* v8.9 - Tuned sniper.conf around performance for all scans and recon…

… modes

* v8.9 - Added out of scope options to config
* v8.9 - Added automatic HTTP/HTTPS web scans and vulnerability scans to 'normal' mode
* v8.9 - Added SolarWinds Orion Panel Default Credentials sc0pe template
* v8.9 - Added SolarWinds Orion Panel sc0pe template
* v8.9 - Fixed issue with theHarvester not running on Kali 2020.4
* v8.9 - Added WPScan API support
* v8.9 - Added CVE-2020-8209 - XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template
* v8.9 - Added CVE-2020-8209 - XenMobile-Citrix Endpoint Management Path Traversal sc0pe template
* v8.9 - Removed verbose error for chromium on Ubuntu
* v8.9 - Added CVE-2020-8209 - Citrix XenMobile Server Path Traversal sc0pe template
* v8.9 - Fixed F+ in CSP Not Enforced sc0pe template
* v8.9 - Added CVE-2020-14815 - Oracle Business Intelligence Enterprise DOM XSS sc0pe template
* v8.9 - Fixed issue with dnscan not working in Kali 2020.3
* v8.9 - Fixed issue with screenshots not working in Ubuntu 2020
* v8.9 - Added Frontpage Service Password Disclosure sc0pe template
* v8.9 - Removed Yasuo tool

CHANGELOG.md

@@ -1,4 +1,21 @@
 ## CHANGELOG:
+* v8.9 - Tuned sniper.conf around performance for all scans and recon modes
+* v8.9 - Added out of scope options to config
+* v8.9 - Added automatic HTTP/HTTPS web scans and vulnerability scans to 'normal' mode
+* v8.9 - Added SolarWinds Orion Panel Default Credentials sc0pe template
+* v8.9 - Added SolarWinds Orion Panel sc0pe template
+* v8.9 - Fixed issue with theHarvester not running on Kali 2020.4
+* v8.9 - Added WPScan API support
+* v8.9 - Added CVE-2020-8209 - XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template
+* v8.9 - Added CVE-2020-8209 - XenMobile-Citrix Endpoint Management Path Traversal sc0pe template
+* v8.9 - Removed verbose error for chromium on Ubuntu
+* v8.9 - Added CVE-2020-8209 - Citrix XenMobile Server Path Traversal sc0pe template
+* v8.9 - Fixed F+ in CSP Not Enforced sc0pe template
+* v8.9 - Added CVE-2020-14815 - Oracle Business Intelligence Enterprise DOM XSS sc0pe template
+* v8.9 - Fixed issue with dnscan not working in Kali 2020.3
+* v8.9 - Fixed issue with screenshots not working in Ubuntu 2020
+* v8.9 - Added Frontpage Service Password Disclosure sc0pe template
+* v8.9 - Removed Yasuo tool
 * v8.8 - Fixed issue with webscreenshot on Kali 2020.3+
 * v8.8 - Fixed error in install.sh for theharvester sym link
 * v8.8 - Fixed issue with flyover mode not capturing web screenshots

bin/zap-scan.py

@@ -496,12 +496,13 @@
 # If you want to retrieve alerts:
 ## pprint(zap.core.alerts(baseurl=target, start=None, count=None))
 
-# To retrieve ZAP report in XML or HTML format
-## print('XML report')
-## core.xmlreport()
 print('HTML report:')
 pprint(core.htmlreport())
 
+# To retrieve ZAP report in XML or HTML format
+print('XML report')
+pprint(core.xmlreport())
+
 if shutdownOnceFinished:
     # Shutdown ZAP once finished
     pprint('Shutdown ZAP -> ' + core.shutdown())

install.sh

@@ -30,7 +30,7 @@ if [[ "$1" != "force" ]]; then
 fi
 
 if [[ $EUID -ne 0 ]]; then
-   echo "This script must be run as root"
+   echo "This script must be run as root" 
    exit 1
 fi
 
@@ -59,7 +59,7 @@ UBUNTU_CHECK=$(egrep DISTRIB_ID /etc/lsb-release 2> /dev/null)
 if [[ $UBUNTU_CHECK == "DISTRIB_ID=Ubuntu" ]]; then
 	cp /root/.Xauthority /root/.Xauthority.bak 2> /dev/null
 	cp -a /run/user/1000/gdm/Xauthority /root/.Xauthority 2> /dev/null
-	cp -a /home/user/.Xauthority /root/.Xauthority 2> /dev/null
+	cp -a /home/user/.Xauthority /root/.Xauthority 2> /dev/null 
 	chown root /root/.Xauthority
 	XAUTHORITY=/root/.Xauthority
 	snap install chromium 2> /dev/null
@@ -109,9 +109,8 @@ apt-get install -y xmlstarlet
 apt-get install -y net-tools
 apt-get install -y p7zip-full
 apt-get install -y jsbeautifier
+apt-get install -y theharvester 2> /dev/null
 apt-get install -y phantomjs 2> /dev/null
-#apt-get install -y openvas
-#apt-get install -y greenbone-security-assistant
 apt-get install -y chromium 2> /dev/null
 
 echo -e "$OKBLUE[*]$RESET Installing Metasploit...$RESET"
@@ -146,14 +145,14 @@ cd $PLUGINS_DIR
 mkdir -p $GO_DIR 2> /dev/null
 
 echo -e "$OKBLUE[*]$RESET Downloading extensions...$RESET"
-git clone https://github.com/1N3/BruteX.git
-git clone https://github.com/1N3/Findsploit.git
+git clone https://github.com/1N3/BruteX.git 
+git clone https://github.com/1N3/Findsploit.git 
 git clone https://github.com/1N3/Goohak.git
 git clone https://github.com/1N3/BlackWidow
 git clone https://github.com/1N3/Sublist3r.git
-git clone https://github.com/nccgroup/shocker.git
+git clone https://github.com/nccgroup/shocker.git 
 git clone https://github.com/BishopFox/spoofcheck.git
-git clone https://github.com/arthepsy/ssh-audit
+git clone https://github.com/arthepsy/ssh-audit 
 git clone https://github.com/1N3/jexboss.git
 git clone https://github.com/maurosoria/dirsearch.git
 git clone https://github.com/jekyc/wig.git
@@ -162,24 +161,24 @@ git clone https://github.com/hisxo/gitGraber.git
 git clone https://github.com/1N3/LinkFinder
 git clone https://github.com/christophetd/censys-subdomain-finder.git
 git clone https://github.com/rbsec/dnscan.git
-git clone https://github.com/infosec-au/altdns.git
+git clone https://github.com/infosec-au/altdns.git 
 git clone https://github.com/blechschmidt/massdns.git
 git clone https://github.com/ProjectAnte/dnsgen
 git clone https://github.com/scipag/vulscan
 git clone https://github.com/laramies/metagoofil.git
 git clone https://github.com/achillean/shodan-python
-git clone https://github.com/Dionach/CMSmap.git
+git clone https://github.com/Dionach/CMSmap.git 
 git clone https://github.com/defparam/smuggler.git
 
 cd LinkFinder
-python setup.py install
+python setup.py install 
 cd ..
 pip3 install -r $PLUGINS_DIR/gitGraber/requirements.txt
 pip3 install -r $PLUGINS_DIR/censys-subdomain-finder/requirements.txt
-pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt
+pip3 install -r $PLUGINS_DIR/dnscan/requirements.txt 
 cd altdns
-pip3 install -r requirements.txt
-python2 setup.py install
+pip3 install -r requirements.txt 
+python2 setup.py install 
 pip3 install py-altdns 2> /dev/null
 cd ..
 cd massdns
@@ -227,27 +226,21 @@ wget https://raw.githubusercontent.com/1N3/Exploits/master/defcon_webmin_unauth_
 wget https://github.com/OJ/gobuster/releases/download/v3.0.1/gobuster-linux-amd64.7z -O /tmp/gobuster.7z
 cd /tmp/
 7z e gobuster.7z
-chmod +rx gobuster
-mv gobuster /usr/bin/gobuster
+chmod +rx gobuster 
+mv gobuster /usr/bin/gobuster 
 cd $PLUGINS_DIR
-cd shodan-python
+cd shodan-python 
 python setup.py install
 cd ..
 pip3 install spyse.py
-pip3 install h8mail 2> /dev/null
+pip3 install h8mail 2> /dev/null 
 cd $PLUGINS_DIR/CMSmap/ && pip3 install . && python3 setup.py install
 cd $PLUGINS_DIR
 
-# THEHARVESTER MANUAL INSTALL
-wget https://github.com/laramies/theHarvester/archive/V3.1.tar.gz
-tar -zxvf V3.1.tar.gz
-rm V3.1.tar.gz
-ln -fs /usr/share/sniper/plugins/theHarvester-3.1/theHarvester.py /usr/bin/theharvester-3.1
-
 # ARACHNI MANUAL INSTALL
 wget https://github.com/Arachni/arachni/releases/download/v1.5.1/arachni-1.5.1-0.5.12-linux-x86_64.tar.gz -O /tmp/arachni.tar.gz
 cd /tmp/
-tar -zxf arachni.tar.gz
+tar -zxf arachni.tar.gz 
 rm -f /tmp/arachni.tar.gz 2> /dev/null
 cd arachni-*
 mkdir -p /usr/share/arachni 2> /dev/null
@@ -269,7 +262,7 @@ cd $PLUGINS_DIR/BruteX/ && bash install.sh 2> /dev/null
 cd $PLUGINS_DIR/Findsploit/ && bash install.sh 2> /dev/null
 cd $PLUGINS_DIR/spoofcheck/ && pip3 install -r requirements.txt 2> /dev/null
 
