1n3 / sn1per Goto Github PK
View Code? Open in Web Editor NEWAttack Surface Management Platform
Home Page: https://sn1persecurity.com
License: Other
Attack Surface Management Platform
Home Page: https://sn1persecurity.com
License: Other
Hi!
Thank you for your continued support & hard work on this. 2 Small things:
I'm having a problem getting Sn1per to generate a report after it's done scanning, when looking at some videos online, it mostly generates a .txt file containing a full output of the scan.
I've tried a full Kali/Sn1per reinstall but it's still not working.
Secondly, the install.sh script should add a "chmod +x winshock.sh" since it doesn't have permission to run while running sn1per :)
Any idea what could fix the first problem though?
Thanks again!
Should be:
if [ -z "$port_1524" ]
Since you are scanning 1524 with amap
Hey,
Have you thought about implementing https://github.com/superkojiman/onetwopunch
This would decrease scan time
Thanks,
Sample Report after install.sh first run -->>
�[91m ____ �[0m
�[91m _________ / /__ ___ �[0m
�[91m / / __ \ / // __ / _ / /�[0m
�[91m ( ) / / // // // / __/ / �[0m
�[91m /// /// ./___// �[0m
�[91m // �[0m
�[0m
�[93m + -- --=[http://crowdshield.com
�[93m + -- --=[sniper v2.3 by 1N3
�[0m
�[92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +�[0m
Server: 209.222.18.222
Address: 209.222.18.222#53
** server can't find http://stsolidergroup.in: NXDOMAIN
Host http://stsolidergroup.in not found: 3(NXDOMAIN)
�[92m + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +�[0m
Xprobe2 v.0.3 Copyright (c) 2002-2005 [email protected], [email protected], [email protected]
[+] Target is http://stsolidergroup.in
�[92m + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +�[0m
No whois server is known for this kind of object.
�[92m + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +�[0m
*
*
[-] Searching in Bing:
Searching 50 results...
Searching 100 results...
No emails found
No hosts found
�[92m + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +�[0m
; <<>> DiG 9.10.3-P4-Debian <<>> -x http://stsolidergroup.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15976
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;in.http://stsolidergroup.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2016110956 1800 900 604800 3600
;; Query time: 683 msec
;; SERVER: 209.222.18.222#53(209.222.18.222)
;; WHEN: Sun Feb 19 08:41:53 EST 2017
;; MSG SIZE rcvd: 134
dnsenum.pl VERSION:1.2.3
�[1;34m
----- http://stsolidergroup.in -----
�[0m�[1;31m
Host's addresses:
�[0m�[1;31m
Name Servers:
�[0m�[92m + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +�[0m
�[91m
____ _ _ _ _ _____
/ | _ | | | ()| ||__ / _ __
___ | | | | '_ | | / | | | | '|
) | || | |) | | _ \ | ) | |
|/ _,|./|||/_|___/||�[0m�[93m
# Coded By Ahmed Aboul-Ela - @aboul3la
�[91mError: Please enter a valid domain�[0m
�[91m ╔═╗╦═╗╔╦╗╔═╗╦ ╦�[0m
�[91m ║ ╠╦╝ ║ ╚═╗╠═╣�[0m
�[91m ╚═╝╩╚═ ╩o╚═╝╩ ╩�[0m
�[91m + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +�[0m
�[94m
�[91m [+] Domains saved to: /usr/share/sniper/loot/domains/domains-http://stsolidergroup.in-full.txt
�[0m
�[92m + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +�[0m
�[92m + -- ----------------------------=[Checking Email Security]=----------------- -- +�[0m
�[92m + -- ----------------------------=[Pinging host]=---------------------------- -- +�[0m
�[92m + -- ----------------------------=[Running TCP port scan]=------------------- -- +�[0m
�[92m + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +�[0m
�[91m + -- --=[Port 21 closed... skipping.�[0m
�[91m + -- --=[Port 22 closed... skipping.�[0m
�[91m + -- --=[Port 23 closed... skipping.�[0m
�[91m + -- --=[Port 25 closed... skipping.�[0m
�[91m + -- --=[Port 53 closed... skipping.�[0m
�[91m + -- --=[Port 79 closed... skipping.�[0m
�[91m + -- --=[Port 80 closed... skipping.�[0m
�[91m + -- --=[Port 110 closed... skipping.�[0m
�[91m + -- --=[Port 111 closed... skipping.�[0m
�[91m + -- --=[Port 135 closed... skipping.�[0m
�[91m + -- --=[Port 139 closed... skipping.�[0m
�[91m + -- --=[Port 161 closed... skipping.�[0m
�[91m + -- --=[Port 162 closed... skipping.�[0m
�[91m + -- --=[Port 389 closed... skipping.�[0m
