Skip to content

Instantly share code, notes, and snippets.

@1N3
Created July 6, 2015 00:32
Show Gist options
  • Save 1N3/2285488491409ec4947e to your computer and use it in GitHub Desktop.
Save 1N3/2285488491409ec4947e to your computer and use it in GitHub Desktop.
Enumer8 by 1N3 v20150705
#!/bin/bash
# Enumer8 by 1N3 v20150705
# http://crowdshield.com
#
TARGET="$1"
LHOST="192.168.1.132"
LOOT_DIR="/pentest/loot"
FINDSPLOIT_DIR="/pentest/findsploit"
KEY_PATH="/pentest/linux/ssh/dsa/1024"
ARACHNI_REPORT_DIR="/pentest/loot/arachni"
CMSMAP="/pentest/web/CMSmap/cmsmap.py"
USER_FILE="/pentest/lists/users/usernames/simple-users.txt"
PASS_FILE="/pentest/lists/passwords/top_25_weakest_passwords.txt"
DNS_FILE="/pentest/lists/dns/namelist.txt"
THREADS="30"
COLOR1='\033[1m\033[91m'
COLOR2='\033[1m\033[92m'
COLOR3='\033[1m\033[92m'
RESET='\e[0m'
if [ -z $TARGET ]; then
echo "+ -- --=[http://crowdshield.com"
echo "+ -- --=[Enumeration Script by 1N3"
echo "+ -- --=[Usage: enumerate <targetip>"
exit
fi
clear
echo -e "$COLOR3################################### Enumerate Script by 1N3 ########################$RESET"
echo -e "$COLOR3################################### Running NSLookup ###############################$RESET"
nslookup $TARGET
host $TARGET
dig -x $TARGET
whois $TARGET
dnsenum $TARGET
#knockpy -w /pentest/lists/dns/namelist.txt $TARGET
dnsdict6 $TARGET $DNS_FILE -4 | awk '{print $1}' | sort -u | sed -r 's/.com./.com/g'
echo ""
echo -e "$COLOR3################################### Pinging host ###################################$RESET"
ping -c 1 $TARGET
echo ""
echo -e "$COLOR3################################### Running port scan ##############################$RESET"
nmap -sS -sV -T4 -A -O --open $TARGET -oX $LOOT_DIR/nmap/$TARGET.xml
echo ""
#echo -e "$COLOR3################################### Running recon ##################################$RESET"
#theharvester -d $TARGET -b google
#theharvester -d $TARGET -b bing
#theharvester -d $TARGET -b linkedin
#theharvester -d $TARGET -b people123
#echo ""
echo -e "$COLOR3################################### Running Intrusive Scans ########################$RESET"
port_21=`grep 'portid="21"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_22=`grep 'portid="22"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_23=`grep 'portid="23"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_25=`grep 'portid="25"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_80=`grep 'portid="80"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_110=`grep 'portid="110"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_111=`grep 'portid="111"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_135=`grep 'portid="135"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_139=`grep 'portid="139"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_162=`grep 'portid="162"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_443=`grep 'portid="443"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_445=`grep 'portid="445"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_5432=`grep 'portid="5432"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_8000=`grep 'portid="8000"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_8080=`grep 'portid="8080"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
port_49152=`grep 'portid="49152"' $LOOT_DIR/nmap/$TARGET.xml | grep open`
#export #hydra_PROXY=socks4://127.0.0.1:9050
burpsuite_running=`ps -ef | grep /usr/bin/burpsuite | grep sh`
openvas_running=`ps -ef | grep openvassd | grep waiting`
metasploit_running=`ps -ef | grep metasploit | grep daemon`
postgresql_running=`ps -ef | grep postgresql | grep conf`
#if [ -z "$postgresql_running" ]
#then
# service postgresql start
#fi
#if [ -z "$metasploit_running" ]
#then
# service metasploit start
#fi
#if [ -z "$burpsuite_running" ]
#then
# su - nonxero -c 'java -jar /usr/bin/burpsuite' &
# sleep 10
#fi
if [ -z "$port_21" ]
then
echo -e "$COLOR1Port 21 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 21 opened... running tests...$RESET"
#hydra -L $USER_FILE -P $PASS_FILE $TARGET ftp -f
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "ftp" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=$LHOST RHOST=$TARGET RHOSTS=$TARGET RPORT=21 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
#nmap -p 21 --script=ftp-* $TARGET
fi
if [ -z "$port_22" ]
then
echo -e "$COLOR1Port 22 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 22 opened... running tests...$RESET"
#hydra -L $USER_FILE -P $PASS_FILE $TARGET ssh -f
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "ssh" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=22 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS KEY_PATH=$KEY_PATH VERBOSE=false E; done;
#nmap -p 22 --script=ssh-* $TARGET
fi
if [ -z "$port_23" ]
then
echo -e "$COLOR1Port 23 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 23 opened... running tests...$RESET"
#hydra -L $USER_FILE -P $PASS_FILE $TARGET telnet -f
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "telnet" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=$LHOST RPORT=23 RHOST=$TARGET RHOSTS=$TARGET USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
echo ""
#nmap -p 22 --script=telnet-* $TARGET
cisco-torch -A $TARGET
fi
if [ -z "$port_25" ]
then
echo -e "$COLOR1Port 25 closed... skipping."
