Skip to content

Commit

Permalink
* v9.0 - Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template
Browse files Browse the repository at this point in the history
* v9.0 - Added CVE-2020-17519 - Apache Flink Path Traversal sc0pe template
* v9.0 - Added RabbitMQ Management Interface Detected sc0pe template
* v9.0 - Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX
* v9.0 - Removed vulnscan NMap CSV updates/downloads to save space/bandwidth
* v9.0 - Added Nuclei sc0pe parser
* v9.0 - Added Nuclei vulnerability scanner
* v9.0 - Added Wordpress WPScan sc0pe vulnerability parser
* v9.0 - Fixed issue with wrong WPscan API key command
* v9.0 - Added CVE-2020-11738 - WordPress Duplicator plugin Directory Traversal sc0pe template
* v9.0 - Renamed AUTO_VULNSCAN setting to "VULNSCAN" in sniper.conf to perform vulnerability scans via 'normal' mode
  • Loading branch information
1N3 committed Jan 8, 2021
1 parent 2dc57b5 commit 31df5dc
Show file tree
Hide file tree
Showing 30 changed files with 332 additions and 120 deletions.
3 changes: 3 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
## CHANGELOG:
* v9.0 - Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template
* v9.0 - Added CVE-2020-17519 - Apache Flink Path Traversal sc0pe template
* v9.0 - Added RabbitMQ Management Interface Detected sc0pe template
* v9.0 - Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX
* v9.0 - Removed vulnscan NMap CSV updates/downloads to save space/bandwidth
Expand All @@ -7,6 +9,7 @@
* v9.0 - Added Wordpress WPScan sc0pe vulnerability parser
* v9.0 - Fixed issue with wrong WPscan API key command
* v9.0 - Added CVE-2020-11738 - WordPress Duplicator plugin Directory Traversal sc0pe template
* v9.0 - Renamed AUTO_VULNSCAN setting to "VULNSCAN" in sniper.conf to perform vulnerability scans via 'normal' mode
* v8.9 - Tuned sniper.conf around performance for all scans and recon modes
* v8.9 - Added out of scope options to config
* v8.9 - Added automatic HTTP/HTTPS web scans and vulnerability scans to 'normal' mode
Expand Down
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -129,7 +129,7 @@ sniper -c /path/to/sniper.conf -t <TARGET> -w <WORKSPACE_ALIAS>
sniper -u|--update
```

## MODES:
## MODES
* **NORMAL:** Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
* **STEALTH:** Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
* **FLYOVER:** Fast multi-threaded high level scans of multiple targets (useful for collecting high level data on many hosts quickly).
Expand Down
4 changes: 2 additions & 2 deletions modes/normal.sh
Original file line number Diff line number Diff line change
Expand Up @@ -1201,9 +1201,9 @@ else
fi
fi

if [[ "$AUTO_VULNSCAN" = "1" ]]; then
if [[ "$VULNSCAN" = "1" ]]; then
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
echo -e "$OKRED PERFORMING AUTO VULNSCAN $RESET"
echo -e "$OKRED PERFORMING VULNERABILITYSCAN $RESET"
echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
sniper -t $TARGET -m vulnscan -w $WORKSPACE
fi
Expand Down
5 changes: 3 additions & 2 deletions modes/normal_webporthttp.sh
Original file line number Diff line number Diff line change
Expand Up @@ -59,9 +59,10 @@ wpif [[ "$MODE" = "web" ]]; then
fi
fi
if [[ "$INJECTX" == "1" ]]; then
rm -f $LOOT_DIR/web/injectx-$TARGET-http.txt 2> /dev/null
rm -f $LOOT_DIR/web/injectx-$TARGET-http.raw 2> /dev/null
#cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep 'http\:' | xargs -P $THREADS -r -n 1 -I '{}' injectx.py -u '{}' -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.txt
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "http\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "http\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.txt; done; done;
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "http\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "http\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.raw; done; done;
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/injectx-$TARGET-http.raw 2> /dev/null > $LOOT_DIR/web/injectx-$TARGET-http.txt
fi
source $INSTALL_DIR/modes/static-grep-search.sh
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
Expand Down
5 changes: 3 additions & 2 deletions modes/normal_webporthttps.sh
Original file line number Diff line number Diff line change
Expand Up @@ -57,8 +57,9 @@ if [[ "$MODE" = "web" ]]; then
fi
fi
if [[ "$INJECTX" == "1" ]]; then
rm -f $LOOT_DIR/web/injectx-$TARGET-https.txt 2> /dev/null
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "https\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "https\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.txt; done; done;
rm -f $LOOT_DIR/web/injectx-$TARGET-https.raw 2> /dev/null
for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "https\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "https\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.raw; done; done;
sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/injectx-$TARGET-https.raw 2> /dev/null > $LOOT_DIR/web/injectx-$TARGET-https.txt
fi
source $INSTALL_DIR/modes/static-grep-search.sh
if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then
Expand Down
Loading

0 comments on commit 31df5dc

Please sign in to comment.