�[91m + -- --=[Port 443 closed... skipping.�[0m
�[91m + -- --=[Port 445 closed... skipping.�[0m
�[91m + -- --=[Port 512 closed... skipping.�[0m
�[91m + -- --=[Port 513 closed... skipping.�[0m
�[91m + -- --=[Port 514 closed... skipping.�[0m
�[91m + -- --=[Port 1433 closed... skipping.�[0m
�[91m + -- --=[Port 2049 closed... skipping.�[0m
�[91m + -- --=[Port 2121 closed... skipping.�[0m
�[91m + -- --=[Port 3306 closed... skipping.�[0m
�[91m + -- --=[Port 3310 closed... skipping.�[0m
�[91m + -- --=[Port 3128 closed... skipping.�[0m
�[91m + -- --=[Port 3389 closed... skipping.�[0m
�[91m + -- --=[Port 3632 closed... skipping.�[0m
�[91m + -- --=[Port 4443 closed... skipping.�[0m
�[91m + -- --=[Port 5432 closed... skipping.�[0m
�[91m + -- --=[Port 5800 closed... skipping.�[0m
�[91m + -- --=[Port 5900 closed... skipping.�[0m
�[91m + -- --=[Port 5984 closed... skipping.�[0m
�[91m + -- --=[Port 6000 closed... skipping.�[0m
�[91m + -- --=[Port 6667 closed... skipping.�[0m
�[91m + -- --=[Port 8000 closed... skipping.�[0m
�[91m + -- --=[Port 8100 closed... skipping.�[0m
�[91m + -- --=[Port 8080 closed... skipping.�[0m
�[91m + -- --=[Port 8180 closed... skipping.�[0m
�[91m + -- --=[Port 8443 closed... skipping.�[0m
�[91m + -- --=[Port 8888 closed... skipping.�[0m
�[91m + -- --=[Port 10000 closed... skipping.�[0m
�[91m + -- --=[Port 27017 closed... skipping.�[0m
�[91m + -- --=[Port 27018 closed... skipping.�[0m
�[91m + -- --=[Port 27019 closed... skipping.�[0m
�[91m + -- --=[Port 28017 closed... skipping.�[0m
�[91m + -- --=[Port 49152 closed... skipping.�[0m
�[92m + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +�[0m
#########################################################################################
oooooo oooo .o. .oooooo..o ooooo ooo .oooooo.
888. .8' .888. d8P'
Y8 888'
8' d8P' Y8b
888. .8' .88888. Y88bo. 888 8 888 888
888.8' .8'
888. ZY8888o. 888 8 888 888
888' .88ooo8888. 0Y88b 888 8 888 888 888 .8'
888. oo .d8P 88. .8'
88b d88'
o888o o88o o8888o 88888888P' YbodP'
Y8bood8P'
Welcome to Yasuo v2.3
Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
#########################################################################################
I, [2017-02-19T08:42:00.134434 #12184] INFO -- : Initiating port scan
I, [2017-02-19T08:42:00.536569 #12184] INFO -- : Using nmap scan output file logs/nmap_output_2017-02-19_08-42-00.xml
�[92m + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +�[0m
�[92m + -- ----------------------------=[Running Brute Force]=--------------------- -- +�[0m
�[91m __________ __ ____ �[0m
�[91m ___ _______ __ / | ____ \ / /�[0m
�[91m | | /_ __ \ | \ / __ \ \ / �[0m
�[91m | | \ | | / | /| | \ / / \ �[0m
�[91m | / || |_/ || _ >/\ \ �[0m
�[91m / / _/�[0m
�[91m + -- --=[BruteX v1.5 by 1N3�[0m
�[91m + -- --=[http://crowdshield.com�[0m
�[92m################################### Running Port Scan ##############################�[0m
�[92m################################### Running Brute Force ############################�[0m
�[91m + -- --=[Port 21 closed... skipping.�[0m
�[91m + -- --=[Port 22 closed... skipping.�[0m
�[91m + -- --=[Port 23 closed... skipping.�[0m
�[91m + -- --=[Port 25 closed... skipping.�[0m
�[91m + -- --=[Port 80 closed... skipping.�[0m
�[91m + -- --=[Port 110 closed... skipping.�[0m
�[91m + -- --=[Port 139 closed... skipping.�[0m
�[91m + -- --=[Port 162 closed... skipping.�[0m
�[91m + -- --=[Port 389 closed... skipping.�[0m
�[91m + -- --=[Port 443 closed... skipping.�[0m
�[91m + -- --=[Port 445 closed... skipping.�[0m
�[91m + -- --=[Port 512 closed... skipping.�[0m
�[91m + -- --=[Port 513 closed... skipping.�[0m
�[91m + -- --=[Port 514 closed... skipping.�[0m
�[91m + -- --=[Port 993 closed... skipping.�[0m
�[91m + -- --=[Port 1433 closed... skipping.�[0m
�[91m + -- --=[Port 1521 closed... skipping.�[0m
�[91m + -- --=[Port 3306 closed... skipping.�[0m
�[91m + -- --=[Port 3389 closed... skipping.�[0m
�[91m + -- --=[Port 5432 closed... skipping.�[0m
�[91m + -- --=[Port 5900 closed... skipping.�[0m
�[91m + -- --=[Port 5901 closed... skipping.�[0m
�[91m + -- --=[Port 8000 closed... skipping.�[0m
�[91m + -- --=[Port 8080 closed... skipping.�[0m
