diff --git a/CHANGELOG.md b/CHANGELOG.md index 90123fca..faee4379 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,9 @@ ## CHANGELOG: +* v2.1c - Fixed issue with install.sh install directories +* v2.1b - Added automatic Metasploit NMap xml imports for loot directory +* v2.1b - Removed Zenmap +* v2.1a - Separated Arachni reports for port 80/443/tcp +* v2.1a - Fixed NMap full port scan options * v2.1 - Added Arachni with auto HTML web reporting (web mode only) * v2.1 - Added full NMap detailed port scans * v2.1 - Added port 4443/tcp checks @@ -115,4 +120,4 @@ * v1.4 - Removed debug output from goohak from displaying on console ## FUTURE: -* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.) \ No newline at end of file +* Add scan config options to enabled/disable certain scan tasks (ie. brute force, osint, web scans, etc.) diff --git a/install.sh b/install.sh index ce7fb71f..6450da90 100644 --- a/install.sh +++ b/install.sh @@ -19,12 +19,19 @@ echo -e "$OKORANGE + -- --=[http://crowdshield.com$RESET" echo "" INSTALL_DIR=/usr/share/sniper +LOOT_DIR=/usr/share/sniper/loot PLUGINS_DIR=/usr/share/sniper/plugins echo -e "$OKGREEN + -- --=[This script will install sniper under $INSTALL_DIR. Are you sure you want to continue?$RESET" read answer mkdir -p $INSTALL_DIR 2> /dev/null +mkdir -p $LOOT_DIR 2> /dev/null +mkdir $LOOT_DIR/domains 2> /dev/null +mkdir $LOOT_DIR/screenshots 2> /dev/null +mkdir $LOOT_DIR/nmap 2> /dev/null +mkdir $LOOT_DIR/reports 2> /dev/null +mkdir $LOOT_DIR/output 2> /dev/null cp -Rf $PWD/* $INSTALL_DIR cd $INSTALL_DIR @@ -38,7 +45,7 @@ gem install ruby-nmap net-http-persistent mechanize text-table echo -e "$OKORANGE + -- --=[Cleaning up old extensions...$RESET" rm -Rf Findsploit/ BruteX/ Goohak/ XSSTracer/ MassBleed/ SuperMicro-Password-Scanner/ CMSmap/ yasuo/ Sublist3r/ shocker/ jexboss/ serializekiller/ testssl.sh/ SimpleEmailSpoofer/ ssh-audit/ plugins/ 2> /dev/null -mkdir /usr/share/sniper/plugins/ +mkdir $PLUGINS_DIR cd $PLUGINS_DIR echo -e "$OKORANGE + -- --=[Downloading extensions...$RESET" diff --git a/sniper b/sniper index 87d159f2..7aef245a 100644 --- a/sniper +++ b/sniper @@ -83,7 +83,10 @@ function loot { rm -f $LOOT_DIR/.fuse_* 2> /dev/null echo -e "$OKORANGE + -- --=[Opening loot directory..." iceweasel $LOOT_DIR &> /dev/null & - zenmap -f $LOOT_DIR/nmap/ &> /dev/null & + /etc/init.d/metasploit start + msfconsole -x 'db_import $LOOT_DIR/nmap/nmap*.xml; hosts; services; exit;' + # zenmap -f $LOOT_DIR/nmap/ &> /dev/null & + /etc/init.d/metasploit stop echo -e "$OKORANGE + -- --=[Done!" } @@ -758,15 +761,12 @@ else echo "" python $CMSMAP -t http://$TARGET/wordpress/ echo "" - #echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET" - #uniscan -u http://$TARGET -qweds echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET" - mkdir -p $INSTALL_DIR/loot/web/$TARGET/ 2> /dev/null - arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET/ --output-only-positives http://$TARGET - cd $INSTALL_DIR/loot/web/$TARGET/ - arachni_reporter $INSTALL_DIR/loot/web/$TARGET/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET/arachni.zip - unzip $INSTALL_DIR/loot/web/$TARGET/arachni.zip - $ARACHNI="1" + mkdir -p $INSTALL_DIR/loot/web/$TARGET-http/ 2> /dev/null + arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET-http/ --output-only-positives http://$TARGET + cd $INSTALL_DIR/loot/web/$TARGET-http/ + arachni_reporter $INSTALL_DIR/loot/web/$TARGET-http/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET-http/arachni.zip + unzip $INSTALL_DIR/loot/web/$TARGET-http/arachni.zip cd $INSTALL_DIR echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET" sqlmap -u "http://$TARGET" --batch --crawl=5 --level 1 --risk 1 -f -a @@ -945,18 +945,16 @@ else echo "" python $CMSMAP -t https://$TARGET/wordpress/ echo "" - #echo -e "$OKGREEN + -- ----------------------------=[Running Uniscan Web Vulnerability Scan]=-- -- +$RESET" - #uniscan -u https://$TARGET -qweds if [ $ARACHNI == "1" ]; then echo -e "$OKGREEN + -- ----------------------------=[Skipping Arachni Scan]=------------------- -- +$RESET" else echo -e "$OKGREEN + -- ----------------------------=[Running Arachni Web Application Scan]=---- -- +$RESET" - mkdir -p $INSTALL_DIR/loot/web/$TARGET/ 2> /dev/null - arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET/ --output-only-positives https://$TARGET - cd $INSTALL_DIR/loot/web/$TARGET/ - arachni_reporter $INSTALL_DIR/loot/web/$TARGET/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET/arachni.zip - unzip $INSTALL_DIR/loot/web/$TARGET/arachni.zip + mkdir -p $INSTALL_DIR/loot/web/$TARGET-https/ 2> /dev/null + arachni --report-save-path=$INSTALL_DIR/loot/web/$TARGET-https/ --output-only-positives https://$TARGET + cd $INSTALL_DIR/loot/web/$TARGET-https/ + arachni_reporter $INSTALL_DIR/loot/web/$TARGET-https/*.afr --report=html:outfile=$INSTALL_DIR/loot/web/$TARGET-https/arachni.zip + unzip $INSTALL_DIR/loot/web/$TARGET-https/arachni.zip cd $INSTALL_DIR fi echo -e "$OKGREEN + -- ----------------------------=[Running SQLMap SQL Injection Scan]=------- -- +$RESET" @@ -1290,7 +1288,7 @@ if [ "$FULLNMAPSCAN" = "0" ]; then echo -e "$OKGREEN + -- ----------------------------=[Skipping Full NMap Port Scan]=------------ -- +$RESET" else echo -e "$OKGREEN + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +$RESET" - nmap -T5 -sV -sU -sT -A -O -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml + nmap -T4 -sV -O -v -p 1-65355 $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml fi if [ "$AUTOBRUTE" = "0" ]; then