Sn1per by @sn1persecurity - https://sn1persecurity.com

CHANGELOG.md

@@ -367,7 +367,7 @@
 * v5.1 - Added dnscan to install.sh and updated sniper references which were broken
 * v5.1 - Changed default brute force list for dnscan to improve performance of scans
 * v5.1 - Removed CloudHunter and SubOver references (CC. 爱上平顶山)
-* v5.0 - Added Sn1per Pro reporting interface (see https://xerosecurity.com for more details)
+* v5.0 - Added Sn1per Pro reporting interface (see https://sn1persecurity.com for more details)
 * v5.0 - Added GPON Router RCE auto exploit 
 * v5.0 - Added Cloudapp.net Azure subdomain takeover check
 * v5.0 - Added Cisco ASA Directory Traversal auto exploit (CVE-2018-0296)

Dockerfile

@@ -4,9 +4,9 @@ LABEL org.label-schema.name='Sn1per - Kali Linux' \
     org.label-schema.description='Automated pentest framework for offensive security experts' \
     org.label-schema.usage='https://github.com/1N3/Sn1per' \
     org.label-schema.url='https://github.com/1N3/Sn1per' \
-    org.label-schema.vendor='https://xerosecurity.com' \
+    org.label-schema.vendor='https://sn1persecurity.com' \
     org.label-schema.schema-version='1.0' \
-    org.label-schema.docker.cmd.devel='docker run --rm -ti xerosecurity/sniper' \
+    org.label-schema.docker.cmd.devel='docker run --rm -ti sn1persecurity/sniper' \
     MAINTAINER="@xer0dayz"
 
 RUN echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" > /etc/apt/sources.list && \

LICENSE.md

@@ -1,2 +1,2 @@
 ## LICENSE:
-Sn1per Community Edition is free to distribute, modify and use with the condition that credit is provided to the creator (@xer0dayz) and @XeroSecurity and is not for commercial use. For professional use, a Sn1per Professional or Enterprise license must be purchased at https://xerosecurity.com.
+Sn1per Community Edition is free to distribute, modify and use with the condition that credit is provided to the creator (@xer0dayz) and @Sn1perSecurity and is not for commercial use. For professional use, a Sn1per Professional or Enterprise license must be purchased at https://sn1persecurity.com.

README.md

@@ -1,4 +1,4 @@
-[![XeroSecurity](https://xerosecurity.com/images/Sn1per-Professional-Elite-Bundle.png)](https://xerosecurity.com)
+[![Sn1perSecurity](https://sn1persecurity.com/images/Sn1per-Professional-Elite-Bundle.png)](https://sn1persecurity.com)
 
 [![GitHub release](https://img.shields.io/github/release/1N3/Sn1per.svg)](https://github.com/1N3/Sn1per/releases)
 [![GitHub issues](https://img.shields.io/github/issues/1N3/Sn1per.svg)](https://github.com/1N3/Sn1per/issues)
@@ -8,12 +8,12 @@
 [![Follow on Twitter](https://img.shields.io/twitter/follow/xer0dayz.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=xer0dayz)
 
 ## ABOUT:
-Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional. For more information, go to https://xerosecurity.com.
+Discover the attack surface and prioritize risks with our continuous Attack Surface Management (ASM) platform - Sn1per Professional. For more information, go to https://sn1persecurity.com.
 
-[![](https://xerosecurity.com/images/xerosecurity-sn1per1b.PNG)](https://xerosecurity.com/)
-[![](https://xerosecurity.com/images/xerosecurity-sn1per3.PNG)](https://www.youtube.com/watch?v=Fyi8eLm-5x8)
-[![](https://xerosecurity.com/images/xerosecurity-sn1per5.PNG)](https://xerosecurity.com/)
-[![](https://xerosecurity.com/images/xerosecurity-sn1per6.PNG)](https://xerosecurity.com/)
+[![](https://sn1persecurity.com/images/sn1persecurity-sn1per1b.PNG)](https://sn1persecurity.com/)
+[![](https://sn1persecurity.com/images/sn1persecurity-sn1per3.PNG)](https://www.youtube.com/watch?v=Fyi8eLm-5x8)
+[![](https://sn1persecurity.com/images/sn1persecurity-sn1per5.PNG)](https://sn1persecurity.com/)
+[![](https://sn1persecurity.com/images/sn1persecurity-sn1per6.PNG)](https://sn1persecurity.com/)
 