�[91m + -- --=[Port 8100 closed... skipping.�[0m
�[91m + -- --=[Port 6667 closed... skipping.�[0m
�[92m################################### Brute Forcing DNS ###############################�[0m
dnsenum.pl VERSION:1.2.3
�[1;34m
----- http://stsolidergroup.in -----
�[0m�[1;31m
Host's addresses:
�[0m�[1;31m
Name Servers:
�[0m
�[92m################################### Done! ###########################################�[0m
�[92m + -- ----------------------------=[Done]=------------------------------------ -- +�[0m
Hi,
I noticed that the $TARGET variable is missing in some nmap commands. It is missing in line 840 and 1025 so far.
To reduce noise when reinstalling (assuming the previous old primary directory has been deleted), it may be good to remove existing links in /usr/bin/ created by the old install before creating the new ones. This is especially true if you are installing Sn1per into a different directory.
ln: failed to create symbolic link ‘/usr/bin/xsstracer’: File exists
ln: failed to create symbolic link ‘/usr/bin/findsploit’: File exists
ln: failed to create symbolic link ‘/usr/bin/copysploit’: File exists
ln: failed to create symbolic link ‘/usr/bin/compilesploit’: File exists
ln: failed to create symbolic link ‘/usr/bin/massbleed’: File exists
ln: failed to create symbolic link ‘/usr/bin/brutex’: File exists
Note: I has already manually removed /usr/bin/sniper and /usr/bin/goohack before installing. S these should also be included.
I also saw the below error when reinstalling. I assume this is because one of the packages creates a loot directory, but there is a mkdir loot later in the script that causes the below.
mkdir: cannot create directory ‘loot’: File exists
Thanks again
Nice tool! So far it looks like this tool is going to quickly replace the set of scripts I built that do similar work. Good work. With that said I have some requests for features:
Saw the shodan command, but nothing related to it install. It needs to be installed manually by the user via:
easy_install shodan
shodan init <api key>
We can add "easy_install shodan" into install.sh , but the user will manually need to register and get an api key for shodan init if they don't have it already.
Might be worth mentioning this in the readme, or show an error advising to do the above in sniper after the command fails.
running: sniper ~/scanme.txt nuke report
causes: tee: /usr/share/sniper/loot/sniper-/root/scanme.txt-nuke-201705190854.txt: No such file or directory
on line https://github.com/1N3/Sn1per/blob/master/sniper#L624
replacing
Maybe someone can come up with a more elegant solution that keeps the file structure or replaces the slash with a dot...
Probably have to do this on lines 257, 307, and 315, as well as 624.
Add to you project the https://github.com/urbanadventurer/WhatWeb reports.
is a good idea, I already did something like
Is it possible for me to run nmap in sniper with -Pn flag.
-- --=[Launching stealth scan: 192.168.0.70
-- ----------------------------=[Running Nslookup]=------------------------ -- +
Server: 192.168.0.1
Address: 192.168.0.1#53
** server can't find 70.0.168.192.in-addr.arpa: NXDOMAIN
Host 70.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)
Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-17 15:51 IST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.54 seconds
It appears this line:
https://github.com/1N3/Sn1per/blob/master/install.sh#L69
cp $PWD/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse
is giving this result on my Kali 2017.1
"cp: cannot stat '/usr/share/sniper/plugins/bin/iis-buffer-overflow.nse': No such file or directory"
The nse file is in my bin directory but the $PWD is giving the location as /usr/share/sniper/plugins when it should be one level higher in the sniper directory...probably because of this:
https://github.com/1N3/Sn1per/blob/master/install.sh#L49
cd $PLUGINS_DIR
changing line 69 to this:
cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse
appeared to work for me
Hi,
Looks like the execution directory is incorrect when Sn1per gets to the brute force section.
I dropped a pwd in before the sections which showed it was in the run directory. So "cd ../BruteX/ broke it".
The error seen on execution is.
./sniper: line 562: cd: ../BruteX/: No such file or directory
./sniper: line 563: ./brutex: No such file or directory
./sniper: line 570: cd: Breach-Miner: No such file or directory
python: can't open file 'breachminer.py': [Errno 2] No such file or directory
./sniper: line 573: cd: yasuo: No such file or directory
ruby: No such file or directory -- yasuo.rb (LoadError)
I changed the cd: ../BruteX/ to cd BruteX and it worked.
Thanks
After install massbleed is not executable so the below error is seen when Sn1per is run
./sniper: line 296: ./massbleed: Permission denied
This seems to work.
chmod +x MassBleed/massbleed
Thanks
HI,
Great tool, been using it for a while.
i know its alot to ask, but im willing to challenge you =)
i think it would be really nice if you could have Sn1per support a client-server feature, in which you will install a server that manages the tasks, and clients that retrieve tasks and executes them(much like dnmap).
currently i have managed to implement dnmap using one server and over 100 clients, which allows me much faster scan time and better stealth, i think the 2nd phase(i.e, using sn1per), would also benefit from that.
Roy
sniper is messing up the internet connection
on kali linux "theHarvester" can not be found , but "theharvester" is
It can be easily solved , but thought it will be ok if i told you
After install SuperMicro-Password-Scanner is not executable so the below error is seen when Sn1per is run "Permission Denied"
This seems to work as a fix,
chmod +x SuperMicro-Password-Scanner/supermicro_scan.sh
I have submitted a code change to you
Thanks
Prior to the below line, the terminal output is reset, preventing the review of any information unless stored or output is piped to a file.
echo -e "$OKGREEN################################### Launching 3rd Party Modules ########################$RESET"
Thanks
Derek
Hey Mate,
Using the "nobrute report" option the script fails. You are presented with the following errors. Obviously the nmap does not run, thus finding no ports and the rest of the script exits without completion.
`Running the "nobrute" option without the "report" - Everything works as per expected.
`################################### Running port scan ##############################
Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-24 05:26 EDT
Found no matches for the service mask 'report' and your specified protocols
QUITTING!
Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-24 05:26 EDT
Found no matches for the service mask 'report' and your specified protocols
QUITTING!
################################### Running Intrusive Scans ########################
################################## Skipping Brute Force ############################
################################### Done!`
Looking into the code, it appears you may be missing the following entry for the "nobrute" option/mode.
**if [ "$OPT1" = "report" ]; then**
./sniper $TARGET $MODE | tee ./loot/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1
./sniper: line 81: whois: command not found
./sniper: line 82: theharvester: command not found
./sniper: line 83: theharvester: command not found
./sniper: line 84: theharvester: command not found
./sniper: line 85: theharvester: command not found
./sniper: line 86: dnsrecon: command not found
./sniper: line 87: dnsrecon: command not found
./sniper: line 88: dnsrecon: command not found
./sniper: line 89: dnsenum: command not found
./sniper: line 91: shodan: command not found
I started ./sniper on a fully up to date Ubuntu VM.
I was thinking that this could be considered as a option from the Sn1per execution point.
Just use what you have i.e target and other available data from the output of the other apps.
Don't stress... its come together really well. 8-)
Thanks
Derek
line 437 should read:
nmap -sV -p 513 --script=rlogin* $TARGET
Could not find a version that satisfies the requirement arachni (from versions: )
No matching distribution found for arachni
Distribution directory is incorrect
Discover scan breaks because the sort line at
https://github.com/1N3/Sn1per/blob/master/sniper#L275
(maybe?)
can't find the file it is looking for...There appears to be a problem with an underscore and a dash mismatching. I changed the underscore to a dash (or maybe the other way around) and it seemed to work but you will have to verify.
Hello!
Sn1per have some problems when I,m using it with proxychains, does not work with it!
When I use it without tor it seems nmap is not procceding scan , because all the ports are always closed!
And when it starts hydra , i'm getting error about ssl!
I'm on Kali 2016.2 with all the latest updates.
Sn1per says "[Running Google Hacking Queries]" and then opens every link in Firefox.
This is how it does it:
Is this normal?
Hi,
I just noticed that the nmap ms-sql scripts are misspelled. The scripts need the bar ( - ) in between.
nmap -A -sV -T5 --script=ms-sql* -p 1433 $TARGET
I am using Tor+Privoxy
From some reason my Kali was freezing time by time, but specially when sniper working on "Running Web Vulnerability" after this scan it is open many tabs in browser.
After that Kali immateriality freezes .
So I just change things in ---->
after that in console : traacker-control -r
Close terminal.
