Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
1N3
GitHub Repository: 1N3/Sn1per
 Path: blob/master/modes/webscan.sh
4034 views
1
if [[ "$MODE" = "webscan" ]]; then

2
	echo -e "$OKRED                ____               $RESET"

3
	echo -e "$OKRED    _________  /  _/___  ___  _____$RESET"

4
	echo -e "$OKRED   / ___/ __ \ / // __ \/ _ \/ ___/$RESET"

5
	echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"

6
	echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"

7
	echo -e "$OKRED               /_/                 $RESET"

8
	echo -e "$RESET"

9
	echo -e "$OKORANGE + -- --=[https://sn1persecurity.com"

10
	echo -e "$OKORANGE + -- --=[Sn1per v$VER by @xer0dayz"

11
	echo -e ""

12
	echo -e ""

13
	echo -e "               ;               ,           "

14
	echo -e "             ,;                 '.         "

15
	echo -e "            ;:                   :;        "

16
	echo -e "           ::                     ::       "

17
	echo -e "           ::                     ::       "

18
	echo -e "           ':                     :        "

19
	echo -e "            :.                    :        "

20
	echo -e "         ;' ::                   ::  '     "

21
	echo -e "        .'  ';                   ;'  '.    "

22
	echo -e "       ::    :;                 ;:    ::   "

23
	echo -e "       ;      :;.             ,;:     ::   "

24
	echo -e "       :;      :;:           ,;\"      ::   "

25
	echo -e "       ::.      ':;  ..,.;  ;:'     ,.;:   "

26
	echo -e "        \"'\"...   '::,::::: ;:   .;.;\"\"'    "

27
	echo -e "            '\"\"\"....;:::::;,;.;\"\"\"         "

28
	echo -e "        .:::.....'\"':::::::'\",...;::::;.   "

29
	echo -e "       ;:' '\"\"'\"\";.,;:::::;.'\"\"\"\"\"\"  ':;   "

30
	echo -e "      ::'         ;::;:::;::..         :;  "

31
	echo -e "     ::         ,;:::::::::::;:..       :: "

32
	echo -e "     ;'     ,;;:;::::::::::::::;\";..    ':."

33
	echo -e "    ::     ;:\"  ::::::\"\"\"'::::::  \":     ::"

34
	echo -e "     :.    ::   ::::::;  :::::::   :     ; "

35
	echo -e "      ;    ::   :::::::  :::::::   :    ;  "

36
	echo -e "       '   ::   ::::::....:::::'  ,:   '   "

37
	echo -e "        '  ::    :::::::::::::\"   ::       "

38
	echo -e "           ::     ':::::::::\"'    ::       "

39
	echo -e "           ':       \"\"\"\"\"\"\"'      ::       "

40
	echo -e "            ::                   ;:        "

41
	echo -e "            ':;                 ;:\"        "

42
	echo -e "    -hrr-     ';              ,;'          "

43
	echo -e "                \"'           '\"            "

44
	echo -e "                  ''''$RESET"

45
	echo ""

46
	echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null

47
	echo "$TARGET" >> $LOOT_DIR/domains/targets.txt

48
	touch $LOOT_DIR/scans/$TARGET-webscan.txt 2> /dev/null 

49
	echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null

50
	ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt

51


52
	echo "[sn1persecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt

53
	if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then

54
		/bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"

55
	fi

56
	

57
    if [[ "$BURP_SCAN" == "1" ]]; then

58
    	echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

59
    	echo -e "$OKRED RUNNING BURPSUITE SCAN $RESET"

60
		echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

61
		curl -s -X POST "http://$BURP_HOST:$BURP_PORT/v0.1/scan" -d "{\"scope\":{\"include\":[{\"rule\":\"http://$TARGET:80\"}],\"type\":\"SimpleScope\"},\"urls\":[\"http://$TARGET:80\"]}"

62
		curl -s -X POST "http://$BURP_HOST:$BURP_PORT/v0.1/scan" -d "{\"scope\":{\"include\":[{\"rule\":\"https://$TARGET:443\"}],\"type\":\"SimpleScope\"},\"urls\":[\"https://$TARGET:443\"]}"

63
		echo ""	

64
		for a in {1..30}; 

65
		do 

66
			echo -n "[-] SCAN #$a: "

67
			curl -sI "http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a" | grep HTTP | awk '{print $2}'

68
			BURP_STATUS=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3 | grep "remaining")

69
			while [[ ${#BURP_STATUS} -gt "5" ]]; 

70
			do 

71
				BURP_STATUS=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3 | grep "remaining")

72
				BURP_STATUS_FULL=$(curl -s http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a | grep -o -P "crawl_and_audit.{1,100}" | cut -d\" -f3)

73
				echo "[i] STATUS: $BURP_STATUS_FULL"

74
				sleep 15

75
			done

76
		done 

77


78
		echo "[+] VULNERABILITIES: "

79
		echo "----------------------------------------------------------------"

80
		for a in {1..30}; 

81
		do

82
			curl -s "http://$BURP_HOST:$BURP_PORT/v0.1/scan/$a" | jq '.issue_events[].issue | "[" + .severity + "] " + .name + " - " + .origin + .path' | sort -u | sed 's/\"//g' | tee $LOOT_DIR/web/burpsuite-$TARGET-$a.txt

83
		done

84


85
		echo "[-] Done!"

86
    fi

87
    if [[ "$ZAP_SCAN" == "1" ]]; then

88
    	echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

89
    	echo -e "$OKRED RUNNING OWASP ZAP SCAN $RESET"

90
		echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

91
		echo "[i] Scanning: http://$TARGET/"

92
    	sudo python3 /usr/share/sniper/bin/zap-scan.py "http://$TARGET/" 

93
    	DATE=$(date +"%Y%m%d%H%M")

94
    	sudo grep "'" /usr/share/sniper/bin/zap-report.txt | cut -d\' -f2 | cut -d\\ -f1 > $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html

95
    	cp -f $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html $LOOT_DIR/web/zap-report-$TARGET-http.html 2> /dev/null

96
    	echo "[i] Scan complete."

97
    	echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-http-$DATE.html"

98
    	sleep 5

99
    	echo "[i] Scanning: https://$TARGET/"

100
    	sudo python3 /usr/share/sniper/bin/zap-scan.py "https://$TARGET/"

101
    	sudo grep "'" /usr/share/sniper/bin/zap-report.txt | cut -d\' -f2 | cut -d\\ -f1 > $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html

102
    	cp -f $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html $LOOT_DIR/web/zap-report-$TARGET-https.html 2> /dev/null

103
    	echo "[i] Scan complete."

104
    	echo "[+] Report saved to: $LOOT_DIR/web/zap-report-$TARGET-https-$DATE.html"

105
    fi

106
	if [[ "$ARACHNI_SCAN" == "1" ]]; then

107
		echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

108
		echo -e "$OKRED RUNNING ARACHNI SCAN $RESET"

109
		echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

110
		DATE=$(date +"%Y%m%d%H%M")

111
		PORT="80"

112
		mkdir -p $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/

113
		arachni --report-save-path=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/ --output-only-positives http://$TARGET:$PORT | tee ${LOOT_DIR}/web/arachni_webscan_${TARGET}_${PORT}_${DATE}.txt

114
		cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/

115
		arachni_reporter $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/*.afr --report=html:outfile=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/arachni.zip

116
		cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/

117
		unzip arachni.zip

118
		cd $INSTALL_DIR

119
		DATE=$(date +"%Y%m%d%H%M")

120
		PORT="443"

121
		mkdir -p $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/

122
		arachni --report-save-path=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/ --output-only-positives https://$TARGET:$PORT | tee ${LOOT_DIR}/web/arachni_webscan_${TARGET}_${PORT}_${DATE}.txt

123
		cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/

124
		arachni_reporter $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/*.afr --report=html:outfile=$LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/arachni.zip

125
		cd $LOOT_DIR/web/arachni_${TARGET}_${PORT}_${DATE}/

126
		unzip arachni.zip

127
		cd $INSTALL_DIR

128
    fi

129
	if [[ "$NUCLEI" = "1" ]]; then

130
		echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

131
		echo -e "$OKRED RUNNING NUCLEI SCAN $RESET"

132
		echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

133
		nuclei -silent -t /root/nuclei-templates/ -c $THREADS -target http://$TARGET -o $LOOT_DIR/web/nuclei-http-${TARGET}-port80.txt

134
		nuclei -silent -t /root/nuclei-templates/ -c $THREADS -target https://$TARGET -o $LOOT_DIR/web/nuclei-https-${TARGET}-port443.txt 

135
	fi

136
	if [[ "$SC0PE_VULNERABLITY_SCANNER" == "1" ]]; then

137
	    echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

138
	    echo -e "$OKRED RUNNING SC0PE WEB VULNERABILITY SCAN $RESET"

139
	    echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

140
	    SSL="false"

141
	    PORT="80"

142
	    source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh

143
	    source $INSTALL_DIR/modes/sc0pe-active-webscan.sh

144
	    SSL="true"

145
	    PORT="443"

146
	    source $INSTALL_DIR/modes/sc0pe-passive-webscan.sh

147
	    source $INSTALL_DIR/modes/sc0pe-active-webscan.sh

148
	    source $INSTALL_DIR/modes/sc0pe-network-scan.sh

149
	    echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

150
	fi

151
	source $INSTALL_DIR/modes/sc0pe.sh 

152
	echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

153
	echo -e "$OKRED SCAN COMPLETE! $RESET"

154
	echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"

155
    echo "$TARGET" >> $LOOT_DIR/scans/updated.txt

156
    rm -f $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null

157
    ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt

158


159
    echo "[sn1persecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt

160
    if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then

161
		/bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"

162
	fi

163
	loot 

164
	exit

165
fi

166


167