 ## FEATURES:
 
@@ -81,7 +81,7 @@ bash install.sh
 ```
 
 ## DOCKER INSTALL:
-[![](https://xerosecurity.com/images/docker-logo.png)](https://hub.docker.com/r/xerosecurity/sn1per)
+[![](https://sn1persecurity.com/images/docker-logo.png)](https://hub.docker.com/r/sn1persecurity/sn1per)
 
 From a new Docker console, run the following commands.
 ```
@@ -91,8 +91,8 @@ docker run -it sn1per /bin/bash
 
 or 
 
-docker pull xerosecurity/sn1per
-docker run -it xerosecurity/sn1per /bin/bash
+docker pull sn1persecurity/sn1per
+docker run -it sn1persecurity/sn1per /bin/bash
 ```
 
 ## USAGE:
@@ -225,15 +225,15 @@ sniper -u|--update
 - [x] WPScan API integration (https://github.com/1N3/Sn1per/wiki/WPScan-API-Integration)
 
 ## LICENSE:
-This software is free to distribute and use with the condition that credit is provided to the creator (@xer0dayz @XeroSecurity), is not renamed and is not for commercial use or resold and rebranded. Permission to distribute any part of the code for sale is strictly prohibited.
+This software is free to distribute and use with the condition that credit is provided to the creator (@xer0dayz @Sn1perSecurity), is not renamed and is not for commercial use or resold and rebranded. Permission to distribute any part of the code for sale is strictly prohibited.
 
 ## LEGAL DISCLAIMER:
-You may not rent or lease, distribute, modify, sell or transfer the software to a third party. Sn1per Community is free for distribution, and modification with the condition that credit is provided to the creator and not used for commercial use. You may not use software for illegal or nefarious purposes. No liability for consequential damages to the maximum extent permitted by all applicable laws. In no event shall XeroSecurity or any person be liable for any consequential, reliance, incidental, special, direct or indirect damages whatsoever (including without limitation, damages for loss of business profits, business interruption, loss of business information, personal injury, or any other loss) arising out of or in connection with the use or inability to use this product, even if XeroSecurity has been advised of the possibility of such damages.
+You may not rent or lease, distribute, modify, sell or transfer the software to a third party. Sn1per Community is free for distribution, and modification with the condition that credit is provided to the creator and not used for commercial use. You may not use software for illegal or nefarious purposes. No liability for consequential damages to the maximum extent permitted by all applicable laws. In no event shall Sn1perSecurity or any person be liable for any consequential, reliance, incidental, special, direct or indirect damages whatsoever (including without limitation, damages for loss of business profits, business interruption, loss of business information, personal injury, or any other loss) arising out of or in connection with the use or inability to use this product, even if Sn1perSecurity has been advised of the possibility of such damages.
 
 ## COPYRIGHT:
-The software code and logos are owned by XeroSecurity and protected by United States copyright and/or patent laws of international treaty provisions. All rights reserved.
+The software code and logos are owned by Sn1perSecurity and protected by United States copyright and/or patent laws of international treaty provisions. All rights reserved.
 
 ## PURCHASE SN1PER PROFESSIONAL:
-To obtain a Sn1per Professional license, go to https://xerosecurity.com.
+To obtain a Sn1per Professional license, go to https://sn1persecurity.com.
 
 Attack Surface Management (ASM) | Continuous Attack Surface Testing (CAST) | Attack Surface Software | Attack Surface Platform | Continuous Automated Red Teaming (CART) |  Vulnerability & Attack Surface Management | Red Team | Threat Intel | Application Security | Cybersecurity | IT Asset Discovery | Automated Penetration Testing | Hacking Tools | Recon Tool | Bug Bounty Tool | Vulnerability Scanner | Attack Surface Analysis | Attack Surface Reduction | Attack Surface Detector | Attack Surface Monitoring | Attack Surface Review | Attack Surface Discovery | Digital Threat Management | Risk Assessment | Threat Remediation | Offensive Security Framework | Automated Penetration Testing Framework | External Threat Management | Internal IT Asset Discovery | Security Orchestration and Automation (SOAR)

bin/http-default-accounts-fingerprints-nndefaccts.lua

@@ -9879,7 +9879,7 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (var.1)",
+  name = "Sn1perx CentreWare (var.1)",
   category = "printer",
   paths = {
     {path = "/"}
@@ -9900,15 +9900,15 @@ table.insert(fingerprints, {
                   webPassword=pass,
                   frmaltDomain="default"}
     local resp = http_post_simple(host, port,
-                                 url.absolute(path, "userpost/xerox.set"),
+                                 url.absolute(path, "userpost/sn1perx.set"),
                                  nil, form)
     return resp.status == 200
            and (resp.body or ""):find("%Wwindow%.opener%.top%.location%s*=%s*window%.opener%.top%.location%.pathname%s*;")
   end
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (var.2)",
+  name = "Sn1perx CentreWare (var.2)",
   category = "printer",
   paths = {
     {path = "/"}
@@ -9939,7 +9939,7 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (basic auth)",
+  name = "Sn1perx CentreWare (basic auth)",
   category = "printer",
   paths = {
     {path = "/"}
@@ -9957,7 +9957,7 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (basic auth var.1)",
+  name = "Sn1perx CentreWare (basic auth var.1)",
   category = "printer",
   paths = {
     {path = "/"}
@@ -9985,7 +9985,7 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (basic auth var.2)",
+  name = "Sn1perx CentreWare (basic auth var.2)",
   category = "printer",
   paths = {
     {path = "/"}
@@ -10008,7 +10008,7 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (basic auth var.3)",
+  name = "Sn1perx CentreWare (basic auth var.3)",
   category = "printer",
   paths = {
     {path = "/"}
@@ -10021,8 +10021,8 @@ table.insert(fingerprints, {
     local resp = http_get_simple(host, port, url.absolute(path, "home.html"))
     return resp.status == 200
            and resp.body
-           and resp.body:find("Xerox", 1, true)
-           and resp.body:lower():find("<title>[^<]-%f[%w]xerox%f[%W]")
+           and resp.body:find("Sn1perx", 1, true)
+           and resp.body:lower():find("<title>[^<]-%f[%w]sn1perx%f[%W]")
   end,
   login_combos = {
     {username = "admin", password = "1111"}
@@ -10035,15 +10035,15 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (basic auth var.4)",
+  name = "Sn1perx CentreWare (basic auth var.4)",
   category = "printer",
   paths = {
     {path = "/"}
   },
   target_check = function (host, port, path, response)
     return response.status == 200
            and response.body
-           and response.body:find("Xerox", 1, true)
+           and response.body:find("Sn1perx", 1, true)
            and response.body:find("/status/statusAlerts.dhtml", 1, true)
            and response.body:find("/tabsFrame.dhtml", 1, true)
            and get_tag(response.body, "frame", {src="/tabsframe%.dhtml$"})
@@ -10059,7 +10059,7 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (basic auth var.5)",
+  name = "Sn1perx CentreWare (basic auth var.5)",
   category = "printer",
   paths = {
     {path = "/"}
@@ -10068,7 +10068,7 @@ table.insert(fingerprints, {
     return response.status == 200
            and not response.header["server"]
            and response.body
-           and response.body:find("Xerox", 1, true)
+           and response.body:find("Sn1perx", 1, true)
            and response.body:find("/js/deviceStatus.dhtml", 1, true)
            and response.body:find("/tabsFrame.dhtml", 1, true)
            and get_tag(response.body, "frame", {src="/tabsframe%.dhtml$"})
@@ -10084,16 +10084,16 @@ table.insert(fingerprints, {
 })
 
 table.insert(fingerprints, {
-  name = "Xerox CentreWare (basic auth var.6)",
+  name = "Sn1perx CentreWare (basic auth var.6)",
   category = "printer",
   paths = {
     {path = "/"}
   },
   target_check = function (host, port, path, response)
     return response.status == 200
-           and (response.header["server"] or ""):find("^Xerox_MicroServer")
+           and (response.header["server"] or ""):find("^Sn1perx_MicroServer")
            and response.body
-           and response.body:find("Xerox", 1, true)
+           and response.body:find("Sn1perx", 1, true)
            and response.body:find("/js/deviceStatus.dhtml", 1, true)
            and response.body:find("/tabsFrame.dhtml", 1, true)
            and get_tag(response.body, "frame", {src="/tabsframe%.dhtml$"})

bin/slack.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Slack API Integration script for Sn1per
