Sn1per Community Edition by @xer0dayz - https://xerosecurity.com

CHANGELOG.md

@@ -1,4 +1,21 @@
 ## CHANGELOG:
+* v7.2 - Added experimental OpenVAS API integration
+* v7.2 - Improved Burpsuite 2.x API integration with vuln reporting
+* v7.2 - Added hunter.io API integration to recon mode scans
+* v7.2 - Added Cisco IKE Key Disclosure MSF exploit
+* v7.2 - Added JBoss MSF vuln scanner module
+* v7.2 - Added Apache CouchDB RCE MSF exploit
+* v7.2 - Added IBM Tivoli Endpoint Manager POST Query Buffer Overflow exploit
+* v7.2 - Added Java RMI MSF scanner
+* v7.2 - New scan mode "vulnscan"
+* v7.2 - New scan mode "massportscan"
+* v7.2 - New scan mode "massweb"
+* v7.2 - New scan mode "masswebscan"
+* v7.2 - New scan mode "massvulnscan"
+* v7.2 - Added additional Slack API notification settings
+* v7.2 - Improved NMap port detection and scan modes
+* v7.2 - Fixed issue with Censys API being enabled by default
+* v7.2 - Fixed verbose errors in subjack/subover tools
 * v7.2 - Fixed issue with NMap http scripts not working
 * v7.1 - Added KeepBlue CVE-2019-0708 MSF scanner
 * v7.1 - Added automatic workspace generation for single target scans

README.md

@@ -60,6 +60,7 @@ To obtain a Sn1per Professional license, go to https://xerosecurity.com.
 - [x] Create individual workspaces to store all scan output
 
 ## EXPLOITS:
+- [x] Cisco IKE PSK Disclosure
 - [x] Drupal RESTful Web Services unserialize() SA-CORE-2019-003
 - [x] Apache Struts: S2-057 (CVE-2018-11776): Security updates available for Apache Struts
 - [x] Drupal: CVE-2018-7600: Remote Code Execution - SA-CORE-2018-002 
@@ -72,6 +73,7 @@ To obtain a Sn1per Professional license, go to https://xerosecurity.com.
 - [x] Apache Struts Content-Type arbitrary command execution (CVE-2017-5638) 
 - [x] Microsoft IIS WebDav ScStoragePathFromUrl Overflow CVE-2017-7269
 - [x] ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability CVE-2015-8249
+- [x] MS15-034 HTTP.sys Memory Leak
 - [x] Shellshock Bash Shell remote code execution CVE-2014-6271
 - [x] HeartBleed OpenSSL Detection CVE-2014-0160
 - [x] MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) 
@@ -104,7 +106,7 @@ bash install.sh
 
 ## UBUNTU/DEBIAN/PARROT INSTALL:
 ```
-bash install_debian_ubuntu.sh
+sudo bash install_debian_ubuntu.sh
 ```
 
 ## DOCKER INSTALL:

modes/discover.sh

@@ -14,9 +14,9 @@ if [ "$MODE" = "discover" ]; then
       mkdir $LOOT_DIR/output 2> /dev/null
       mkdir $LOOT_DIR/scans 2> /dev/null
     fi
-    OUT_FILE=$(echo "$TARGET" | tr / -)
+    OUT_FILE="$(echo $TARGET | tr / -)"
     echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
-    echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$OUTFILE-$MODE.txt 2> /dev/null
+    echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$OUT_FILE-$MODE.txt 2> /dev/null
     if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
       /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
     fi
@@ -38,7 +38,7 @@ if [ "$MODE" = "discover" ]; then
   echo -e "$OKRED                                                              ____ / /"
   echo -e "$OKRED                                                                   \/$RESET"
   echo ""
-  OUT_FILE=$(echo "$TARGET" | tr / -)
+  OUT_FILE=$(echo $TARGET | tr / -)
   echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED RUNNING PING DISCOVERY SCAN $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
@@ -47,12 +47,17 @@ if [ "$MODE" = "discover" ]; then
   echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
-  nmap -T4 -v -p $QUICK_PORTS -sS $TARGET 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null 
+  nmap -v -p $QUICK_PORTS -sS $TARGET -Pn 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null 
   cat $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt
   echo -e "${OKGREEN}====================================================================================${RESET}"
+  echo -e "$OKRED RUNNING UDP PORT SCAN $RESET"
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  nmap -v -p $DEFAULT_UDP_PORTS -sU -Pn $TARGET 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-udp.txt 2>/dev/null 
+  cat $LOOT_DIR/ips/sniper-$OUT_FILE-udp.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/ips/sniper-$OUT_FILE-udpips.txt
+  echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED CURRENT TARGETS $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
-  cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt 2> /dev/null > $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt
+  cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt $LOOT_DIR/ips/sniper-$OUT_FILE-udpips.txt 2> /dev/null > $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt
   sort -u $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt > $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt
   cat $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt
   echo ""

modes/flyover.sh

@@ -64,7 +64,7 @@ if [ "$MODE" = "flyover" ]; then
       webtech -u http://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-http.txt 2> /dev/null &
       webtech -u https://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-https.txt 2> /dev/null &
 
-      nmap -sS -T5 --open -Pn -p $QUICK_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null & 
+      nmap -sS --open -Pn -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null & 
 
       cat $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" 2>/dev/null | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null & 2> /dev/null
 

modes/fullportonly.sh

@@ -32,29 +32,29 @@ if [ "$MODE" = "fullportonly" ]; then
     echo -e "${OKGREEN}====================================================================================${RESET}"
     echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
     echo -e "${OKGREEN}====================================================================================${RESET}"
-    nmap -vv -sT -sV -O -A -T4 --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
+    nmap -v -sV -A -O --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
     cp -f $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null
     sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
     rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
     xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
     echo -e "${OKGREEN}====================================================================================${RESET}"
     echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
     echo -e "${OKGREEN}====================================================================================${RESET}"
-    nmap -Pn -sU -sV -A -T4 -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml -p $DEFAULT_UDP_PORTS $TARGET 
+    nmap -Pn -sU -sV -A -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml -p $DEFAULT_UDP_PORTS $TARGET 
     sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
     rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null
   else
     echo -e "${OKGREEN}====================================================================================${RESET}"
     echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET"
     echo -e "${OKGREEN}====================================================================================${RESET}"
-    nmap -Pn -A -v -sV -T4 --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -oX $LOOT_DIR/nmap/nmap-$TARGET-tcp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
+    nmap -v -sV -A -O --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -oX $LOOT_DIR/nmap/nmap-$TARGET-tcp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
     sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
     rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
     xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
     echo -e "${OKGREEN}====================================================================================${RESET}"
     echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
     echo -e "${OKGREEN}====================================================================================${RESET}"
-    nmap -Pn -A -v -sV -T4 -sU --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -Pn -oX $LOOT_DIR/nmap/nmap-$TARGET-udp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp
+    nmap -Pn -A -v -sV -sU --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -Pn -oX $LOOT_DIR/nmap/nmap-$TARGET-udp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp
     sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
     rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null
   fi
@@ -66,6 +66,7 @@ if [ "$MODE" = "fullportonly" ]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt"
     /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt"
   fi
+
   if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
   fi

modes/fullportscan.sh

@@ -9,7 +9,7 @@ else
   if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
   fi
-  nmap -vv -sT -sV -O -A -T4 --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
+  nmap -v -sV -A -O --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET
   cp -f $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null
   sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null
   rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
@@ -20,7 +20,7 @@ else
   echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
-  nmap -Pn -sU -sV -A -T4 -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $DEFAULT_UDP_PORTS -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp
+  nmap -Pn -sU -sV -A -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $DEFAULT_UDP_PORTS -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp
   sed -r "s/</\&lh\;/g" $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null
   rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null
   if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then

modes/massportscan.sh

@@ -0,0 +1,71 @@
+# MASSWEB MODE #####################################################################################################
+if [ "$MODE" = "massportscan" ]; then
+  if [ -z "$FILE" ]; then
+    logo
+    echo "You need to specify a list of targets (ie. -f <targets.txt>) to scan."
+    exit
+  fi
+  if [ "$REPORT" = "1" ]; then
+    for a in `cat $FILE`;
+    do
+      if [ ! -z "$WORKSPACE" ]; then
+        args="$args -w $WORKSPACE"
+        WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
+        echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
+        mkdir -p $WORKSPACE_DIR 2> /dev/null
+        mkdir $WORKSPACE_DIR/domains 2> /dev/null
+        mkdir $WORKSPACE_DIR/screenshots 2> /dev/null
+        mkdir $WORKSPACE_DIR/nmap 2> /dev/null
+        mkdir $WORKSPACE_DIR/notes 2> /dev/null
+        mkdir $WORKSPACE_DIR/reports 2> /dev/null
+        mkdir $WORKSPACE_DIR/output 2> /dev/null
+      fi
+      args="$args -m fullportonly --noreport --noloot"
+      TARGET="$a"
+      args="$args -t $TARGET"
+      echo -e "$OKRED                                         |"
+      echo -e "$OKRED                  |                      |"
+      echo -e "$OKRED                  |                    -/_\-"
+      echo -e "$OKRED                -/_\-   ______________(/ . \)______________"
+      echo -e "$OKRED   ____________(/ . \)_____________    \___/     <>"
+      echo -e "$OKRED   <>           \___/      <>    <>"
+      echo -e "$OKRED "
+      echo -e "$OKRED      ||"
+      echo -e "$OKRED      <>"
+      echo -e "$OKRED                            ||"
+      echo -e "$OKRED                            <>"
+      echo -e "$OKRED                                       ||"
+      echo -e "$OKRED                                       ||            BIG"
+      echo -e "$OKRED        _____               __         <>      (^)))^ BOOM!"
+      echo -e "$OKRED  BOOM!/((  )\       BOOM!((  )))            (     ( )"
+      echo -e "$OKRED ---- (__()__))          (() ) ))           (  (  (   )"
+      echo -e "$OKRED     ||  |||____|------    \  (/   ___     (__\     /__)"
+      echo -e "$OKRED      |__|||  |     |---|---|||___|   |___-----|||||"
+      echo -e "$OKRED  |  ||.  |   |       |     |||                |||||"
+      echo -e "$OKRED      |__|||  |     |---|---|||___|   |___-----|||||"
+      echo -e "$OKRED  |  ||.  |   |       |     |||                |||||"
+      echo -e "$OKRED __________________________________________________________"
+      echo -e "$RESET"
+      if [ ! -z "$WORKSPACE_DIR" ]; then
+        echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
+        echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
+        if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
+          /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
+        fi
+        sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
+      else
+        echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
+        echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
+        sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
+      fi
+      args=""
+    done
+  fi
+  if [ "$LOOT" = "1" ]; then
+    loot
+  fi
+  if [ "$SLACK_NOTIFICATIONS" == "1" ]; then
+    /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
+  fi
+  exit
+fi