Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update to allow specification of network interface #1

Open
wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Update to allow specification of network interface #1

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
853dc00
Update masseffect.sh to allow specification of network interface
apt4hax Oct 12, 2023
38becd2
Merge branch 'master' into master
apt4hax Oct 12, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
192 changes: 92 additions & 100 deletions masseffect.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -52,7 +52,6 @@ banner="

$BWhite Port Scanner For Things I Like To Hack$Off | $BYellow@sho_luv$Off
"

usage() {
echo -e "$Off$banner$Off

Expand All @@ -64,34 +63,35 @@ Usage: $basename $0 [OPTIONS]
Options:
-r <num> rate to scan
-e <file> file of IP's to be excluded from scan
-i <interface> network interface to use for scanning (e.g. eth0)
-h Show this help

"
}

INTERFACE=""

if [ $# -eq 0 ]; then
usage >&2;
exit 0
else
# getopts : after letter means it takes a value
while getopts "hr:e:f:" option; do
while getopts "hr:e:f:i:" option; do
case ${option} in
h ) usage
exit 0
#echo "Usage: $0 -f file.apk [-h]"
;;
f ) RANGE="$OPTARG"
rflag=true
;;
r ) re='^[0-9]+$'
if ! [[ $OPTARG =~ $re ]] ; then
echo -e "${BRed}Error: \"$OPTARG\" is not a number$OFF" >&2; exit 1
fi
RATE="--rate $OPTARG"
rflag=true
if ! [[ $OPTARG =~ $re ]] ; then
echo -e "${BRed}Error: \"$OPTARG\" is not a number$OFF" >&2; exit 1
fi
RATE="--rate $OPTARG"
;;
e ) EXCLUDE="--excludefile $OPTARG"
;;
i ) INTERFACE="-e $OPTARG"
;;
*)
echo "Invalid Option: -$OPTARG" 1>&2
exit 1
Expand All @@ -100,173 +100,163 @@ else
done
fi

# check if file with IPs exist
if [ ! -f $RANGE ]; then
echo -e "$BRed ERROR: File \"$RANGE\" does not exist!$Off"
exit 1
echo -e "$BRed ERROR: File \"$RANGE\" does not exist!$Off"
exit 1
fi

# run masscan with known ports
echo "masscan --open -p 445 -iL $RANGE $EXCLUDE --banners -oB smb $RATE"
masscan --open -p 445 -iL $RANGE $EXCLUDE --banners -oB smb $RATE
echo "masscan --open -p 445 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB smb $RATE"
masscan --open -p 445 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB smb $RATE
masscan --readscan smb | awk '{print $6}' > smb.txt

# https://resources.infosecinstitute.com/masscan-scan-internet-minutes/
echo "iptables -A INPUT -p tcp --dport 60000 -j DROP"
iptables -A INPUT -p tcp --dport 60000 -j DROP
echo "masscan --open -p 80,443,8080,8081 -iL $RANGE $EXCLUDE --banners -oB http $RATE --source-port 60000"
masscan --open -p 80,443,8080,8081 -iL $RANGE $EXCLUDE --banners -oB http $RATE --source-port 60000
echo "masscan --open -p 80,443,8080,8081 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB http $RATE --source-port 60000"
masscan --open -p 80,443,8080,8081 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB http $RATE --source-port 60000
masscan --readscan http -oX http.xml
echo "iptables -D INPUT -p tcp --dport 60000 -j DROP"
iptables -D INPUT -p tcp --dport 60000 -j DROP

echo "masscan --open -p U:161 -iL $RANGE $EXCLUDE --banners -oB snmp $RATE"
masscan --open -p U:161 -iL $RANGE $EXCLUDE --banners -oB snmp $RATE
echo "masscan --open -p U:161 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB snmp $RATE"
masscan --open -p U:161 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB snmp $RATE
masscan --readscan snmp | grep Discovered | awk '{print $6}' > snmp.txt