-cd $INSTALL_DIR
+cd $INSTALL_DIR 
 mkdir $LOOT_DIR 2> /dev/null
 mkdir $LOOT_DIR/screenshots/ -p 2> /dev/null
 mkdir $LOOT_DIR/nmap -p 2> /dev/null
@@ -285,11 +278,14 @@ ln -s $INSTALL_DIR/sniper /usr/bin/sniper
 ln -s $PLUGINS_DIR/Goohak/goohak /usr/bin/goohak
 ln -s $PLUGINS_DIR/dirsearch/dirsearch.py /usr/bin/dirsearch
 ln -s /usr/share/sniper /sniper 2> /dev/null
+ln -s /usr/share/sniper /usr/share/sn1per 2> /dev/null
 ln -s /usr/share/sniper/loot/workspace /workspace 2> /dev/null
 ln -s /usr/share/sniper/loot/workspace /root/workspace 2> /dev/null
 ln -s /usr/share/sniper /root/sniper 2> /dev/null
-ln -s /root/.sniper.conf /usr/share/sniper/conf/sniper.conf
-ln -s /root/.sniper_api_keys.conf /usr/share/sniper/conf/sniper_api_keys.conf
+ln -s /root/.sniper.conf /usr/share/sniper/conf/sniper.conf 2> /dev/null
+ln -s /root/.sniper_api_keys.conf /usr/share/sniper/conf/sniper_api_keys.conf 2> /dev/null
+mv /root/.sniper.conf /root/.sniper.conf.bak 2> /dev/null
+cp -vf /usr/share/sniper/sniper.conf /root/.sniper.conf 2> /dev/null
 msfdb init 2> /dev/null
 
 echo -e "$OKBLUE[*]$RESET Adding start menu and desktop shortcuts... $RESET"

modes/airstrike.sh

@@ -8,7 +8,7 @@ if [[ "$MODE" = "airstrike" ]]; then
   if [[ "$REPORT" = "1" ]]; then
     for a in `cat $FILE`;
     do
-      if [[ "$AUTOBRUTE" = "1" ]]; then
+      if [[ "$AUTO_BRUTE" = "1" ]]; then
         args="$args -b"
       fi
       if [[ "$FULLNMAPSCAN" = "1" ]]; then
@@ -61,9 +61,9 @@ if [[ "$MODE" = "airstrike" ]]; then
       if [[ ! -z "$WORKSPACE_DIR" ]]; then
         echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
         echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
+        echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
         if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
           /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
-          echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
         fi
         sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
       else
@@ -74,9 +74,9 @@ if [[ "$MODE" = "airstrike" ]]; then
       args=""
     done
   fi
+  echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
   if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
-    echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
   fi
   if [[ "$LOOT" = "1" ]]; then
     loot

modes/bruteforce.sh

@@ -1,4 +1,4 @@
-if [[ "$AUTOBRUTE" = "0" ]]; then
+if [[ "$AUTO_BRUTE" = "0" ]]; then
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
   echo -e "$OKRED SKIPPING BRUTE FORCE $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
@@ -8,9 +8,9 @@ else
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
   echo -e "$OKRED RUNNING BRUTE FORCE $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
+  echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
   if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
-    echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
   fi
   brutex $TARGET | tee $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null
   sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null > $LOOT_DIR/credentials/brutex-$TARGET.txt 2> /dev/null
@@ -29,8 +29,8 @@ else
   if [[ "$SLACK_NOTIFICATIONS_BRUTEFORCE" == "1" ]]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/credentials/brutex-$TARGET.txt"
   fi
+  echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
   if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
-    echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
   fi
 fi

modes/discover.sh

@@ -18,9 +18,9 @@ if [[ "$MODE" = "discover" ]]; then
     OUT_FILE="$(echo $TARGET | tr / -)"
     echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
     echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$OUT_FILE-$MODE.txt 2> /dev/null
+    echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
     if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
       /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
-      echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
     fi
     sniper -t $TARGET -m $MODE --noreport $args | tee $LOOT_DIR/output/sniper-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
     exit
@@ -69,9 +69,9 @@ if [[ "$MODE" = "discover" ]]; then
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
   echo -e "$OKRED SCAN COMPLETE! $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
+  echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
   if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
-    echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt
   fi
   sniper -f $LOOT_DIR/ips/discover-$OUT_FILE-sorted.txt -m flyover -w $WORKSPACE
   exit