1n3 / sn1per Goto Github PK

./sniper: line 81: whois: command not found
./sniper: line 82: theharvester: command not found
./sniper: line 83: theharvester: command not found
./sniper: line 84: theharvester: command not found
./sniper: line 85: theharvester: command not found
./sniper: line 86: dnsrecon: command not found
./sniper: line 87: dnsrecon: command not found
./sniper: line 88: dnsrecon: command not found
./sniper: line 89: dnsenum: command not found
./sniper: line 91: shodan: command not found

I started ./sniper on a fully up to date Ubuntu VM.

Hello,

I think the dependencies should be updated.

I'm missing the following:
php5
ruby
rubygems
python

Not everyone has these tools installed. Would be nice to know which versions of python are compatible and which versions of ruby / rubygems.

Also php5 is not available by default in ubuntu 16.

Is it possible for me to run nmap in sniper with -Pn flag.

• -- --=[Launching stealth scan: 192.168.0.70

• -- ----------------------------=[Running Nslookup]=------------------------ -- +
  Server: 192.168.0.1
  Address: 192.168.0.1#53

** server can't find 70.0.168.192.in-addr.arpa: NXDOMAIN

Host 70.0.168.192.in-addr.arpa. not found: 3(NXDOMAIN)

• -- ----------------------------=[Running TCP port scan]=------------------- -- +

Starting Nmap 7.40 ( https://nmap.org ) at 2017-05-17 15:51 IST
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 0.54 seconds

• -- --=[Port 80 closed... skipping.
• -- --=[Port 443 closed... skipping.
• -- ----------------------------=[Done]=------------------------------------ -- +

Hi,

I noticed that Yasuo Brute Force can not be found when running Sniper if the script is not executed from within the install directory on Kali. i.e using the link.

Maybe it's my install.

In latest release of Kali when running rpcinfo from the command line, the prompt claims that rpcinfo is not found. One fix is to replace "rpcinfo -p $TARGET" in both occurrences where appropriate with:

**replace https://github.com/1N3/Sn1per/blob/master/sniper#L979 with
nmap -p 135 --script=rpcinfo $TARGET

replace https://github.com/1N3/Sn1per/blob/master/sniper#L1235 with
nmap -p 2049 --script=rpcinfo $TARGET

*Note in the line right below 979 the code is: https://github.com/1N3/Sn1per/blob/master/sniper#L980
nmap -A -p 135 -T5 --script=rpc $TARGET
which may already run rpcinfo so replacing line 979 may technically not be necessary but if it were not there, then the error would go away as well.

Hey,

In a recent update the loot directory initialisation has been removed changed?, this causes fresh installs to break because most of the tools don't create intermediate directories.

I suggest the loot dirs integrity is checked when sniper is initialised and that any missing loot directories are created before continuing.

Edit:
Apparently it has not been removed, but I do think it was changed. Can't find the exact commit.

To reduce noise when reinstalling (assuming the previous old primary directory has been deleted), it may be good to remove existing links in /usr/bin/ created by the old install before creating the new ones. This is especially true if you are installing Sn1per into a different directory.

ln: failed to create symbolic link ‘/usr/bin/xsstracer’: File exists
ln: failed to create symbolic link ‘/usr/bin/findsploit’: File exists
ln: failed to create symbolic link ‘/usr/bin/copysploit’: File exists
ln: failed to create symbolic link ‘/usr/bin/compilesploit’: File exists
ln: failed to create symbolic link ‘/usr/bin/massbleed’: File exists
ln: failed to create symbolic link ‘/usr/bin/brutex’: File exists

Note: I has already manually removed /usr/bin/sniper and /usr/bin/goohack before installing. S these should also be included.

I also saw the below error when reinstalling. I assume this is because one of the packages creates a loot directory, but there is a mkdir loot later in the script that causes the below.
mkdir: cannot create directory ‘loot’: File exists

Thanks again

Nice tool! So far it looks like this tool is going to quickly replace the set of scripts I built that do similar work. Good work. With that said I have some requests for features:

• Ability to conduct internal recon/scans/bruteforce.
• Split up the results of each scan/test/attack into sub directories for easier searching through organization
• Convert nmap results to all 3 formats + XLS
• Incorporate EyeWitness to screenshot web apps/RDP/VNC

Hi,
I noticed that the $TARGET variable is missing in some nmap commands. It is missing in line 840 and 1025 so far.

Hi,

I noticed that rake not installed by default in Kali.

Can we add the below to the install of provide a check/message?
gem install rake

---------------- error -------------------
/usr/bin/ruby2.1 -rubygems /usr/share/rubygems-integration/all/gems/rake-10.3.2/bin/rake RUBYARCHDIR=/var/lib/gems/2.1.0/extensions/x86_64-linux/2.1.0/unf-0.2.0.beta2 RUBYLIBDIR=/var/lib/gems/2.1.0/extensions/x86_64-linux/2.1.0/unf-0.2.0.beta2
/usr/bin/ruby2.1: No such file or directory -- /usr/share/rubygems-integration/all/gems/rake-10.3.2/bin/rake (LoadError)

rake failed, exit code 1

Thanks again for the work.

