Skip to content

dokDork/SiteSniper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

60 Commits

engine

engine

 
 

images

images

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

common

common

 
 

siteSniper.sh

siteSniper.sh

 
 

Repository files navigation

SiteSniper

License

Description

SiteSniper is a script created to automate some phases of a blackbox penetration test. Once the target has been identified, many scripts are prepared which you can decide if and when to execute them simply by pressing ENTER. It uses tmux as terminal so it is necessary to know how to use it. The scripts concern the phase of:

  • weaponization: a series of scripts that could be used in the post-exploitation phase on the target machine are loaded onto the attacking Linux machine;
  • target fingerprint and exploitation: scripts to collect information on the target (information gathering, service information gathering, OSINT, etc) and scripts that help identify possible exploits;
  • web App Site fingerprint: script for analyze site structure, virtual host, etc;
  • web App Information gathering: script to implement google dork, CMS analysis, etc;
  • web App AuthN bypass: script to implement service brute force, command injection, webDAV analysis, etc. Once you select a phase, the script will prepare many tmux session with the precompiled command.

Example Usage

./siteSniper.sh eth0 https://www.example.com

select one of the penetration test PHASES you are interested in:

Once selected the PHASE, scripts will be generated using tmux as terminal. At this point you can select a specific SUB-PHASE using tmux commands:
(CTRL + b) w

once the SUB-PHASE has been selected you will be able to view the commands that have been pre-compiled to analyse the SUB-PHASE. At this point it is possible to selecet and execute a specific command just pressing ENTER:

When you need to change penetration test PHASE and return to main manu, you need to close the tmux session. To implement this action you need to use the tmux shortcut:
(CTRL + b) :kill-session

Command-line parameters

./siteSniper.sh <interface> <target url>
Parameter Description Example
interface network interface through which the target is reached eth0, wlan0, tun0, ...
target url Target URL you need to test http://www.example.com

How to install it on Kali Linux (or Debian distribution)

It's very simple

cd /opt

sudo git clone https://github.com/dokDork/red-team-penetration-test-script.git

About

bash script to automate the penetration test

Topics

bash osint penetration-testing recon bash-script automated-testing red-team information-gathering reconnaissance command-injection penetration-test scannin kali-linu

Resources

Readme

License

MIT license
Activity

Stars

7 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages