[*] NORMAL MODE
sniper -t|--target <TARGET>
[*] NORMAL MODE + OSINT + RECON
sniper -t|--target <TARGET> -o|--osint -re|--recon
[*] STEALTH MODE + OSINT + RECON
sniper -t|--target <TARGET> -m|--mode stealth -o|--osint -re|--recon
[*] DISCOVER MODE
sniper -t|--target <CIDR> -m|--mode discover -w|--workspace <WORSPACE_ALIAS>
[*] SCAN ONLY SPECIFIC PORT
sniper -t|--target <TARGET> -m port -p|--port <portnum>
[*] FULLPORTONLY SCAN MODE
sniper -t|--target <TARGET> -fp|--fullportonly
[*] PORT SCAN MODE
sniper -t|--target <TARGET> -m|--mode port -p|--port <PORT_NUM>
[*] WEB MODE - PORT 80 + 443 ONLY!
sniper -t|--target <TARGET> -m|--mode web
[*] HTTP WEB PORT MODE
sniper -t|--target <TARGET> -m|--mode webporthttp -p|--port <port>
[*] HTTPS WEB PORT MODE
sniper -t|--target <TARGET> -m|--mode webporthttps -p|--port <port>
[*] ENABLE BRUTEFORCE
sniper -t|--target <TARGET> -b|--bruteforce
[*] AIRSTRIKE MODE
sniper -f|--file /full/path/to/targets.txt -m|--mode airstrike
[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED
sniper -f--file /full/path/to/targets.txt -m|--mode nuke -w|--workspace <WORKSPACE_ALIAS>
[*] ENABLE LOOT IMPORTING INTO METASPLOIT
sniper -t|--target <TARGET>
[*] LOOT REIMPORT FUNCTION
sniper -w <WORKSPACE_ALIAS> --reimport
[*] UPDATE SNIPER
sniper -u|--update
MODES:
NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
AIRSTRIKE: Quickly enumerates open ports/services
on multiple hosts and performs basic fingerprinting. To use, specify the
full location of the file which contains all hosts, IPs that need to be
scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin
scanning.
NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
DISCOVER: Parses all hosts on a subnet/CIDR (ie.
192.168.0.0/16) and initiates a sniper scan against each host. Useful
for internal network scans.
PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
WEB: Adds full automatic web application scans to
the results (port 80/tcp & 443/tcp only). Ideal for web applications
but may increase scan time significantly.
WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.
WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.
UPDATE: Checks for updates and upgrades all components used by sniper.
REIMPORT: Reimport all workspace files into Metasploit and reproduce all reports.
This software is free to distribute, modify and use with the
condition that credit is provided to the creator (1N3@CrowdShield) and
is not for commercial use.
LOGO:
Credit to Sponge Nutter for the original sniper penguin logo.
DONATIONS:
Donations are welcome. This will help fascilitate improved features, frequent updates and better overall support for sniper.
StaCoAn is a crossplatform tool which aids developers, bugbounty hunters and ethical hackers performing static code analysis on mobile applications*.
This tool will look for interesting lines in the code which can contain:
Hardcoded credentials
API keys
URL's of API's
Decryption keys
Major coding mistakes
This tool was created with a big focus on usability and graphical guidance in the user interface.
For the impatient ones, grab the download on the releases page.
*: note that currently only apk files are supported, but ipa files will follow very shortly.
The concept is that you drag and drop your mobile application file
(an .apk or .ipa file) on the StaCoAn application and it will generate a
visual and portable report for you. You can tweak the settings and
wordlists to get a customized experience.
The reports contain a handy tree viewer so you can easily browse trough your decompiled application.
Looting concept
The Loot Function let you 'loot' (~bookmark) the findings
which are of value for you and on the loot-page you will get an overview
of your 'loot' raid.
The final report can be exported to a zip file and shared with other people.
Wordlists
The application uses wordlists for finding interesting lines in the code.
Wordlists are in the following format:
API_KEY|||80||| This contains an API key reference
(https|http):\/\/.*api.*|||60||| This regex matches any URL containing 'api'
In the exclusion_list.txt you can define exclusions (if you have for some reason to much findings):
(https|http):\/\/.*api.*|||"res","layout"||| Like previously, note that "res","layout" resembles the path
(https|http):\/\/.*api.*|||||| To exclude everywhere
Filetypes
Any source file will be processed. This contains '.java', '.js', '.html', '.xml',... files.
Database-files are also searched for keywords. The database also has a table viewer.
Responsive Design
The reports are made to fit on all screens.
Limitations
This tool will have trouble with obfuscated
code. If you are a developer try to compile without obfuscation turned
on before running this tool. If you are on the offensive side, good luck
bro.
Getting Started
From the releases
If you want to get started as soon as possible, head over to the releases page and download the executable or archive which corresponds to your operating system.
If you have downloaded the release zip file, extract this.
On Windows you can just double click the executable. It will open in
server mode and you can just drag and drop your mobile applications in
the webinterface.
On Mac and Linux you can just run it from the terminal without arguments for the server-mode.
./stacoan
Drag and drop this file onto the executable.
Or you can specify an apk-file to run it without the server-mode:
./stacoan -p test-apk.apk
The report will be put inside a folder with a name corresponding to the apk.
Docker
cd docker
docker build . -t stacoan
Make sure that your application is at the location /yourappsfolder.
PyInstaller can't handle subfolders with code, therefore we need to put the code in one folder.
# Note the ''-> this is because sed syntax is different on mac.
sed -i '' 's/from helpers./from /g' helpers/*
sed -i '' 's/from helpers./from /g' stacoan.py
sed -i '' 's/os.path.join(parentdir, "config.ini")/"config.ini"/g' helpers/logger.py
cp helpers/* ./ || :;
This entire program's value is depending on the wordlists it is
using. In the end, the final result is what matters. It is easy to build
a wordlist (in comparison to writing actual code), but it has the
biggest impact on the end result. You can help the community the most
with making wordlists.
If you want an easy way to post your idea's, head over to: http://www.tricider.com/brainstorming/2pdrT7ONVrB. From there you can add ideas for entries in the wordlist.
Improving the code is also much appreciated.
If the contribution is high enough, you will be mentioned in the authors section.
Roadmap
Make IPA files also work with this program
Make DB matches loot-able
Better logging (cross platform)
Docker optimalisation
Use server to upload files (apk's, ipa's) and process them
Exception list for ignoring findings in certain folders. For example ignoring http in res/layout and in general http://schemas.android.com/apk/res/android
Make a cleaner file structure of this project
LInk para Descargar: https://github.com/vincentcox/StaCoAn
Th3inspector es una herramienta para la recopilacion de informacion.
Información del sitio
[+] información del número de teléfono
[+] encontrar dirección ip y servidor de correo electrónico
[+] búsqueda de dominios
[+] encuentre la ubicación del sitio web / IP
[+] Bypass Cloudflare
[+] Verificador de la edad de dominio
[+] Agente de usuario info
[+] comprobar los servicios activos en los recursos
[+] Tarjeta de crédito
[+] Escáner subdominio
[+] Verificador de direcciones de correo electrónico
[+] Verificador del sistema de gestión del contenido
Link(){ https://github.com/Moham3dRiahi/Th3inspector
}
Veamos en siguiente video como es que el trabaja
Pasos para manejo
To list all the basic options and switches use -h switch:
perl Th3inspector.pl -h
To Get Website Information:
perl Th3inspector.pl -i example.com
To Get Phone Number Information :
perl Th3inspector.pl -n xxxxxxx
To Find IP Address And E-mail Server:
perl Th3inspector.pl -mx example.com
To Find Website Or IP Address Location :
perl Th3inspector.pl -l example.com
To Get Real IP Of Website Using CloudFlare Protection
Download Perl
Download Th3inspector
cpan install JSON
Extract Th3inspector into Desktop
Open CMD and type the following commands:
cd Desktop/Th3inspector-master/
perl Th3inspector.pl