-# By @xer0dayz - https://xerosecurity.com
+# By @xer0dayz - https://sn1persecurity.com
 #
 
 source /usr/share/sniper/sniper.conf 2> /dev/null

conf/default

@@ -20,7 +20,7 @@ REPORT="1"
 LOOT="1"
 
 # OUT OF SCOPE
-OUT_OF_SCOPE=("www.xerosecurity.com" "xerosecurity.com" "*.xerosecurity.com")
+OUT_OF_SCOPE=("www.sn1persecurity.com" "sn1persecurity.com" "*.sn1persecurity.com")
 
 # SN1PER PROFESSIONAL SETTINGS
 SNIPER_PRO_CONSOLE_OUTPUT="0"

install.sh

@@ -1,6 +1,6 @@
 #!/bin/bash
 # Install script for sn1per
-# Created by @xer0dayz - https://xerosecurity.com
+# Created by @xer0dayz - https://sn1persecurity.com
 
 OKBLUE='\033[94m'
 OKRED='\033[91m'
@@ -15,7 +15,7 @@ echo -e "$OKRED  (__  ) / / // // /_/ /  __/ /    $RESET"
 echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/     $RESET"
 echo -e "$OKRED               /_/                 $RESET"
 echo -e "$RESET"
-echo -e "$OKORANGE + -- --=[ https://xerosecurity.com $RESET"
+echo -e "$OKORANGE + -- --=[ https://sn1persecurity.com $RESET"
 echo -e "$OKORANGE + -- --=[ Sn1per by @xer0dayz $RESET"
 echo ""
 
@@ -35,9 +35,8 @@ if [[ $EUID -ne 0 ]]; then
 fi
 
 mkdir -p $INSTALL_DIR 2> /dev/null
-chmod 777 -Rf $INSTALL_DIR 2> /dev/null
+chmod 755 -Rf $INSTALL_DIR 2> /dev/null
 chown root $INSTALL_DIR/sniper 2> /dev/null
-chmod 4777 $INSTALL_DIR/sniper 2> /dev/null
 mkdir -p $LOOT_DIR 2> /dev/null
 mkdir $LOOT_DIR/domains 2> /dev/null
 mkdir $LOOT_DIR/screenshots 2> /dev/null

modes/airstrike.sh

@@ -61,9 +61,9 @@ if [[ "$MODE" = "airstrike" ]]; then
       if [[ ! -z "$WORKSPACE_DIR" ]]; then
         echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null
         echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/$TARGET-$MODE.txt
-        echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
+        echo "[sn1persecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
         if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
-          /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
+          /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Started Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
         fi
         sniper $args | tee $WORKSPACE_DIR/output/sniper-$TARGET-$MODE-`date +"%Y%m%d%H%M"`.txt 2>&1
       else
@@ -74,9 +74,9 @@ if [[ "$MODE" = "airstrike" ]]; then
       args=""
     done
   fi
-  echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
+  echo "[sn1persecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
   if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
-    /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
+    /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Finished Sn1per scan: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
   fi
   if [[ "$LOOT" = "1" ]]; then
     loot

modes/bruteforce.sh

@@ -4,9 +4,9 @@ if [[ "$AUTO_BRUTE" = "1" ]]; then
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
   echo -e "$OKRED RUNNING BRUTE FORCE $RESET"
   echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
-  echo "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
+  echo "[sn1persecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
   if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
-    /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
+    /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Started Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
   fi
   brutex $TARGET | tee $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null
   sed -r "s/\x1B\[([0-9]{1,2}(;[0-9]{1,2})?)?[mGK]//g" $LOOT_DIR/credentials/brutex-$TARGET 2> /dev/null > $LOOT_DIR/credentials/brutex-$TARGET.txt 2> /dev/null
@@ -25,9 +25,9 @@ if [[ "$AUTO_BRUTE" = "1" ]]; then
   if [[ "$SLACK_NOTIFICATIONS_BRUTEFORCE" == "1" ]]; then
     /bin/bash "$INSTALL_DIR/bin/slack.sh" postfile "$LOOT_DIR/credentials/brutex-$TARGET.txt"
   fi
-  echo "[xerosecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
+  echo "[sn1persecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
   if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then
-    /bin/bash "$INSTALL_DIR/bin/slack.sh" "[xerosecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
+    /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Finished Sn1per brute force: $TARGET [$MODE] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
   fi
 else
   echo -e "$OKORANGE + -- --=[ AUTO_BRUTE setting disabled in sniper.conf... skipping.$RESET"