else
echo -e "$COLOR1Port 25 opened... running tests..."
#hydra -L $USER_FILE -P $PASS_FILE $TARGET smtp -f
smtp-user-enum -M VRFY -U $USER_FILE -t $TARGET
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "smtp" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=25 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
#nmap -p 25 --script=smtp-* $TARGET
fi
if [ -z "$port_80" ]
then
echo -e "$COLOR1Port 80 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 80 opened... running tests...$RESET"
#php /pentest/web/inurlbr/inurlbr.php --dork 'filetype:jsp | filetype:bak | filetype:asp | filetype:php | filetype:cgi | filetype:sql | filetype:pl | filetype:py | filetype:aspx | filetype:rb | filetype:do inurl:'$TARGET' site:'$TARGET'' -s $TARGET-extensions.txt
#php /pentest/web/inurlbr/inurlbr.php --dork '(inurl:"redir=" AND inurl:"http") OR (inurl:"url=" AND inurl:"http") OR (inurl:"target=" AND inurl:"http") OR (inurl:"dst=" AND inurl:"http") OR (inurl:"src=" AND inurl:"http") OR (inurl:"redirect=" AND inurl:"http") AND site:'"$TARGET" -s $TARGET-openredirect.txt
#php /pentest/web/inurlbr/inurlbr.php --dork "'site:pastbin.com' $TARGET" -s $TARGET-pastebin.txt
# iceweasel "https://www.punkspider.org/#searchkey=url&searchvalue='$TARGET'&pagenumber=1&filterType=or&filters=bsqli,sqli,xss,trav,mxi,osci,xpathi" &
wafw00f http://$TARGET
echo ""
whatweb http://$TARGET
echo ""
nikto -C all -h http://$TARGET
#arachni http://$TARGET --report-save-path=$ARACHNI_REPORT_DIR/$TARGET --output-only-positives --scope-include-subdomains
xsstracer $TARGET 80
#sqlmap -u http://$TARGET --crawl 3 --dbs --answer="redirect=Y" --batch
#echo -e "$COLOR1Starting XSSer...$RESET" && xsser -u http://$TARGET -c10 --Cw=200 --auto --save --follow-redirects | egrep "Injection:|Final Results:|Injections:|Failed:|Successfull:|Accur:"
#wpscan --url http://$TARGET --batch
#python $CMSMAP -t http://$TARGET
#hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -f -m /
fi
if [ -z "$port_110" ]
then
echo -e "$COLOR1Port 110 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 110 opened... running tests...$RESET"
#hydra -L $USER_FILE -P $PASS_FILE $TARGET pop3 -f
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "pop" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=110 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
#nmap -p 110 --script=pop3-* $TARGET
fi
if [ -z "$port_111" ]
then
echo -e "$COLOR1Port 111 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 111 opened... running tests..."
showmount -a -d -e $TARGET
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "nfs" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=111 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
#nmap -p 111 --script=nfs-* $TARGET
fi
if [ -z "$port_135" ]
then
echo -e "$COLOR1Port 135 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 135 opened... running tests...$RESET"
rpcinfo -p $TARGET
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "rpc" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=135 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "dce" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=135 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
nmap -p 135 --script=rpc* $TARGET
fi
if [ -z "$port_139" ]
then
echo -e "$COLOR1Port 139 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 139 opened... running tests...$RESET"
enum4linux $TARGET
samrdump.py $TARGET
nbtscan $TARGET
for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "smb" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=139 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS VERBOSE=false E; done;
nmap --script=/usr/share/nmap/scripts/smb-check-vulns.nse --script=/usr/share/nmap/scripts/smb-os-discovery.nse --script=/usr/share/nmap/scripts/smb-enum-domains.nse --script=/usr/share/nmap/scripts/smb-server-stats.nse --script=/usr/share/nmap/scripts/smb-ls.nse --script=/usr/share/nmap/scripts/smb-vuln-ms10-054.nse --script=/usr/share/nmap/scripts/smb-vuln-ms10-061.nse --script=/usr/share/nmap/scripts/smb-system-info.nse --script=/usr/share/nmap/scripts/smb-enum-shares.nse --script=/usr/share/nmap/scripts/smb-enum-users.nse --script=/usr/share/nmap/scripts/smbv2-enabled.nse --script=/usr/share/nmap/scripts/smb-mbenum.nse --script-args=unsafe=1 -p 139 $TARGET
fi
if [ -z "$port_162" ]
then
echo -e "$COLOR1Port 162 closed... skipping."
