* v9.0 - Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template

* v9.0 - Added CVE-2020-17519 - Apache Flink Path Traversal sc0pe template * v9.0 - Added RabbitMQ Management Interface Detected sc0pe template * v9.0 - Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX * v9.0 - Removed vulnscan NMap CSV updates/downloads to save space/bandwidth * v9.0 - Added Nuclei sc0pe parser * v9.0 - Added Nuclei vulnerability scanner * v9.0 - Added Wordpress WPScan sc0pe vulnerability parser * v9.0 - Fixed issue with wrong WPscan API key command * v9.0 - Added CVE-2020-11738 - WordPress Duplicator plugin Directory Traversal sc0pe template * v9.0 - Renamed AUTO_VULNSCAN setting to "VULNSCAN" in sniper.conf to perform vulnerability scans via 'normal' mode
1N3 · Jan 8, 2021 · 31df5dc · 31df5dc
1 parent 2dc57b5
commit 31df5dc
Show file tree

Hide file tree

Showing 30 changed files with 332 additions and 120 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,6 @@
 ## CHANGELOG:
+* v9.0 - Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template
+* v9.0 - Added CVE-2020-17519 - Apache Flink Path Traversal sc0pe template
 * v9.0 - Added RabbitMQ Management Interface Detected sc0pe template
 * v9.0 - Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX
 * v9.0 - Removed vulnscan NMap CSV updates/downloads to save space/bandwidth
@@ -7,6 +9,7 @@
 * v9.0 - Added Wordpress WPScan sc0pe vulnerability parser
 * v9.0 - Fixed issue with wrong WPscan API key command
 * v9.0 - Added CVE-2020-11738 - WordPress Duplicator plugin Directory Traversal sc0pe template
+* v9.0 - Renamed AUTO_VULNSCAN setting to "VULNSCAN" in sniper.conf to perform vulnerability scans via 'normal' mode
 * v8.9 - Tuned sniper.conf around performance for all scans and recon modes
 * v8.9 - Added out of scope options to config
 * v8.9 - Added automatic HTTP/HTTPS web scans and vulnerability scans to 'normal' mode

diff --git a/README.md b/README.md
@@ -129,7 +129,7 @@ sniper -c /path/to/sniper.conf -t <TARGET> -w <WORKSPACE_ALIAS>
 sniper -u|--update
 ```
 
-## MODES:
+## MODES
 * **NORMAL:** Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
 * **STEALTH:** Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
 * **FLYOVER:** Fast multi-threaded high level scans of multiple targets (useful for collecting high level data on many hosts quickly).

diff --git a/modes/normal.sh b/modes/normal.sh
@@ -1201,9 +1201,9 @@ else
   fi
 fi
 
-if [[ "$AUTO_VULNSCAN" = "1" ]]; then
+if [[ "$VULNSCAN" = "1" ]]; then
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
-  echo -e "$OKRED PERFORMING AUTO VULNSCAN $RESET"
+  echo -e "$OKRED PERFORMING VULNERABILITYSCAN $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
   sniper -t $TARGET -m vulnscan -w $WORKSPACE
 fi

diff --git a/modes/normal_webporthttp.sh b/modes/normal_webporthttp.sh
@@ -59,9 +59,10 @@ wpif [[ "$MODE" = "web" ]]; then
     fi
   fi
   if [[ "$INJECTX" == "1" ]]; then
-    rm -f $LOOT_DIR/web/injectx-$TARGET-http.txt 2> /dev/null
+    rm -f $LOOT_DIR/web/injectx-$TARGET-http.raw 2> /dev/null
     #cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep 'http\:' | xargs -P $THREADS -r -n 1 -I '{}' injectx.py -u '{}' -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.txt
-    for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "http\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "http\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.txt; done; done;
+    for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "http\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "http\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-http.raw; done; done;
+    sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/injectx-$TARGET-http.raw 2> /dev/null > $LOOT_DIR/web/injectx-$TARGET-http.txt
   fi
   source $INSTALL_DIR/modes/static-grep-search.sh
   if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then

diff --git a/modes/normal_webporthttps.sh b/modes/normal_webporthttps.sh
@@ -57,8 +57,9 @@ if [[ "$MODE" = "web" ]]; then
     fi
   fi
   if [[ "$INJECTX" == "1" ]]; then
-    rm -f $LOOT_DIR/web/injectx-$TARGET-https.txt 2> /dev/null
-    for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "https\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "https\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.txt; done; done;
+    rm -f $LOOT_DIR/web/injectx-$TARGET-https.raw 2> /dev/null
+    for a in `cat $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep '?' | grep "https\:" | cut -d '?' -f2 | cut -d '=' -f1 | sort -u`; do for b in `grep $a $LOOT_DIR/web/spider-$TARGET.txt 2> /dev/null | grep "https\:" | head -n 1`; do injectx.py -u $b -vy | tee -a $LOOT_DIR/web/injectx-$TARGET-https.raw; done; done;
+    sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/web/injectx-$TARGET-https.raw 2> /dev/null > $LOOT_DIR/web/injectx-$TARGET-https.txt
   fi
   source $INSTALL_DIR/modes/static-grep-search.sh
   if [[ "$WEB_JAVASCRIPT_ANALYSIS" == "1" ]]; then