Just a quickie - How are updates handled? reinstall?

Hey,

I've noticed that the various tools you're expect different target input formats. Ping for example expects a host as target, but hydra/brutex expect target to include a protocol definition.

I'd suggest we strip the protocol from the $TARGET when it's passed into sniper, and only set the protocol when calling the tools that require it. That way we're always sure what the actual value of $TARGET is.

Hi!

Thank you for your continued support & hard work on this. 2 Small things:
I'm having a problem getting Sn1per to generate a report after it's done scanning, when looking at some videos online, it mostly generates a .txt file containing a full output of the scan.
I've tried a full Kali/Sn1per reinstall but it's still not working.
Secondly, the install.sh script should add a "chmod +x winshock.sh" since it doesn't have permission to run while running sn1per :)

Any idea what could fix the first problem though?
Thanks again!

Hi,
I just noticed that the nmap ms-sql scripts are misspelled. The scripts need the bar ( - ) in between.
nmap -A -sV -T5 --script=ms-sql* -p 1433 $TARGET

line 437 should read:
nmap -sV -p 513 --script=rlogin* $TARGET

Hello,

Is it currently possible to store all subdomains into a text file so we can use them later on?

It appears this line:
https://github.com/1N3/Sn1per/blob/master/install.sh#L69
cp $PWD/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse

is giving this result on my Kali 2017.1

"cp: cannot stat '/usr/share/sniper/plugins/bin/iis-buffer-overflow.nse': No such file or directory"

The nse file is in my bin directory but the $PWD is giving the location as /usr/share/sniper/plugins when it should be one level higher in the sniper directory...probably because of this:
https://github.com/1N3/Sn1per/blob/master/install.sh#L49
cd $PLUGINS_DIR

changing line 69 to this:

cp $INSTALL_DIR/bin/iis-buffer-overflow.nse /usr/share/nmap/scripts/iis-buffer-overflow.nse
appeared to work for me

Hi,

Looks like the execution directory is incorrect when Sn1per gets to the brute force section.
I dropped a pwd in before the sections which showed it was in the run directory. So "cd ../BruteX/ broke it".
The error seen on execution is.

############################# Running Brute Force

./sniper: line 562: cd: ../BruteX/: No such file or directory
./sniper: line 563: ./brutex: No such file or directory

############################# Running 3rd Party Extensions

./sniper: line 570: cd: Breach-Miner: No such file or directory
python: can't open file 'breachminer.py': [Errno 2] No such file or directory
./sniper: line 573: cd: yasuo: No such file or directory
ruby: No such file or directory -- yasuo.rb (LoadError)

############################# Done!

I changed the cd: ../BruteX/ to cd BruteX and it worked.

Thanks

HI,
Great tool, been using it for a while.
i know its alot to ask, but im willing to challenge you =)
i think it would be really nice if you could have Sn1per support a client-server feature, in which you will install a server that manages the tasks, and clients that retrieve tasks and executes them(much like dnmap).
currently i have managed to implement dnmap using one server and over 100 clients, which allows me much faster scan time and better stealth, i think the 2nd phase(i.e, using sn1per), would also benefit from that.
Roy

This is a great tool, but the output is really hard to parse. I understand that it's running a collection of disparate tools, and each has its own output, but what would be nice is a uniform output in something structured (xml, json, etc) so that we could use it as part of an automated process.

Is that even remotely possible?

I am using Tor+Privoxy
From some reason my Kali was freezing time by time, but specially when sniper working on "Running Web Vulnerability" after this scan it is open many tabs in browser.
After that Kali immateriality freezes .
So I just change things in ---->

1. open the dconf-editor
2. org > freedesktop > Tracker > Miner > Files
3. set up crawling interval to -2
   4.set up enable-monitors to false

after that in console : traacker-control -r
Close terminal.

So , after that I have start scanning and after few minutes when Sniper open in browser it is showed me a new Browser which is out of range of Tor and Privoxy !?

Even if my current window is open Sniper opening new browser window which is going out of Tor and Privoxy, which means if I check IP address in current window with some of link its said that I am anon.
But in the other window which NSiper is opened after scaning is my original IP address.

How this could happend and why Sniper open new browser window which bypassed Tor and Privoxy ?

I'm on Kali 2016.2 with all the latest updates.

Sn1per says "[Running Google Hacking Queries]" and then opens every link in Firefox.

This is how it does it:

1. It opens a URL in Firefox.
2. I close Firefox.
3. It opens another URL again.

Is this normal?

running: sniper ~/scanme.txt nuke report

causes: tee: /usr/share/sniper/loot/sniper-/root/scanme.txt-nuke-201705190854.txt: No such file or directory

on line https://github.com/1N3/Sn1per/blob/master/sniper#L624
replacing $TARGET with ${TARGET///} removes the slashes and allows the file to be found.

Maybe someone can come up with a more elegant solution that keeps the file structure or replaces the slash with a dot...

Probably have to do this on lines 257, 307, and 315, as well as 624.

Hello!
Sn1per have some problems when I,m using it with proxychains, does not work with it!
When I use it without tor it seems nmap is not procceding scan , because all the ports are always closed!
And when it starts hydra , i'm getting error about ssl!

Hi,

There seems to be a few critical things displayed on the screen that are not captured in any of the files.
This can obviously be reviewed in the terminal before closing it, but it would be great to preserve all the inelegance that comes out of the Sn1per in the loot directory.

eg. /Breach-Miner/Files/Results.html

The movement of the app output could be the last thing that happens in the script. Maybe even consider a full standard output save represented as a HTML to highlight the exceptions where possible.

Consider creating a directory in the loot directory which represents the Target and maybe the time/date so repeated execution doesn't overwrite old data.
This would be great if multiple targets are being assessed in one session.

Thanks
Derek

Discover scan breaks because the sort line at
https://github.com/1N3/Sn1per/blob/master/sniper#L275
(maybe?)
can't find the file it is looking for...There appears to be a problem with an underscore and a dash mismatching. I changed the underscore to a dash (or maybe the other way around) and it seemed to work but you will have to verify.

It appears discover just does a stealth scan on each ip it finds. Any chance of including an option to have it do a normal sniper scan instead? After a discover scan, if I want to do a full scan on each ip, the scans are going to repeat the tests from the stealth scan, which wastes time.

Sample Report after install.sh first run -->>

�[91m ____ �[0m
�[91m _________ / /__ ___ �[0m
�[91m / / __ \ / // __ / _ / /�[0m
�[91m ( ) / / // // // / __/ / �[0m
�[91m /// /// ./___// �[0m
�[91m // �[0m
�[0m
�[93m + -- --=[http://crowdshield.com
�[93m + -- --=[sniper v2.3 by 1N3
�[0m
�[92m + -- ----------------------------=[Running Nslookup]=------------------------ -- +�[0m
Server: 209.222.18.222
Address: 209.222.18.222#53

** server can't find http://stsolidergroup.in: NXDOMAIN

Host http://stsolidergroup.in not found: 3(NXDOMAIN)
�[92m + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +�[0m

Xprobe2 v.0.3 Copyright (c) 2002-2005 [email protected], [email protected], [email protected]

[+] Target is http://stsolidergroup.in
�[92m + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +�[0m
No whois server is known for this kind of object.
�[92m + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +�[0m

•                                                             *
  

• | || |__ ___ /\ /_ _ _ ____ _____ __| | ___ _ __ *
• | | ' \ / _ \ / /_/ / _` | '_\ \ / / _ / __| / _ \ '| *
• | || | | | __/ / __ / (| | | \ V / _/_ \ || __/ | *
• _|| ||___| / // _,|| _/ _||/____|| *

•                                                             *
  

• TheHarvester Ver. 2.7 *
• Coded by Christian Martorella *
• Edge-Security Research *
• [email protected] *

[-] Searching in Bing:
Searching 50 results...
Searching 100 results...

[+] Emails found:

No emails found

[+] Hosts found in search engines:

No hosts found
�[92m + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +�[0m

; <<>> DiG 9.10.3-P4-Debian <<>> -x http://stsolidergroup.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 15976
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;in.http://stsolidergroup.in-addr.arpa. IN PTR

;; AUTHORITY SECTION:
in-addr.arpa. 3600 IN SOA b.in-addr-servers.arpa. nstld.iana.org. 2016110956 1800 900 604800 3600

;; Query time: 683 msec
;; SERVER: 209.222.18.222#53(209.222.18.222)
;; WHEN: Sun Feb 19 08:41:53 EST 2017
;; MSG SIZE rcvd: 134

dnsenum.pl VERSION:1.2.3
�[1;34m
----- http://stsolidergroup.in -----
�[0m�[1;31m

Host's addresses:

�[0m�[1;31m

Name Servers:

�[0m�[92m + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +�[0m
�[91m
____ _ _ _ _ _____
/ | _ | | | ()| ||__ / _ __
___ | | | | '_ | | / | | | | '|
) | || | |) | | _ \ | ) | |
|/ _,|./|||/_|___/||�[0m�[93m

            # Coded By Ahmed Aboul-Ela - @aboul3la

�[91mError: Please enter a valid domain�[0m

�[91m ╔═╗╦═╗╔╦╗╔═╗╦ ╦�[0m
�[91m ║ ╠╦╝ ║ ╚═╗╠═╣�[0m
�[91m ╚═╝╩╚═ ╩o╚═╝╩ ╩�[0m
�[91m + -- ----------------------------=[Gathering Certificate Subdomains]=-------- -- +�[0m
�[94m
�[91m [+] Domains saved to: /usr/share/sniper/loot/domains/domains-http://stsolidergroup.in-full.txt
�[0m
�[92m + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +�[0m
�[92m + -- ----------------------------=[Checking Email Security]=----------------- -- +�[0m

�[92m + -- ----------------------------=[Pinging host]=---------------------------- -- +�[0m

�[92m + -- ----------------------------=[Running TCP port scan]=------------------- -- +�[0m

�[92m + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +�[0m
�[91m + -- --=[Port 21 closed... skipping.�[0m
�[91m + -- --=[Port 22 closed... skipping.�[0m
�[91m + -- --=[Port 23 closed... skipping.�[0m
�[91m + -- --=[Port 25 closed... skipping.�[0m
�[91m + -- --=[Port 53 closed... skipping.�[0m
�[91m + -- --=[Port 79 closed... skipping.�[0m
�[91m + -- --=[Port 80 closed... skipping.�[0m
�[91m + -- --=[Port 110 closed... skipping.�[0m
�[91m + -- --=[Port 111 closed... skipping.�[0m
�[91m + -- --=[Port 135 closed... skipping.�[0m
�[91m + -- --=[Port 139 closed... skipping.�[0m
�[91m + -- --=[Port 161 closed... skipping.�[0m
�[91m + -- --=[Port 162 closed... skipping.�[0m
�[91m + -- --=[Port 389 closed... skipping.�[0m
�[91m + -- --=[Port 443 closed... skipping.�[0m
�[91m + -- --=[Port 445 closed... skipping.�[0m
�[91m + -- --=[Port 512 closed... skipping.�[0m
�[91m + -- --=[Port 513 closed... skipping.�[0m
�[91m + -- --=[Port 514 closed... skipping.�[0m
�[91m + -- --=[Port 1433 closed... skipping.�[0m
�[91m + -- --=[Port 2049 closed... skipping.�[0m
�[91m + -- --=[Port 2121 closed... skipping.�[0m
�[91m + -- --=[Port 3306 closed... skipping.�[0m
�[91m + -- --=[Port 3310 closed... skipping.�[0m
�[91m + -- --=[Port 3128 closed... skipping.�[0m
�[91m + -- --=[Port 3389 closed... skipping.�[0m
�[91m + -- --=[Port 3632 closed... skipping.�[0m
�[91m + -- --=[Port 4443 closed... skipping.�[0m
�[91m + -- --=[Port 5432 closed... skipping.�[0m
�[91m + -- --=[Port 5800 closed... skipping.�[0m
�[91m + -- --=[Port 5900 closed... skipping.�[0m
�[91m + -- --=[Port 5984 closed... skipping.�[0m
�[91m + -- --=[Port 6000 closed... skipping.�[0m
�[91m + -- --=[Port 6667 closed... skipping.�[0m
�[91m + -- --=[Port 8000 closed... skipping.�[0m
�[91m + -- --=[Port 8100 closed... skipping.�[0m
�[91m + -- --=[Port 8080 closed... skipping.�[0m
�[91m + -- --=[Port 8180 closed... skipping.�[0m
�[91m + -- --=[Port 8443 closed... skipping.�[0m
�[91m + -- --=[Port 8888 closed... skipping.�[0m
�[91m + -- --=[Port 10000 closed... skipping.�[0m
�[91m + -- --=[Port 27017 closed... skipping.�[0m
�[91m + -- --=[Port 27018 closed... skipping.�[0m
�[91m + -- --=[Port 27019 closed... skipping.�[0m
�[91m + -- --=[Port 28017 closed... skipping.�[0m
�[91m + -- --=[Port 49152 closed... skipping.�[0m
�[92m + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +�[0m
#########################################################################################
oooooo oooo .o. .oooooo..o ooooo ooo .oooooo.
888. .8' .888. d8P' Y8 888' 8' d8P' Y8b 888. .8' .88888. Y88bo. 888 8 888 888
888.8' .8' 888. ZY8888o. 888 8 888 888 888' .88ooo8888. 0Y88b 888 8 888 888 888 .8' 888. oo .d8P 88. .8' 88b d88'
o888o o88o o8888o 88888888P' YbodP' Y8bood8P'
Welcome to Yasuo v2.3
Author: Saurabh Harit (@0xsauby) | Contribution & Coolness: Stephen Hall (@logicalsec)
#########################################################################################

I, [2017-02-19T08:42:00.134434 #12184] INFO -- : Initiating port scan
I, [2017-02-19T08:42:00.536569 #12184] INFO -- : Using nmap scan output file logs/nmap_output_2017-02-19_08-42-00.xml
�[92m + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +�[0m
�[92m + -- ----------------------------=[Running Brute Force]=--------------------- -- +�[0m
�[91m __________ __ ____ �[0m
�[91m ___ _______ __ / | ____ \ / /�[0m
�[91m | | /_ __ \ | \ / __ \ \ / �[0m
�[91m | | \ | | / | /| | \ / / \ �[0m
�[91m | / || |_/ || _ >/\ \ �[0m
�[91m / / _/�[0m

�[91m + -- --=[BruteX v1.5 by 1N3�[0m
�[91m + -- --=[http://crowdshield.com�[0m

�[92m################################### Running Port Scan ##############################�[0m

�[92m################################### Running Brute Force ############################�[0m

�[91m + -- --=[Port 21 closed... skipping.�[0m
�[91m + -- --=[Port 22 closed... skipping.�[0m
�[91m + -- --=[Port 23 closed... skipping.�[0m
�[91m + -- --=[Port 25 closed... skipping.�[0m
�[91m + -- --=[Port 80 closed... skipping.�[0m
�[91m + -- --=[Port 110 closed... skipping.�[0m
�[91m + -- --=[Port 139 closed... skipping.�[0m
�[91m + -- --=[Port 162 closed... skipping.�[0m
�[91m + -- --=[Port 389 closed... skipping.�[0m
�[91m + -- --=[Port 443 closed... skipping.�[0m
�[91m + -- --=[Port 445 closed... skipping.�[0m
�[91m + -- --=[Port 512 closed... skipping.�[0m
�[91m + -- --=[Port 513 closed... skipping.�[0m
�[91m + -- --=[Port 514 closed... skipping.�[0m
�[91m + -- --=[Port 993 closed... skipping.�[0m
�[91m + -- --=[Port 1433 closed... skipping.�[0m
�[91m + -- --=[Port 1521 closed... skipping.�[0m
�[91m + -- --=[Port 3306 closed... skipping.�[0m
�[91m + -- --=[Port 3389 closed... skipping.�[0m
�[91m + -- --=[Port 5432 closed... skipping.�[0m
�[91m + -- --=[Port 5900 closed... skipping.�[0m
�[91m + -- --=[Port 5901 closed... skipping.�[0m
�[91m + -- --=[Port 8000 closed... skipping.�[0m
�[91m + -- --=[Port 8080 closed... skipping.�[0m
�[91m + -- --=[Port 8100 closed... skipping.�[0m
�[91m + -- --=[Port 6667 closed... skipping.�[0m

�[92m################################### Brute Forcing DNS ###############################�[0m
dnsenum.pl VERSION:1.2.3
�[1;34m
----- http://stsolidergroup.in -----
�[0m�[1;31m

Host's addresses:

�[0m�[1;31m

Name Servers:

�[0m
�[92m################################### Done! ###########################################�[0m

�[92m + -- ----------------------------=[Done]=------------------------------------ -- +�[0m

I was thinking that this could be considered as a option from the Sn1per execution point.
Just use what you have i.e target and other available data from the output of the other apps.

Don't stress... its come together really well. 8-)

Thanks
Derek

After install massbleed is not executable so the below error is seen when Sn1per is run

  ./sniper: line 296: ./massbleed: Permission denied

This seems to work.
chmod +x MassBleed/massbleed

Thanks

sniper is messing up the internet connection

Prior to the below line, the terminal output is reset, preventing the review of any information unless stored or output is piped to a file.

echo -e "$OKGREEN################################### Launching 3rd Party Modules ########################$RESET"

Thanks
Derek

Pip install of arachni on Kali 2017.1 threw this error:
"Could not find a version that satisfies the requirement arachni (from versions: )
No matching distribution found for arachni"

I installed arachni with:
apt-get install arachni

Kali Linux 2: updated
Sn1per: fresh release

• -- --=[Port 162 opened... running tests...
  cat: BruteX/wordlists/snmp-community-strings.txt: No such file or directory

Could not find a version that satisfies the requirement arachni (from versions: )
No matching distribution found for arachni

Distribution directory is incorrect

Hey Mate,

Using the "nobrute report" option the script fails. You are presented with the following errors. Obviously the nmap does not run, thus finding no ports and the rest of the script exits without completion.

`Running the "nobrute" option without the "report" - Everything works as per expected.

`################################### Running port scan ##############################

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-24 05:26 EDT
Found no matches for the service mask 'report' and your specified protocols
QUITTING!

Starting Nmap 7.12 ( https://nmap.org ) at 2016-04-24 05:26 EDT
Found no matches for the service mask 'report' and your specified protocols
QUITTING!

################################### Running Intrusive Scans ########################
################################## Skipping Brute Force ############################
################################### Done!`

Looking into the code, it appears you may be missing the following entry for the "nobrute" option/mode.

**if [ "$OPT1" = "report" ]; then**
./sniper $TARGET $MODE | tee ./loot/sniper-$MODE-`date +%Y%m%d%H%M`.txt 2>&1

E unable to locate package theHarvester

After doing this in terminal i receive the error but still the installation completed:

sudo su
git clone https://github.com/1N3/Sn1per.git
cd Sn1per
chmod +x install.sh
./install.sh
y

I think this has something to do with "theharvester" being installed by default in Kali Linux

PS: I am using the new Kali_ Rolling Repository in my sources.list and not the OLD Kali-Sana Repository

I found that hexdump is missing in the docker image, I suggest to add bsdmainutils into the dockerfile. Also I added rm -rf /var/lib/apt/lists/* at the end of the install.

There is also an issue with files being written in /usr/share/sniper/loot/ , that should be mounted at runtime to a persistent local folder, if not the image will erase itself at the end. (--rm). And I think it would be better if the entrypoint is sniper itself. that way it could be called as:

docker run --rm -v $HOME/sniper/loot/:/usr/share/sniper/loot/ -ti menzo/sn1per-docker DOMAIN

(-v to mount a local directory)

and the dockerfile:

FROM ubuntu:16.04
MAINTAINER [email protected]

ENV LC_ALL C.UTF-8
ENV INSTALL_DIR /usr/share/sniper
ENV LOOT_DIR /usr/share/sniper/loot
ENV PLUGINS_DIR /usr/share/sniper/plugins

RUN echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" >> /etc/apt/sources.list.d/kali.sources.list && \
	gpg --keyserver pgpkeys.mit.edu --recv-key  ED444FF07D8D0BF6 && \
	gpg -a --export ED444FF07D8D0BF6 | apt-key add -
RUN apt-get update && apt-get install -y \
	ruby \
	rubygems \
	python \
	dos2unix \
	zenmap \
	sslyze \
	uniscan \
	xprobe2 \
	cutycapt \
	unicornscan \
	waffit \
	host \
	whois \
	dirb \
	dnsrecon \
	curl \
	nmap \
	php \
	php-curl \
	hydra \
	iceweasel \
	wpscan \
	sqlmap \
	nbtscan \
	enum4linux \
	cisco-torch \
	metasploit-framework \
	theharvester \
	dnsenum \
	nikto \
	smtp-user-enum \
	whatweb \
	dnsutils \
	sslscan \
	amap \
	arachni \
        bsdmainutils \
	&& apt-get clean && \
        rm -rf /var/lib/apt/lists/* && \
	mv /usr/bin/python /usr/bin/python.unknown && \
	ln -s /usr/bin/python2.7 /usr/bin/python && \
	curl https://bootstrap.pypa.io/get-pip.py | python && \
	gem install  \
		mechanize \
		bcrypt \
		net-http-persistent \
		rake \
		ruby-nmap \
		text-table && \
	pip install  \
		colorama \
		dnspython \
		ipaddress \
		tldextract \
		urllib3 && \
	git clone https://github.com/1N3/Sn1per.git && \
	cd Sn1per && \
	/bin/bash ./install.sh && \
	echo Cleaning up package index && \
	apt-get clean && \
	echo Image creation complete

CMD /usr/bin/sniper

Great tool!

Saw the shodan command, but nothing related to it install. It needs to be installed manually by the user via:

easy_install shodan
shodan init <api key>

We can add "easy_install shodan" into install.sh , but the user will manually need to register and get an api key for shodan init if they don't have it already.

Might be worth mentioning this in the readme, or show an error advising to do the above in sniper after the command fails.

It would be better tho enhance the install script to be able to make a full install also on ubuntu.

As of not this is what happens:

E: Unable to locate package sslyze
E: Unable to locate package uniscan
E: Unable to locate package unicornscan
E: Unable to locate package waffit
E: Unable to locate package dirb
E: Unable to locate package dnsrecon
E: Unable to locate package wpscan
E: Unable to locate package enum4linux
E: Unable to locate package cisco-torch
E: Unable to locate package metasploit-framework
E: Unable to locate package theharvester
E: Unable to locate package dnsenum
E: Unable to locate package smtp-user-enum
E: Unable to locate package amap

Oviously the packages can be installed one by one.. but since Sn1per is an automated script I think it should consider this.

My 2c.

on kali linux "theHarvester" can not be found , but "theharvester" is
It can be easily solved , but thought it will be ok if i told you

After install SuperMicro-Password-Scanner is not executable so the below error is seen when Sn1per is run "Permission Denied"

This seems to work as a fix,

chmod +x SuperMicro-Password-Scanner/supermicro_scan.sh

I have submitted a code change to you

Thanks

while I installed and run command
sniper ly.com

 + -- ----------------------------=[Running TCP port scan]=------------------- -- +
Failed to open XML output file loot/sudo for writing
QUITTING!
 + -- ----------------------------=[Running UDP port scan]=------------------- -- +

Starting Nmap 7.01 ( https://nmap.org ) at 2016-06-20 14:04 EDT
WARNING: a TCP scan type was requested, but no tcp ports were specified.  Skipping this scan type.
Nmap done: 1 IP address (1 host up) scanned in 0.22 seconds

 + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
grep: loot/sudo: No such file or directory
grep: nmap-ly.com.xml: No such file or directory
grep: loot/sudo: No such file or directory
grep: nmap-ly.com.xml: No such file or directory
grep: loot/sudo: No such file or directory
grep: nmap-ly.com.xml: No such file or directory
grep: loot/sudo: No such file or directory
grep: nmap-ly.com.xml: No such file or directory
grep: loot/sudo: No such file or directory
...

+ -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
./sniper: line 1097 :cd: yasuo: No such file or directory
ruby: No such file or directory -- yasuo.rb (LoadError)
 + -- ----------------------------=[Skipping Brute Force]=-------------------- -- +
./sniper:line 1113 : ./sniper: No such file or directory
 + -- ----------------------------=[Done]=------------------------------------ -- +

Should be:
if [ -z "$port_1524" ]

Since you are scanning 1524 with amap

When running Sn1per from root I get the following with XML error... (IP Removed)

root:~# sniper /usr/share/sniper/loot/dvrsvr.txt airstrike

Bomb raid (contributed by Michael aka [email protected])

• -- --=[Launching airstrike: ...*
• -- ----------------------------=[Running Nslookup]=------------------------ -- +
  Server: ...*
  Address: ...*

Non-authoritative answer:
....n-addr.arpa name = static-**..**..net

Authoritative answers can be found from:

....in-addr.arpa domain name pointer static-**..**..net

• -- ----------------------------=[Running port scan]=------------------- -- +
  Failed to open XML output file /usr/share/sniper/loot/nmap/nmap-....xml for writing
  QUITTING!
  grep: /usr/share/sniper/loot/nmap/nmap-**....xml: No such file or directory
  grep: /usr/share/sniper/loot/nmap/nmap-..*..xml: No such file or directory
• -- --=[Port 80 closed... skipping.
• -- --=[Port 443 closed... skipping.
• -- ----------------------------=[Done!]=-----------------

i run it on ubuntu 16.04

oot@ubuntu:~/Sn1per# ./sniper google.com
                ____               
    _________  /  _/___  ___  _____
   / ___/ __ \ / // __ \/ _ \/ ___/
  (__  ) / / // // /_/ /  __/ /    
 /____/_/ /_/___/ .___/\___/_/     
               /_/                 

 + -- --=[http://crowdshield.com
 + -- --=[sn1per v2.0 by 1N3

 + -- ----------------------------=[Running Nslookup]=------------------------ -- +
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.16.174

google.com has address 172.217.16.174
google.com has IPv6 address 2a00:1450:4001:814::200e
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
 + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
./sniper: line 533: xprobe2: command not found
 + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
./sniper: line 537: whois: command not found
 + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
 + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41192
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;com.google.in-addr.arpa.       IN      PTR

;; AUTHORITY SECTION:
in-addr.arpa.           55      IN      SOA     b.in-addr-servers.arpa. nstld.iana.org. 2015074887 1800 900 604800 3600

;; Query time: 8 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 28 17:42:41 UTC 2016
;; MSG SIZE  rcvd: 120

./sniper: line 542: dnsenum: command not found
 + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
 + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
 + -- ----------------------------=[Checking Email Security]=----------------- -- +

 + -- ----------------------------=[Pinging host]=---------------------------- -- +
PING google.com (172.217.16.174) 56(84) bytes of data.
64 bytes from fra15s11-in-f14.1e100.net (172.217.16.174): icmp_seq=1 ttl=58 time=0.815 ms

--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.815/0.815/0.815/0.000 ms

 + -- ----------------------------=[Running TCP port scan]=------------------- -- +
Failed to open XML output file /usr/share/sniper/loot/nmap/nmap-google.com.xml for writing
QUITTING!
 + -- ----------------------------=[Running UDP port scan]=------------------- -- +

Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-28 17:42 UTC
Nmap scan report for google.com (172.217.16.174)
Host is up (0.00080s latency).
Other addresses for google.com (not scanned): 2a00:1450:4001:814::200e
rDNS record for 172.217.16.174: fra15s11-in-f14.1e100.net
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
88/udp   open|filtered kerberos-sec
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds
Failed to start postgresql.service: Unit postgresql.service not found.

 + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
 + -- --=[Port 21 closed... skipping.
 + -- --=[Port 22 closed... skipping.
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 53 closed... skipping.
 + -- --=[Port 79 closed... skipping.
 + -- --=[Port 80 closed... skipping.
 + -- --=[Port 110 closed... skipping.
 + -- --=[Port 111 closed... skipping.
 + -- --=[Port 135 closed... skipping.
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 161 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 closed... skipping.
 + -- --=[Port 445 closed... skipping.
 + -- --=[Port 512 closed... skipping.
 + -- --=[Port 513 closed... skipping.
 + -- --=[Port 514 closed... skipping.
 + -- --=[Port 1433 closed... skipping.
 + -- --=[Port 2049 closed... skipping.
 + -- --=[Port 2121 closed... skipping.
 + -- --=[Port 3306 closed... skipping.
 + -- --=[Port 3310 closed... skipping.
 + -- --=[Port 3128 closed... skipping.
 + -- --=[Port 3389 closed... skipping.
 + -- --=[Port 3632 closed... skipping.
 + -- --=[Port 4443 closed... skipping.
 + -- --=[Port 5432 closed... skipping.
 + -- --=[Port 5800 closed... skipping.
 + -- --=[Port 5900 closed... skipping.
 + -- --=[Port 6000 closed... skipping.
 + -- --=[Port 6667 closed... skipping.
 + -- --=[Port 8000 closed... skipping.
 + -- --=[Port 8100 closed... skipping.
 + -- --=[Port 8080 closed... skipping.
 + -- --=[Port 8180 closed... skipping.
 + -- --=[Port 8443 closed... skipping.
 + -- --=[Port 8888 closed... skipping.
 + -- --=[Port 10000 closed... skipping.
 + -- --=[Port 49152 closed... skipping.
 + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
/usr/lib/ruby/2.3.0/rubygems/specification.rb:2286:in `raise_if_conflicts': Unable to activate mechanize-2.7.5, because net-http-persistent-3.0.0 conflicts with net-http-persistent (>= 2.5.2, ~> 2.5) (Gem::ConflictError)
        from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1407:in `activate'
        from /usr/lib/ruby/2.3.0/rubygems.rb:196:in `rescue in try_activate'
        from /usr/lib/ruby/2.3.0/rubygems.rb:193:in `try_activate'
        from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:125:in `rescue in require'
        from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:40:in `require'
        from /usr/share/sniper/plugins/yasuo/formloginbrute.rb:1:in `<top (required)>'
        from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
        from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
        from yasuo.rb:35:in `<main>'
 + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +
Failed to open XML output file /usr/share/sniper/loot/nmap/nmap-google.com.xml for writing
QUITTING!
 + -- ----------------------------=[Running Brute Force]=--------------------- -- +
 __________                __         ____  ___
 \______   \_______ __ ___/  |_  ____ \   \/  /
  |    |  _/\_  __ \  |  \   __\/ __ \ \     / 
  |    |   \ |  | \/  |  /|  | \  ___/ /     \ 
  |______  / |__|  |____/ |__|  \___  >___/\  \ 
         \/                         \/      \_/

 + -- --=[BruteX v1.5 by 1N3
 + -- --=[http://crowdshield.com


################################### Running Port Scan ##############################

Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-28 17:42 UTC
Nmap scan report for google.com (172.217.16.174)
Host is up (0.00084s latency).
Other addresses for google.com (not scanned): 2a00:1450:4001:814::200e
rDNS record for 172.217.16.174: fra15s11-in-f14.1e100.net
Not shown: 24 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds

################################### Running Brute Force ############################

 + -- --=[Port 21 closed... skipping.
 + -- --=[Port 22 closed... skipping.
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 80 opened... running tests...
Hydra v8.4-dev (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-10-28 17:42:46
[DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
[DATA] attacking service http-get on port 80
[80][http-get] host: google.com   login: admin   password: admin
[STATUS] attack finished for google.com (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-10-28 17:42:46
 + -- --=[Port 110 closed... skipping.
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 opened... running tests...
Hydra v8.4-dev (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-10-28 17:42:46
[DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
[DATA] attacking service http-get on port 443 with SSL
[443][http-get] host: google.com   login: admin   password: admin
[STATUS] attack finished for google.com (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-10-28 17:42:47
 + -- --=[Port 445 closed... skipping.
 + -- --=[Port 512 closed... skipping.
 + -- --=[Port 513 closed... skipping.
 + -- --=[Port 514 closed... skipping.
 + -- --=[Port 993 closed... skipping.
 + -- --=[Port 1433 closed... skipping.
 + -- --=[Port 1521 closed... skipping.
 + -- --=[Port 3306 closed... skipping.
 + -- --=[Port 3389 closed... skipping.
 + -- --=[Port 5432 closed... skipping.
 + -- --=[Port 5900 closed... skipping.
 + -- --=[Port 5901 closed... skipping.
 + -- --=[Port 8000 closed... skipping.
 + -- --=[Port 8080 closed... skipping.
 + -- --=[Port 8100 closed... skipping.
 + -- --=[Port 6667 closed... skipping.

################################### Brute Forcing DNS ###############################
/usr/bin/brutex: line 317: dnsenum: command not found

################################### Done! ###########################################

 + -- --=[Sorting loot directory (/usr/share/sniper/loot)
 + -- --=[Generating reports...
 + -- ----------------------------=[Done]=------------------------------------ -- +
root@ubuntu:~/Sn1per# 

Add to you project the https://github.com/urbanadventurer/WhatWeb reports.
is a good idea, I already did something like

Would it be possible to consider adding some of the optional app extensions/optional parameters to the command line over the time?

eg.
1/ override defaults for the harvester to -l 1000 -b all -h -v -n -c -t

• without modifying the run script.
  2/ sqlmap injection difficulty and enumeration
  3/ perhaps consider installing and using lynx if html file output is used to display consolidated results.
• less important, but useful if only a remote shell (non graphical) is available during an engagement.

Thanks
Derek

Hey,

Have you thought about implementing https://github.com/superkojiman/onetwopunch

This would decrease scan time

Thanks,