else
echo -e "$COLOR1Port 162 opened... running tests..."
for a in `cat /pentest/lists/wordlist-common-snmp-community-strings.txt`; do snmpwalk $TARGET -c $a; done;
for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "snmp" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=162 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
nmap -p 162 --script=snmp-* $TARGET
fi
if [ -z "$port_443" ]
then
echo -e "$COLOR1Port 443 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 443 opened... running tests...$RESET"
#php /pentest/web/inurlbr/inurlbr.php --dork 'filetype:jsp | filetype:bak | filetype:asp | filetype:php | filetype:cgi | filetype:sql | filetype:pl | filetype:py | filetype:aspx | filetype:rb | filetype:do inurl:'$TARGET' site:'$TARGET'' -s $TARGET-extensions.txt
#php /pentest/web/inurlbr/inurlbr.php --dork '(inurl:"redir=" AND inurl:"http") OR (inurl:"url=" AND inurl:"http") OR (inurl:"target=" AND inurl:"http") OR (inurl:"dst=" AND inurl:"http") OR (inurl:"src=" AND inurl:"http") OR (inurl:"redirect=" AND inurl:"http") AND site:'"$TARGET" -s $TARGET-openredirect.txt
#php /pentest/web/inurlbr/inurlbr.php --dork "'site:pastbin.com' $TARGET" -s $TARGET-pastebin.txt
# iceweasel "https://www.punkspider.org/#searchkey=url&searchvalue='$TARGET'&pagenumber=1&filterType=or&filters=bsqli,sqli,xss,trav,mxi,osci,xpathi" &
wafw00f https://$TARGET
echo ""
whatweb https://$TARGET
echo ""
sslscan --no-failed $TARGET
echo ""
nikto -C all -h https://$TARGET
#arachni https://$TARGET --report-save-path=$ARACHNI_REPORT_DIR/$TARGET --output-only-positives --scope-include-subdomains
#sqlmap -u https://$TARGET --crawl 3 --dbs --answer="redirect=Y" --batch
#echo -e "$COLOR1Starting XSSer...$RESET" && xsser -u https://$TARGET -c10 --Cw=200 --auto --save --follow-redirects | egrep "Injection:|Final Results:|Injections:|Failed:|Successfull:|Accur:"
#wpscan --url https://$TARGET --batch
#python $CMSMAP -t https://$TARGET
#hydra -L $USER_FILE -P $PASS_FILE $TARGET https-head -f -m /
fi
if [ -z "$port_445" ]
then
echo -e "$COLOR1Port 445 closed... skipping."
else
echo -e "$COLOR1Port 445 opened... running tests..."
enum4linux $TARGET
samrdump.py $TARGET
nbtscan $TARGET
#smbclient -L $TARGET
for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "smb" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=445 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS VERBOSE=false E; done;
nmap --script=/usr/share/nmap/scripts/smb-check-vulns.nse --script=/usr/share/nmap/scripts/smb-os-discovery.nse --script=/usr/share/nmap/scripts/smb-enum-domains.nse --script=/usr/share/nmap/scripts/smb-server-stats.nse --script=/usr/share/nmap/scripts/smb-ls.nse --script=/usr/share/nmap/scripts/smb-vuln-ms10-054.nse --script=/usr/share/nmap/scripts/smb-vuln-ms10-061.nse --script=/usr/share/nmap/scripts/smb-system-info.nse --script=/usr/share/nmap/scripts/smb-enum-shares.nse --script=/usr/share/nmap/scripts/smb-enum-users.nse --script=/usr/share/nmap/scripts/smbv2-enabled.nse --script=/usr/share/nmap/scripts/smb-mbenum.nse --script-args=unsafe=1 -p 139 $TARGET
fi
if [ -z "$port_3306" ]
then
echo -e "$COLOR1Port 3306 closed... skipping."
else
echo -e "$COLOR1Port 3306 opened... running tests..."
