSTER="0"
NIKTO="0"
BLACKWIDOW="1"
INJECTX="1"
CLUSTERD="0"
WPSCAN="0"
CMSMAP="0"
WAFWOOF="1"
WHATWEB="1"
WIG="0"
SHOCKER="0"
JEXBOSS="0"
WEBTECH="1"
SSL_INSECURE="1"
HTTP_PROBE="0"
SMUGGLER="1"

# PASSIVE WEB PLUGINS
WAYBACKMACHINE="1"
SSL="1"
PASSIVE_SPIDER="1"
GAU="1"
HACKERTARGET="1"
CUTYCAPT="0"
WEBSCREENSHOT="1"

# EMAIL PLUGINS
SPOOF_CHECK="1"

# RECON PLUGINS
SUBHIJACK_CHECK="0"
AQUATONE="0"
SLURP="0"
SUBLIST3R="0"
AMASS="0"
SUBFINDER="0"
DNSCAN="0"
CRTSH="1"
SUBOVER="0"
PROJECT_SONAR="1"
CENSYS_SUBDOMAINS="0"
SUBNET_RETRIEVAL="1"
SUBJACK="0"
ALT_DNS="0"
MASS_DNS="0"
DNSGEN="0"
SHODAN="0"
ASN_CHECK="1"
SPYSE="0"
SUBBRUTE_DNS="0"
GITHUB_SUBDOMAINS="0"
RAPIDDNS="1"
SCAN_ALL_DISCOVERED_DOMAINS="0"