search

1N3 / Sn1per

Attack Surface Management Platform
https://sn1persecurity.com
Other
7.75k stars 1.8k forks source link

i got many errors . #46

Closed mehranexpert closed 7 years ago

mehranexpert commented 7 years ago

i run it on ubuntu 16.04

oot@ubuntu:~/Sn1per# ./sniper google.com
                ____               
    _________  /  _/___  ___  _____
   / ___/ __ \ / // __ \/ _ \/ ___/
  (__  ) / / // // /_/ /  __/ /    
 /____/_/ /_/___/ .___/\___/_/     
               /_/                 

 + -- --=[http://crowdshield.com
 + -- --=[sn1per v2.0 by 1N3

 + -- ----------------------------=[Running Nslookup]=------------------------ -- +
Server:         8.8.8.8
Address:        8.8.8.8#53

Non-authoritative answer:
Name:   google.com
Address: 172.217.16.174

google.com has address 172.217.16.174
google.com has IPv6 address 2a00:1450:4001:814::200e
google.com mail is handled by 40 alt3.aspmx.l.google.com.
google.com mail is handled by 10 aspmx.l.google.com.
google.com mail is handled by 30 alt2.aspmx.l.google.com.
google.com mail is handled by 50 alt4.aspmx.l.google.com.
google.com mail is handled by 20 alt1.aspmx.l.google.com.
 + -- ----------------------------=[Checking OS Fingerprint]=----------------- -- +
./sniper: line 533: xprobe2: command not found
 + -- ----------------------------=[Gathering Whois Info]=-------------------- -- +
./sniper: line 537: whois: command not found
 + -- ----------------------------=[Gathering OSINT Info]=-------------------- -- +
 + -- ----------------------------=[Gathering DNS Info]=---------------------- -- +

; <<>> DiG 9.10.3-P4-Ubuntu <<>> -x google.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 41192
;; flags: qr rd ra ad; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;com.google.in-addr.arpa.       IN      PTR

;; AUTHORITY SECTION:
in-addr.arpa.           55      IN      SOA     b.in-addr-servers.arpa. nstld.iana.org. 2015074887 1800 900 604800 3600

;; Query time: 8 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Fri Oct 28 17:42:41 UTC 2016
;; MSG SIZE  rcvd: 120

./sniper: line 542: dnsenum: command not found
 + -- ----------------------------=[Gathering DNS Subdomains]=---------------- -- +
 + -- ----------------------------=[Checking for Sub-Domain Hijacking]=------- -- +
 + -- ----------------------------=[Checking Email Security]=----------------- -- +

 + -- ----------------------------=[Pinging host]=---------------------------- -- +
PING google.com (172.217.16.174) 56(84) bytes of data.
64 bytes from fra15s11-in-f14.1e100.net (172.217.16.174): icmp_seq=1 ttl=58 time=0.815 ms

--- google.com ping statistics ---
1 packets transmitted, 1 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.815/0.815/0.815/0.000 ms

 + -- ----------------------------=[Running TCP port scan]=------------------- -- +
Failed to open XML output file /usr/share/sniper/loot/nmap/nmap-google.com.xml for writing
QUITTING!
 + -- ----------------------------=[Running UDP port scan]=------------------- -- +

Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-28 17:42 UTC
Nmap scan report for google.com (172.217.16.174)
Host is up (0.00080s latency).
Other addresses for google.com (not scanned): 2a00:1450:4001:814::200e
rDNS record for 172.217.16.174: fra15s11-in-f14.1e100.net
PORT     STATE         SERVICE
53/udp   open|filtered domain
67/udp   open|filtered dhcps
68/udp   open|filtered dhcpc
88/udp   open|filtered kerberos-sec
137/udp  open|filtered netbios-ns
138/udp  open|filtered netbios-dgm
139/udp  open|filtered netbios-ssn
161/udp  open|filtered snmp
162/udp  open|filtered snmptrap
389/udp  open|filtered ldap
520/udp  open|filtered route
2049/udp open|filtered nfs

Nmap done: 1 IP address (1 host up) scanned in 1.50 seconds
Failed to start postgresql.service: Unit postgresql.service not found.

 + -- ----------------------------=[Running Intrusive Scans]=----------------- -- +
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
grep: /usr/share/sniper/loot/nmap/nmap-google.com.xml: No such file or directory
 + -- --=[Port 21 closed... skipping.
 + -- --=[Port 22 closed... skipping.
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 53 closed... skipping.
 + -- --=[Port 79 closed... skipping.
 + -- --=[Port 80 closed... skipping.
 + -- --=[Port 110 closed... skipping.
 + -- --=[Port 111 closed... skipping.
 + -- --=[Port 135 closed... skipping.
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 161 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 closed... skipping.
 + -- --=[Port 445 closed... skipping.
 + -- --=[Port 512 closed... skipping.
 + -- --=[Port 513 closed... skipping.
 + -- --=[Port 514 closed... skipping.
 + -- --=[Port 1433 closed... skipping.
 + -- --=[Port 2049 closed... skipping.
 + -- --=[Port 2121 closed... skipping.
 + -- --=[Port 3306 closed... skipping.
 + -- --=[Port 3310 closed... skipping.
 + -- --=[Port 3128 closed... skipping.
 + -- --=[Port 3389 closed... skipping.
 + -- --=[Port 3632 closed... skipping.
 + -- --=[Port 4443 closed... skipping.
 + -- --=[Port 5432 closed... skipping.
 + -- --=[Port 5800 closed... skipping.
 + -- --=[Port 5900 closed... skipping.
 + -- --=[Port 6000 closed... skipping.
 + -- --=[Port 6667 closed... skipping.
 + -- --=[Port 8000 closed... skipping.
 + -- --=[Port 8100 closed... skipping.
 + -- --=[Port 8080 closed... skipping.
 + -- --=[Port 8180 closed... skipping.
 + -- --=[Port 8443 closed... skipping.
 + -- --=[Port 8888 closed... skipping.
 + -- --=[Port 10000 closed... skipping.
 + -- --=[Port 49152 closed... skipping.
 + -- ----------------------------=[Scanning For Common Vulnerabilities]=----- -- +
/usr/lib/ruby/2.3.0/rubygems/specification.rb:2286:in `raise_if_conflicts': Unable to activate mechanize-2.7.5, because net-http-persistent-3.0.0 conflicts with net-http-persistent (>= 2.5.2, ~> 2.5) (Gem::ConflictError)
        from /usr/lib/ruby/2.3.0/rubygems/specification.rb:1407:in `activate'
        from /usr/lib/ruby/2.3.0/rubygems.rb:196:in `rescue in try_activate'
        from /usr/lib/ruby/2.3.0/rubygems.rb:193:in `try_activate'
        from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:125:in `rescue in require'
        from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:40:in `require'
        from /usr/share/sniper/plugins/yasuo/formloginbrute.rb:1:in `<top (required)>'
        from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
        from /usr/lib/ruby/2.3.0/rubygems/core_ext/kernel_require.rb:55:in `require'
        from yasuo.rb:35:in `<main>'
 + -- ----------------------------=[Performing Full NMap Port Scan]=---------- -- +
Failed to open XML output file /usr/share/sniper/loot/nmap/nmap-google.com.xml for writing
QUITTING!
 + -- ----------------------------=[Running Brute Force]=--------------------- -- +
 __________                __         ____  ___
 \______   \_______ __ ___/  |_  ____ \   \/  /
  |    |  _/\_  __ \  |  \   __\/ __ \ \     / 
  |    |   \ |  | \/  |  /|  | \  ___/ /     \ 
  |______  / |__|  |____/ |__|  \___  >___/\  \ 
         \/                         \/      \_/

 + -- --=[BruteX v1.5 by 1N3
 + -- --=[http://crowdshield.com

################################### Running Port Scan ##############################

Starting Nmap 7.01 ( https://nmap.org ) at 2016-10-28 17:42 UTC
Nmap scan report for google.com (172.217.16.174)
Host is up (0.00084s latency).
Other addresses for google.com (not scanned): 2a00:1450:4001:814::200e
rDNS record for 172.217.16.174: fra15s11-in-f14.1e100.net
Not shown: 24 filtered ports
PORT    STATE SERVICE
80/tcp  open  http
443/tcp open  https

Nmap done: 1 IP address (1 host up) scanned in 1.68 seconds

################################### Running Brute Force ############################

 + -- --=[Port 21 closed... skipping.
 + -- --=[Port 22 closed... skipping.
 + -- --=[Port 23 closed... skipping.
 + -- --=[Port 25 closed... skipping.
 + -- --=[Port 80 opened... running tests...
Hydra v8.4-dev (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-10-28 17:42:46
[DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
[DATA] attacking service http-get on port 80
[80][http-get] host: google.com   login: admin   password: admin
[STATUS] attack finished for google.com (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-10-28 17:42:46
 + -- --=[Port 110 closed... skipping.
 + -- --=[Port 139 closed... skipping.
 + -- --=[Port 162 closed... skipping.
 + -- --=[Port 389 closed... skipping.
 + -- --=[Port 443 opened... running tests...
Hydra v8.4-dev (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes.

Hydra (http://www.thc.org/thc-hydra) starting at 2016-10-28 17:42:46
[DATA] max 1 task per 1 server, overall 64 tasks, 1496 login tries (l:34/p:44), ~23 tries per task
[DATA] attacking service http-get on port 443 with SSL
[443][http-get] host: google.com   login: admin   password: admin
[STATUS] attack finished for google.com (valid pair found)
1 of 1 target successfully completed, 1 valid password found
Hydra (http://www.thc.org/thc-hydra) finished at 2016-10-28 17:42:47
 + -- --=[Port 445 closed... skipping.
 + -- --=[Port 512 closed... skipping.
 + -- --=[Port 513 closed... skipping.
 + -- --=[Port 514 closed... skipping.
 + -- --=[Port 993 closed... skipping.
 + -- --=[Port 1433 closed... skipping.
 + -- --=[Port 1521 closed... skipping.
 + -- --=[Port 3306 closed... skipping.
 + -- --=[Port 3389 closed... skipping.
 + -- --=[Port 5432 closed... skipping.
 + -- --=[Port 5900 closed... skipping.
 + -- --=[Port 5901 closed... skipping.
 + -- --=[Port 8000 closed... skipping.
 + -- --=[Port 8080 closed... skipping.
 + -- --=[Port 8100 closed... skipping.
 + -- --=[Port 6667 closed... skipping.

################################### Brute Forcing DNS ###############################
/usr/bin/brutex: line 317: dnsenum: command not found

################################### Done! ###########################################

 + -- --=[Sorting loot directory (/usr/share/sniper/loot)
 + -- --=[Generating reports...
 + -- ----------------------------=[Done]=------------------------------------ -- +
root@ubuntu:~/Sn1per#
menzow commented 7 years ago

Hey @mehranexpert ,

This tool was built mainly to run on Kali linux, and has some dependencies on tools available in the kali linux repository.

To install those tools, run the following code (as root or with sudo):

echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" >> /etc/apt/sources.list.d/kali.sources.list
gpg --keyserver pgpkeys.mit.edu --recv-key  ED444FF07D8D0BF6
gpg -a --export ED444FF07D8D0BF6 | apt-key add -

apt-get update

Here's the list of all packages you need installed for sn1per to run correctly:

apt-get install -y \
    amap \
    arachni \
    bsdmainutils \
    build-essential \
    cisco-torch \
    curl \
    cutycapt \
    dirb \
    dnsenum \
    dnsrecon \
    dnsutils \
    dos2unix \
    enum4linux \
    git \
    git-core \
    golismero \
    host \
    hydra \
    iceweasel \
    iputils-ping \
    joomscan \
    libcurl4-openssl-dev \
    libffi-dev \
    libreadline-dev \
    libsqlite3-dev \
    libssl-dev \
    libxml2-dev \
    libxslt1-dev \
    libyaml-dev \
    metasploit-framework \
    nbtscan \
    nikto \
    nmap \
    php \
    php-curl \
    python \
    python-software-properties \
    python2.7 \
    rubygems \
    ruby-bcrypt \
    smtp-user-enum \
    software-properties-common \
    sqlite3 \
    sqlmap \
    sslscan \
    sslyze \
    theharvester \
    unicornscan \
    uniscan \
    w3af \
    waffit \
    wapiti \
    whatweb \
    whois \
    wpscan \
    xprobe2 \
    zenmap \
    zlib1g-dev

Once you've installed all those tools, sn1per should run without problems.

1N3 commented 7 years ago

thanks for helping @menzow!

@mehranexpert did you run the install.sh script first before running by chance? It looks like the /usr/share/sniper/loot/nmap/ directory doesn't exist. Can you verify? ie. ls -lh /usr/share/sniper/loot/

This should have been created during install, so curious to know if you did in fact run it already or not..

mehranexpert commented 7 years ago

Thanks @menzow .

Yes im run install.sh before running .

ls -lh /usr/share/sniper/loot/
total 4.0K
-rw-r--r-- 1 root root 113 Oct 28 17:48 README.md

seems Dependence @menzow Provided helped me , Thanks .