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "mysql" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=3306 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
#nnmap --script=mysql* -p 3306 $TARGET
#hydra -L $USER_FILE -P $PASS_FILE $TARGET mysql
fi
if [ -z "$port_5432" ]
then
echo -e "$COLOR1Port 5432 closed... skipping."
else
echo -e "$COLOR1Port 5432 opened... running tests..."
#for a in `cat $FINDSPLOIT_DIR/msf_search/auxiliary | egrep "postgres" | egrep "scanner" | awk '{print $1}'`; do echo -e "$COLOR2Running Metasploit module: $a..." && msfcli $a LHOST=192.168.1.145 RHOST=$TARGET RHOSTS=$TARGET RPORT=5432 USER_FILE=$USER_FILE PASS_FILE=$PASS_FILE THREADS=$THREADS E; done;
#nnmap --script=pgsql* -p 5432 $TARGET
fi
if [ -z "$port_8000" ]
then
echo -e "$COLOR1Port 8000 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 8000 opened... running tests...$RESET"
wafw00f http://$TARGET:8000
echo ""
whatweb http://$TARGET:8000
echo ""
nikto -C all -h http://$TARGET:8000
#arachni http://$TARGET:8000 --report-save-path=$ARACHNI_REPORT_DIR/$TARGET --output-only-positives --scope-include-subdomains
#sqlmap -u http://$TARGET:8000 --crawl 3 --dbs --answer="redirect=Y" --batch
#echo -e "$COLOR1Starting XSSer...$RESET" && xsser -u http://$TARGET:8000 -c10 --Cw=200 --auto --save --follow-redirects | egrep "Injection:|Final Results:|Injections:|Failed:|Successfull:|Accur:"
#wpscan --url http://$TARGET:8000 --batch
#python $CMSMAP -t http://$TARGET:8000
xsstracer $TARGET 8000
#hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -s 8000 -m /
fi
if [ -z "$port_8100" ]
then
echo -e "$COLOR1Port 8100 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 8100 opened... running tests...$RESET"
wafw00f http://$TARGET:8100
echo ""
whatweb http://$TARGET:8100
echo ""
nikto -C all -h http://$TARGET:8100
#arachni http://$TARGET:8100 --report-save-path=$ARACHNI_REPORT_DIR/$TARGET --output-only-positives --scope-include-subdomains
#sqlmap -u http://$TARGET:8100 --crawl 3 --dbs --answer="redirect=Y" --batch
#echo -e "$COLOR1Starting XSSer...$RESET" && xsser -u http://$TARGET:8100 -c10 --Cw=200 --auto --save --follow-redirects | egrep "Injection:|Final Results:|Injections:|Failed:|Successfull:|Accur:"
#wpscan --url http://$TARGET:8100 --batch
#python $CMSMAP -t http://$TARGET:8100
#xsstracer $TARGET 8100
#hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -s 8100 -m /
fi
if [ -z "$port_8080" ]
then
echo -e "$COLOR1Port 8080 closed... skipping."
else
echo -e "$COLOR1Port 8080 opened... running tests..."
wafw00f http://$TARGET:8080
echo ""
whatweb http://$TARGET:8080
echo ""
nikto -C all -h http://$TARGET:8080
#arachni http://$TARGET:8080 --report-save-path=$ARACHNI_REPORT_DIR/$TARGET --output-only-positives --scope-include-subdomains
#sqlmap -u http://$TARGET:8080 --crawl 10 --dbs --answer="redirect=Y" --batch
#echo -e "$COLOR1Starting XSSer...$RESET" && xsser -u http://$TARGET:8080 -c10 --Cw=200 --auto --save --follow-redirects | egrep "Injection:|Final Results:|Injections:|Failed:|Successfull:|Accur:"
nmap -p 8080 --script=proxy-* $TARGET
#wpscan --url http://$TARGET:8080 --batch
#python $CMSMAP -t http://$TARGET:8080
xsstracer $TARGET 8080
#hydra -L $USER_FILE -P $PASS_FILE $TARGET http-head -s 8080 -m /
fi
if [ -z "$port_49152" ]
then
echo -e "$COLOR1Port 49152 closed... skipping.$RESET"
else
echo -e "$COLOR1Port 49152 opened... running tests...$RESET"
/pentest/scripts/web/supermicro_scan.sh $TARGET
fi
service postgresql stop 2> /dev/null
service metasploit stop 2> /dev/null
#echo -e "$COLOR3################################### Running Brute Force ############################$RESET"
#brutex $TARGET
echo ""
echo -e "$COLOR3################################### Done! ###########################################$RESET"
exit 0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment