Sn1per Community Edition by @xer0dayz - https://xerosecurity.com

1N3 · Nov 12, 2018 · e7d933e · e7d933e
1 parent 2d96349
commit e7d933e
Show file tree

Hide file tree

Showing 10 changed files with 62 additions and 55 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,5 @@
 ## CHANGELOG:
+* v6.0 - Improved scan options for discover mode scans
 * v6.0 - Fixed issue with pip3 dependency package missing
 * v6.0 - Removed iceweasel from install.sh to fix apt error
 * v5.9 - Fixed issue with auto updates not notifying users of updates

diff --git a/modes/airstrike.sh b/modes/airstrike.sh
@@ -57,7 +57,6 @@ if [ "$MODE" = "airstrike" ]; then
       echo -e "$OKRED      |__|||  |     |---|---|||___|   |___-----|||||"
       echo -e "$OKRED  |  ||.  |   |       |     |||                |||||"
       echo -e "$OKRED __________________________________________________________"
-      echo -e "$OKRED Bomb raid (contributed by Michael aka SNOOPY@DRYCAS.CLUB.CC.CMU.EDU)"
       echo -e "$RESET"
       if [ ! -z "$WORKSPACE_DIR" ]; then
         echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt

diff --git a/modes/bruteforce.sh b/modes/bruteforce.sh
@@ -0,0 +1,16 @@
+if [ "$AUTOBRUTE" = "0" ]; then
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  echo -e "$OKRED SKIPPING BRUTE FORCE $RESET"
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+else
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  echo -e "$OKRED RUNNING BRUTE FORCE $RESET"
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  brutex $TARGET | tee $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null
+  sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null > $LOOT_DIR/credentials/brutex-$TARGET.txt 2> /dev/null
+  rm -f $LOOT_DIR/credentials/brutex-$TARGET
+  cd $INSTALL_DIR
+  rm -f hydra.restore
+  rm -f scan.log
+  echo ""
+fi
diff --git a/modes/discover.sh b/modes/discover.sh
@@ -6,7 +6,8 @@ if [ "$MODE" = "discover" ]; then
       LOOT_DIR=$INSTALL_DIR/loot/workspace/$WORKSPACE
       echo -e "$OKBLUE[*] Saving loot to $LOOT_DIR [$RESET${OKGREEN}OK${RESET}$OKBLUE]$RESET"
       mkdir -p $LOOT_DIR 2> /dev/null
-      mkdir $LOOT_DIR/domains 2> /dev/null
+      mkdir $LOOT_DIR/ips 2> /dev/null
+      mkdir $LOOT_DIR/ips 2> /dev/null
       mkdir $LOOT_DIR/screenshots 2> /dev/null
       mkdir $LOOT_DIR/nmap 2> /dev/null
       mkdir $LOOT_DIR/notes 2> /dev/null
@@ -20,7 +21,7 @@ if [ "$MODE" = "discover" ]; then
     exit
   fi
   echo -e "$OKRED                                                              ____ /\\"
-  echo -e "$OKRED   Sn1per by 1N3 @CrowdShield                                      \ \\"
+  echo -e "$OKRED   Sn1per by @xer0dayz @XeroSecurity                               \ \\"
   echo -e "$OKRED   https://xerosecurity.com                                         \ \\"
   echo -e "$OKRED                                                                ___ /  \\"
   echo -e "$OKRED                                                                    \   \\"
@@ -38,25 +39,27 @@ if [ "$MODE" = "discover" ]; then
   echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED RUNNING PING DISCOVERY SCAN $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
-  nmap -sP $TARGET | tee $LOOT_DIR/domains/sniper-$OUT_FILE-ping-ips.txt
-  cat $LOOT_DIR/domains/sniper-$OUT_FILE-ping-ips.txt | grep "scan report" | awk '{print $5}' > $LOOT_DIR/domains/sniper-$OUT_FILE-ping-ips-sorted.txt
+  nmap -sP $TARGET | tee $LOOT_DIR/ips/sniper-$OUT_FILE-ping.txt
+  cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping.txt 2> /dev/null | grep "scan report" | awk '{print $5}' > $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt
   echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED RUNNING TCP PORT SCAN $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
-  nmap -T4 -v -sC -sA -sV -F $TARGET 2>/dev/null | tee $LOOT_DIR/domains/sniper-$OUT_FILE-tcp-ports.txt 2>/dev/null 
-  cat $LOOT_DIR/domains/sniper-$OUT_FILE-tcp-ports.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/domains/sniper-$OUT_FILE-tcp-ips.txt
+  #nmap -T4 -v -sC -sA -sV -F $TARGET 2>/dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null 
+  nmap -T4 -v -p $QUICK_PORTS -sS $TARGET 2> /dev/null | tee $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt 2>/dev/null 
+  cat $LOOT_DIR/ips/sniper-$OUT_FILE-tcp.txt | grep open | grep on | awk '{print $6}' > $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt
   echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED CURRENT TARGETS $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
-  cat $LOOT_DIR/domains/sniper-$OUT_FILE-ping-ips-sorted.txt $LOOT_DIR/domains/sniper-$OUT_FILE-tcp-ips.txt > $LOOT_DIR/domains/sniper-$OUT_FILE-ips-unsorted.txt
-  sort -u $LOOT_DIR/domains/sniper-$OUT_FILE-ips-unsorted.txt > $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt
-  cat $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt
+  cat $LOOT_DIR/ips/sniper-$OUT_FILE-ping-sorted.txt $LOOT_DIR/ips/sniper-$OUT_FILE-tcpips.txt 2> /dev/null > $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt
+  sort -u $LOOT_DIR/ips/sniper-$OUT_FILE-ips-unsorted.txt > $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt
+  cat $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt
   echo ""
-  echo -e "$OKRED[+]$RESET Target list saved to $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt "
-  echo -e "$OKRED[i] To scan all IP's, use sniper -f $LOOT_DIR/domains/sniper-$OUT_FILE-ips.txt -m flyover, airstrike or nuke modes. $RESET"
+  echo -e "$OKRED[+]$RESET Target list saved to $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt "
+  echo -e "$OKRED[i] To scan all IP's, use sniper -f $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt -m flyover -w $WORKSPACE $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED SCAN COMPLETE! $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}"
-  loot
+  #loot
+  sniper -f $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt -m flyover -w $WORKSPACE
   exit
 fi
diff --git a/modes/flyover.sh b/modes/flyover.sh
@@ -87,17 +87,17 @@ if [ "$MODE" = "flyover" ]; then
     fi
   done
 
-  sort -u $LOOT_DIR/domains/targets.txt >> $LOOT_DIR/domains/domains-all-sorted.txt
+  sort -u $LOOT_DIR/domains/targets.txt 2>/dev/null >> $LOOT_DIR/domains/domains-all-sorted.txt
 
   sleep 20
-  rm -f $INSTALL_DIR/wget-log*
+  rm -f $INSTALL_DIR/wget-log* 2> /dev/null
   echo -e "$OKRED=====================================================================================$RESET"
 
   if [ "$LOOT" = "1" ]; then
     loot
     exit
   else
-    for HOST in `sort -u $LOOT_DIR/domains/domains-all-sorted.txt $LOOT_DIR/domains/targets-all-sorted.txt`; do
+    for HOST in `sort -u $LOOT_DIR/domains/domains-all-sorted.txt $LOOT_DIR/domains/targets-all-sorted.txt 2> /dev/null`; do
       TARGET="$HOST"
       echo -e "$OKRED=====================================================================================$RESET"
       echo -e "${OKBLUE}HOST:$RESET $TARGET"

diff --git a/modes/fullportonly.sh b/modes/fullportonly.sh
@@ -25,7 +25,8 @@ if [ "$MODE" = "fullportonly" ]; then
   logo
   echo "$TARGET" >> $LOOT_DIR/domains/targets.txt
   if [ -z "$PORT" ]; then
-    nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
+    #nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
+    nmap -vv -sT -O -A -T4 -oX $LOOT_DIR/nmap/nmap-$TARGET.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
     xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
     echo -e "${OKGREEN}====================================================================================${RESET}"
     echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"

diff --git a/modes/fullportscan.sh b/modes/fullportscan.sh
@@ -0,0 +1,16 @@
+if [ "$FULLNMAPSCAN" = "0" ]; then
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  echo -e "$OKRED SKIPPING FULL NMAP PORT SCAN $RESET"
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+else
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  echo -e "$OKRED RUNNING FULL PORT SCAN $RESET"
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  #nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
+  nmap -vv -sT -O -A -T4 -oX $LOOT_DIR/nmap/nmap-$TARGET.xml $TARGET | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
+  xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
+  echo -e "${OKGREEN}====================================================================================${RESET}"
+  nmap -Pn -sU -A -T4 -v -p$DEFAULT_UDP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml
+fi
diff --git a/modes/normal.sh b/modes/normal.sh
@@ -355,7 +355,9 @@ else
     echo -e "${OKGREEN}====================================================================================${RESET}"
     echo -e "$OKRED RUNNING INURLBR OSINT QUERIES $RESET"
     echo -e "${OKGREEN}====================================================================================${RESET}"
-    php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET.txt | tee $LOOT_DIR/osint/inurlbr-$TARGET.txt
+    php $INURLBR --dork "site:$TARGET" -s inurlbr-$TARGET | tee $LOOT_DIR/osint/inurlbr-$TARGET
+    sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/osint/inurlbr-$TARGET > $LOOT_DIR/osint/inurlbr-$TARGET.txt 2> /dev/null
+    rm -f $LOOT_DIR/osint/inurlbr-$TARGET
     rm -Rf output/ cookie.txt exploits.conf
     GHDB="1"
   fi
@@ -1203,40 +1205,9 @@ else
   ruby yasuo.rb -r $TARGET -b all | tee $LOOT_DIR/vulnerabilities/yasuo-$TARGET.txt 2> /dev/null
 fi
 
-cd $SNIPER_DIR
-
-if [ "$FULLNMAPSCAN" = "0" ]; then
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-  echo -e "$OKRED SKIPPING FULL NMAP PORT SCAN $RESET"
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-else
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-  echo -e "$OKRED RUNNING FULL PORT SCAN $RESET"
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-  nmap -Pn -A -v -T4 -p$DEFAULT_TCP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET.xml | tee $LOOT_DIR/nmap/nmap-$TARGET.txt
-  xsltproc $INSTALL_DIR/bin/nmap-bootstrap.xsl $LOOT_DIR/nmap/nmap-$TARGET.xml -o $LOOT_DIR/nmap/nmapreport-$TARGET.html 2> /dev/null
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-  echo -e "$OKRED PERFORMING UDP PORT SCAN $RESET"
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-  nmap -Pn -sU -A -T4 -v -p$DEFAULT_UDP_PORTS $TARGET -oX $LOOT_DIR/nmap/nmap-$TARGET-udp.xml
-fi
-
-if [ "$AUTOBRUTE" = "0" ]; then
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-  echo -e "$OKRED SKIPPING BRUTE FORCE $RESET"
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-else
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-  echo -e "$OKRED RUNNING BRUTE FORCE $RESET"
-  echo -e "${OKGREEN}====================================================================================${RESET}"
-  brutex $TARGET | tee $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null
-  sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/credentials/brutex-$TARGET > $LOOT_DIR/credentials/brutex-$TARGET.txt 2> /dev/null
-  rm -f $LOOT_DIR/credentials/brutex-$TARGET
-  cd $INSTALL_DIR
-  rm -f hydra.restore
-  rm -f scan.log
-  echo ""
-fi
+cd $INSTALL_DIR
+source modes/fullportscan.sh
+source modes/bruteforce.sh
 
 rm -f $LOOT_DIR/.fuse_* 2> /dev/null
 

diff --git a/modes/osint.sh b/modes/osint.sh
@@ -2,6 +2,6 @@ if [ "$OSINT" = "1" ]; then
 	echo -e "${OKGREEN}====================================================================================${RESET}"
 	echo -e "$OKRED GATHERING OSINT INFO $RESET"
 	echo -e "${OKGREEN}====================================================================================${RESET}"
-	python2.7 $THEHARVESTER -d $TARGET -l 100 -b all 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null
-	metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null
+	python2.7 $THEHARVESTER -d $TARGET -l 100 -b all 2> /dev/null | tee $LOOT_DIR/osint/theharvester-$TARGET.txt 2> /dev/null 
+	metagoofil -d $TARGET -t doc,pdf,xls,csv,txt -l 25 -n 25 -o $LOOT_DIR/osint/ -f $LOOT_DIR/osint/$TARGET.html 2> /dev/null | tee $LOOT_DIR/osint/metagoofil-$TARGET.txt 2> /dev/null 
 fi
diff --git a/modes/recon.sh b/modes/recon.sh
@@ -21,7 +21,7 @@ if [ "$RECON" = "1" ]; then
     echo -e "${OKGREEN}====================================================================================${RESET}"
     echo -e "$OKRED GATHERING DNS SUBDOMAINS VIA SUBFINDER $RESET"
     echo -e "${OKGREEN}====================================================================================${RESET}"
-    subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -w $DOMAINS_DEFAULT -d $TARGET 2>/dev/null
+    subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -b -d $TARGET 2>/dev/null
   fi
   echo -e "${OKGREEN}====================================================================================${RESET}"
   echo -e "$OKRED BRUTE FORCING DNS SUBDOMAINS VIA DNSCAN (THIS COULD TAKE A WHILE...) $RESET"