So , after that I have start scanning and after few minutes when Sniper open in browser it is showed me a new Browser which is out of range of Tor and Privoxy !?
Even if my current window is open Sniper opening new browser window which is going out of Tor and Privoxy, which means if I check IP address in current window with some of link its said that I am anon.
But in the other window which NSiper is opened after scaning is my original IP address.
How this could happend and why Sniper open new browser window which bypassed Tor and Privoxy ?
Pip install of arachni on Kali 2017.1 threw this error:
"Could not find a version that satisfies the requirement arachni (from versions: )
No matching distribution found for arachni"
I installed arachni with:
apt-get install arachni
Hey,
In a recent update the loot directory initialisation has been removed changed?, this causes fresh installs to break because most of the tools don't create intermediate directories.
I suggest the loot dirs integrity is checked when sniper is initialised and that any missing loot directories are created before continuing.
Edit:
Apparently it has not been removed, but I do think it was changed. Can't find the exact commit.
Hi,
I noticed that Yasuo Brute Force can not be found when running Sniper if the script is not executed from within the install directory on Kali. i.e using the link.
Maybe it's my install.
Hello,
I think the dependencies should be updated.
I'm missing the following:
php5
ruby
rubygems
python
Not everyone has these tools installed. Would be nice to know which versions of python are compatible and which versions of ruby / rubygems.
Also php5 is not available by default in ubuntu 16.
In latest release of Kali when running rpcinfo from the command line, the prompt claims that rpcinfo is not found. One fix is to replace "rpcinfo -p $TARGET" in both occurrences where appropriate with:
**replace https://github.com/1N3/Sn1per/blob/master/sniper#L979 with
nmap -p 135 --script=rpcinfo $TARGET
replace https://github.com/1N3/Sn1per/blob/master/sniper#L1235 with
nmap -p 2049 --script=rpcinfo $TARGET
*Note in the line right below 979 the code is: https://github.com/1N3/Sn1per/blob/master/sniper#L980
nmap -A -p 135 -T5 --script=rpc $TARGET
which may already run rpcinfo so replacing line 979 may technically not be necessary but if it were not there, then the error would go away as well.
while I installed and run command
sniper ly.com
+ -- ----------------------------=[Running TCP port scan]=------------------- -- +
Failed to open XML output file loot/sudo for writing
QUITTING!
+ -- ----------------------------=[Running UDP port scan]=------------------- -- +
Starting Nmap 7.01 ( https://nmap.org ) at 2016-06-20 14:04 EDT
WARNING: a TCP scan type was requested, but no tcp ports were specified. Skipping this scan type.
Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds
+ -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
grep: loot/sudo: No such file or directory
grep: nmap-ly.com.xml: No such file or directory
grep: loot/sudo: No such file or directory
grep: nmap-ly.com.xml: No such file or directory
grep: loot/sudo: No such file or directory
grep: nmap-ly.com.xml: No such file or directory
grep: loot/sudo: No such file or directory
grep: nmap-ly.com.xml: No such file or directory
grep: loot/sudo: No such file or directory
...
+ -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
./sniper: line 1097 :cd: yasuo: No such file or directory
ruby: No such file or directory -- yasuo.rb (LoadError)
+ -- ----------------------------=[Skipping Brute Force]=-------------------- -- +
./sniper:line 1113 : ./sniper: No such file or directory
+ -- ----------------------------=[Done]=------------------------------------ -- +
Hello,
Is it currently possible to store all subdomains into a text file so we can use them later on?
It would be better tho enhance the install script to be able to make a full install also on ubuntu.
As of not this is what happens:
E: Unable to locate package sslyze
E: Unable to locate package uniscan
E: Unable to locate package unicornscan
E: Unable to locate package waffit
E: Unable to locate package dirb
E: Unable to locate package dnsrecon
E: Unable to locate package wpscan
E: Unable to locate package enum4linux
E: Unable to locate package cisco-torch
E: Unable to locate package metasploit-framework
E: Unable to locate package theharvester
E: Unable to locate package dnsenum
E: Unable to locate package smtp-user-enum
E: Unable to locate package amap
Oviously the packages can be installed one by one.. but since Sn1per is an automated script I think it should consider this.
My 2c.
Hi,
I noticed that rake not installed by default in Kali.
Can we add the below to the install of provide a check/message?
gem install rake
---------------- error -------------------
/usr/bin/ruby2.1 -rubygems /usr/share/rubygems-integration/all/gems/rake-10.3.2/bin/rake RUBYARCHDIR=/var/lib/gems/2.1.0/extensions/x86_64-linux/2.1.0/unf-0.2.0.beta2 RUBYLIBDIR=/var/lib/gems/2.1.0/extensions/x86_64-linux/2.1.0/unf-0.2.0.beta2
/usr/bin/ruby2.1: No such file or directory -- /usr/share/rubygems-integration/all/gems/rake-10.3.2/bin/rake (LoadError)
rake failed, exit code 1
Thanks again for the work.
When running Sn1per from root I get the following with XML error... (IP Removed)
root:~# sniper /usr/share/sniper/loot/dvrsvr.txt airstrike
Bomb raid (contributed by Michael aka [email protected])
Non-authoritative answer:
....n-addr.arpa name = static-**..**..net
Authoritative answers can be found from:
....in-addr.arpa domain name pointer static-**..**..net
i run it on ubuntu 16.04
oot@ubuntu:~/Sn1per# ./sniper google.com
____
_________ / _/___ ___ _____
/ ___/ __ \ / // __ \/ _ \/ ___/
(__ ) / / // // /_/ / __/ /
/____/_/ /_/___/ .___/\___/_/
/_/
+ -- --=[http://crowdshield.com
+ -- --=[sn1per v2.0 by 1N3
+ -- ----------------------------=[Running Nslookup]=------------------------ -- +
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: google.com
Address: 172.217.16.174
google.com has address 172.217.16.174
google.com has IPv6 address 2a00:1450:4001:814::200e
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
+ -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
./sniper: line 533: xprobe2: command not found
+ -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
./sniper: line 537: whois: command not found
+ -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
+ -- ----------------------------=[Gathering DNS Info]=---------------------- -- +
; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41192
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;com.google.in-addr.arpa. IN PTR
;; AUTHORITY SECTION:
in-addr.arpa. 55 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2015074887 1800 900 604800 3600
;; Query time: 8 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 28 17:42:41 UTC 2016
;; MSG SIZE rcvd: 120
./sniper: line 542: dnsenum: command not found
+ -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
+ -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
+ -- ----------------------------=[Checking Email Security]=----------------- -- +
+ -- ----------------------------=[Pinging host]=---------------------------- -- +
PING google.com (172.217.16.174) 56(84) bytes of data.
64 bytes from fra15s11-in-f14.1e100.net (172.217.16.174): icmp_seq=1 ttl=58 time=0.815 ms
--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.815/0.815/0.815/0.000 ms
+ -- ----------------------------=[Running TCP port scan]=------------------- -- +
Failed to open XML output file /usr/share/sniper/loot/nmap/nmap-google.com.xml for writing
QUITTING!
+ -- ----------------------------=[Running UDP port scan]=------------------- -- +
Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-28 17:42 UTC
Nmap scan report for google.com (172.217.16.174)
Host is up (0.00080s latency).
Other addresses for google.com (not scanned): 2a00:1450:4001:814::200e
rDNS record for 172.217.16.174: fra15s11-in-f14.1e100.net
PORT STATE SERVICE
53/udp open|filtered domain
67/udp open|filtered dhcps
68/udp open|filtered dhcpc
88/udp open|filtered kerberos-sec
137/udp open|filtered netbios-ns
138/udp open|filtered netbios-dgm
139/udp open|filtered netbios-ssn
161/udp open|filtered snmp
162/udp open|filtered snmptrap
389/udp open|filtered ldap
520/udp open|filtered route
2049/udp open|filtered nfs
Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds
Failed to start postgresql.service: Unit postgresql.service not found.
+ -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
+ -- --=[Port 21 closed... skipping.
+ -- --=[Port 22 closed... skipping.
+ -- --=[Port 23 closed... skipping.
+ -- --=[Port 25 closed... skipping.
+ -- --=[Port 53 closed... skipping.
+ -- --=[Port 79 closed... skipping.
+ -- --=[Port 80 closed... skipping.
+ -- --=[Port 110 closed... skipping.
+ -- --=[Port 111 closed... skipping.
+ -- --=[Port 135 closed... skipping.
+ -- --=[Port 139 closed... skipping.
+ -- --=[Port 161 closed... skipping.
+ -- --=[Port 162 closed... skipping.
+ -- --=[Port 389 closed... skipping.
+ -- --=[Port 443 closed... skipping.
+ -- --=[Port 445 closed... skipping.
+ -- --=[Port 512 closed... skipping.
+ -- --=[Port 513 closed... skipping.
+ -- --=[Port 514 closed... skipping.
+ -- --=[Port 1433 closed... skipping.
+ -- --=[Port 2049 closed... skipping.
+ -- --=[Port 2121 closed... skipping.
+ -- --=[Port 3306 closed... skipping.
+ -- --=[Port 3310 closed... skipping.
+ -- --=[Port 3128 closed... skipping.
+ -- --=[Port 3389 closed... skipping.
+ -- --=[Port 3632 closed... skipping.
+ -- --=[Port 4443 closed... skipping.
+ -- --=[Port 5432 closed... skipping.
+ -- --=[Port 5800 closed... skipping.
+ -- --=[Port 5900 closed... skipping.
+ -- --=[Port 6000 closed... skipping.
+ -- --=[Port 6667 closed... skipping.
+ -- --=[Port 8000 closed... skipping.
+ -- --=[Port 8100 closed... skipping.
+ -- --=[Port 8080 closed... skipping.
+ -- --=[Port 8180 closed... skipping.
+ -- --=[Port 8443 closed... skipping.
+ -- --=[Port 8888 closed... skipping.
+ -- --=[Port 10000 closed... skipping.
+ -- --=[Port 49152 closed... skipping.
+ -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
/usr/lib/ruby/2.3.0/rubygems/specification.rb:2286:in `raise_if_conflicts': Unable to activate mechanize-2.7.5, because net-http-persistent-3.0.0 conflicts with net-http-persistent (>= 2.5.2, ~> 2.5) (Gem::ConflictError)
from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1407:in `activate'
from /usr/lib/ruby/2.3.0/rubygems.rb:196:in `rescue in try_activate'
from /usr/lib/ruby/2.3.0/rubygems.rb:193:in `try_activate'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:125:in `rescue in require'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:40:in `require'
from /usr/share/sniper/plugins/yasuo/formloginbrute.rb:1:in `<top (required)>'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
from yasuo.rb:35:in `<main>'
+ -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +
Failed to open XML output file /usr/share/sniper/loot/nmap/nmap-google.com.xml for writing
QUITTING!
+ -- ----------------------------=[Running Brute Force]=--------------------- -- +
__________ __ ____ ___
\______ \_______ __ ___/ |_ ____ \ \/ /
| | _/\_ __ \ | \ __\/ __ \ \ /
| | \ | | \/ | /| | \ ___/ / \
|______ / |__| |____/ |__| \___ >___/\ \
\/ \/ \_/
+ -- --=[BruteX v1.5 by 1N3
+ -- --=[http://crowdshield.com
################################### Running Port Scan ##############################
Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-28 17:42 UTC
Nmap scan report for google.com (172.217.16.174)
Host is up (0.00084s latency).
Other addresses for google.com (not scanned): 2a00:1450:4001:814::200e
rDNS record for 172.217.16.174: fra15s11-in-f14.1e100.net
Not shown: 24 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp open https
Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds
################################### Running Brute Force ############################
+ -- --=[Port 21 closed... skipping.
+ -- --=[Port 22 closed... skipping.
+ -- --=[Port 23 closed... skipping.
+ -- --=[Port 25 closed... skipping.
+ -- --=[Port 80 opened... running tests...
Hydra v8.4-dev (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2016-10-28 17:42:46
[DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
[DATA] attacking service http-get on port 80
[80][http-get] host: google.com login: admin password: admin
[STATUS] attack finished for google.com (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-10-28 17:42:46
+ -- --=[Port 110 closed... skipping.
+ -- --=[Port 139 closed... skipping.
+ -- --=[Port 162 closed... skipping.
+ -- --=[Port 389 closed... skipping.
+ -- --=[Port 443 opened... running tests...
Hydra v8.4-dev (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.
Hydra (http://www.thc.org/thc-hydra) starting at 2016-10-28 17:42:46
[DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
[DATA] attacking service http-get on port 443 with SSL
[443][http-get] host: google.com login: admin password: admin
[STATUS] attack finished for google.com (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-10-28 17:42:47
+ -- --=[Port 445 closed... skipping.
+ -- --=[Port 512 closed... skipping.
+ -- --=[Port 513 closed... skipping.
+ -- --=[Port 514 closed... skipping.
+ -- --=[Port 993 closed... skipping.
+ -- --=[Port 1433 closed... skipping.
+ -- --=[Port 1521 closed... skipping.
+ -- --=[Port 3306 closed... skipping.
+ -- --=[Port 3389 closed... skipping.
+ -- --=[Port 5432 closed... skipping.
+ -- --=[Port 5900 closed... skipping.
+ -- --=[Port 5901 closed... skipping.
+ -- --=[Port 8000 closed... skipping.
+ -- --=[Port 8080 closed... skipping.
+ -- --=[Port 8100 closed... skipping.
+ -- --=[Port 6667 closed... skipping.
################################### Brute Forcing DNS ###############################
/usr/bin/brutex: line 317: dnsenum: command not found
################################### Done! ###########################################
+ -- --=[Sorting loot directory (/usr/share/sniper/loot)
+ -- --=[Generating reports...
+ -- ----------------------------=[Done]=------------------------------------ -- +
root@ubuntu:~/Sn1per#
I found that hexdump is missing in the docker image, I suggest to add bsdmainutils into the dockerfile. Also I added rm -rf /var/lib/apt/lists/* at the end of the install.
There is also an issue with files being written in /usr/share/sniper/loot/ , that should be mounted at runtime to a persistent local folder, if not the image will erase itself at the end. (--rm). And I think it would be better if the entrypoint is sniper itself. that way it could be called as:
docker run --rm -v $HOME/sniper/loot/:/usr/share/sniper/loot/ -ti menzo/sn1per-docker DOMAIN
(-v to mount a local directory)
and the dockerfile:
FROM ubuntu:16.04
MAINTAINER [email protected]
ENV LC_ALL C.UTF-8
ENV INSTALL_DIR /usr/share/sniper
ENV LOOT_DIR /usr/share/sniper/loot
ENV PLUGINS_DIR /usr/share/sniper/plugins
RUN echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" >> /etc/apt/sources.list.d/kali.sources.list && \
gpg --keyserver pgpkeys.mit.edu --recv-key ED444FF07D8D0BF6 && \
gpg -a --export ED444FF07D8D0BF6 | apt-key add -
RUN apt-get update && apt-get install -y \
ruby \
rubygems \
python \
dos2unix \
zenmap \
sslyze \
uniscan \
xprobe2 \
cutycapt \
unicornscan \
waffit \
host \
whois \
dirb \
dnsrecon \
curl \
nmap \
php \
php-curl \
hydra \
iceweasel \
wpscan \
sqlmap \
nbtscan \
enum4linux \
cisco-torch \
metasploit-framework \
theharvester \
dnsenum \
nikto \
smtp-user-enum \
whatweb \
dnsutils \
sslscan \
amap \
arachni \
bsdmainutils \
&& apt-get clean && \
rm -rf /var/lib/apt/lists/* && \
mv /usr/bin/python /usr/bin/python.unknown && \
ln -s /usr/bin/python2.7 /usr/bin/python && \
curl https://bootstrap.pypa.io/get-pip.py | python && \
gem install \
mechanize \
bcrypt \
net-http-persistent \
rake \
ruby-nmap \
text-table && \
pip install \
colorama \
dnspython \
ipaddress \
tldextract \
urllib3 && \
git clone https://github.com/1N3/Sn1per.git && \
cd Sn1per && \
/bin/bash ./install.sh && \
echo Cleaning up package index && \
apt-get clean && \
echo Image creation complete
CMD /usr/bin/sniper
Great tool!
E unable to locate package theHarvester
After doing this in terminal i receive the error but still the installation completed:
sudo su
git clone https://github.com/1N3/Sn1per.git
cd Sn1per
chmod +x install.sh
./install.sh
y
I think this has something to do with "theharvester" being installed by default in Kali Linux
PS: I am using the new Kali_ Rolling Repository in my sources.list and not the OLD Kali-Sana Repository
This is a great tool, but the output is really hard to parse. I understand that it's running a collection of disparate tools, and each has its own output, but what would be nice is a uniform output in something structured (xml, json, etc) so that we could use it as part of an automated process.
Is that even remotely possible?
Hey,
I've noticed that the various tools you're expect different target input formats. Ping for example expects a host as target, but hydra/brutex expect target to include a protocol definition.
I'd suggest we strip the protocol from the $TARGET when it's passed into sniper, and only set the protocol when calling the tools that require it. That way we're always sure what the actual value of $TARGET is.
Just a quickie - How are updates handled? reinstall?
Kali Linux 2: updated
Sn1per: fresh release
Would it be possible to consider adding some of the optional app extensions/optional parameters to the command line over the time?
eg.
1/ override defaults for the harvester to -l 1000 -b all -h -v -n -c -t
Thanks
Derek
It appears discover just does a stealth scan on each ip it finds. Any chance of including an option to have it do a normal sniper scan instead? After a discover scan, if I want to do a full scan on each ip, the scans are going to repeat the tests from the stealth scan, which wastes time.
Hi,
There seems to be a few critical things displayed on the screen that are not captured in any of the files.
This can obviously be reviewed in the terminal before closing it, but it would be great to preserve all the inelegance that comes out of the Sn1per in the loot directory.
eg. /Breach-Miner/Files/Results.html
The movement of the app output could be the last thing that happens in the script. Maybe even consider a full standard output save represented as a HTML to highlight the exceptions where possible.
Consider creating a directory in the loot directory which represents the Target and maybe the time/date so repeated execution doesn't overwrite old data.
This would be great if multiple targets are being assessed in one session.
Thanks
Derek
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.