# consider using iker.py masscan having issues with udp...
echo "masscan --open -p U:500 -iL $RANGE $EXCLUDE --banners -oB ike $RATE"
masscan --open -p U:500 -iL $RANGE $EXCLUDE --banners -oB ike $RATE
echo "masscan --open -p U:500 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ike $RATE"
masscan --open -p U:500 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ike $RATE
masscan --readscan ike | awk '{print $6}' > ike.txt

echo "masscan --open -pU:623 -iL $RANGE $EXCLUDE --banners -oB ipmi $RATE"
masscan --open -pU:623 -iL $RANGE $EXCLUDE --banners -oB ipmi $RATE
echo "masscan --open -pU:623 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ipmi $RATE"
masscan --open -pU:623 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ipmi $RATE
masscan --readscan ipmi | awk '{print $6}' > ipmi.txt

echo "masscan --open -p 21 -iL $RANGE $EXCLUDE --banners -oB ftp $RATE"
masscan --open -p 21 -iL $RANGE $EXCLUDE --banners -oB ftp $RATE
echo "masscan --open -p 21 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ftp $RATE"
masscan --open -p 21 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ftp $RATE
masscan --readscan ftp | awk '{print $6}' > ftp.txt

echo "masscan --open -p 22 -iL $RANGE $EXCLUDE --banners -oB ssh $RATE"
masscan --open -p 22 -iL $RANGE $EXCLUDE --banners -oB ssh $RATE
echo "masscan --open -p 22 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ssh $RATE"
masscan --open -p 22 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ssh $RATE
masscan --readscan ssh | awk '{print $6}' > ssh.txt

echo "masscan --open -p 111 -iL $RANGE $EXCLUDE --banners -oB nfs $RATE"
masscan --open -p 111 -iL $RANGE $EXCLUDE --banners -oB nfs $RATE
echo "masscan --open -p 111 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB nfs $RATE"
masscan --open -p 111 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB nfs $RATE
masscan --readscan nfs | awk '{print $6}' > nfs.txt

echo "masscan --open -p 513 -iL $RANGE $EXCLUDE --banners -oB rlogin $RATE"
masscan --open -p 513 -iL $RANGE $EXCLUDE --banners -oB rlogin $RATE
echo "masscan --open -p 513 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB rlogin $RATE"
masscan --open -p 513 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB rlogin $RATE
masscan --readscan rlogin | awk '{print $6}' > rlogin.txt

# Apache Tomcat versions 6.x, 7.x, 8.x, and 9.x are found to be vulnerable to this Ghostcat
echo "masscan --open -p 8009 -iL $RANGE $EXCLUDE --banners -oB ghost_cat $RATE"
masscan --open -p 8009 -iL $RANGE $EXCLUDE --banners -oB ghost_cat $RATE
echo "masscan --open -p 8009 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ghost_cat $RATE"
masscan --open -p 8009 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ghost_cat $RATE
masscan --readscan ghost_cat | awk '{print $6}' > ghost_cat.txt

echo "masscan --open -p 1099 -iL $RANGE $EXCLUDE --banners -oB java-rmi $RATE"
masscan --open -p 1099 -iL $RANGE $EXCLUDE --banners -oB java-rmi $RATE
echo "masscan --open -p 1099 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB java-rmi $RATE"
masscan --open -p 1099 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB java-rmi $RATE
masscan --readscan java-rmi | awk '{print $6}' > java-rmi.txt

echo "masscan --open -p 1433 -iL $RANGE $EXCLUDE --banners -oB mssql $RATE"
masscan --open -p 1433 -iL $RANGE $EXCLUDE --banners -oB mssql $RATE
echo "masscan --open -p 1433 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB mssql $RATE"
masscan --open -p 1433 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB mssql $RATE
masscan --readscan mssql | awk '{print $6}' > mssql.txt

echo "masscan --open -p 1521 -iL $RANGE $EXCLUDE --banners -oB oracle $RATE"
masscan --open -p 1521 -iL $RANGE $EXCLUDE --banners -oB oracle $RATE
echo "masscan --open -p 1521 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB oracle $RATE"
masscan --open -p 1521 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB oracle $RATE
masscan --readscan oracle | awk '{print $6}' > oracle.txt

echo "masscan --open -p 2010,8000,9999 -iL $RANGE $EXCLUDE --banners -oB jdwp $RATE"
masscan --open -p 2010,8000,9999 -iL $RANGE $EXCLUDE --banners -oB jdwp $RATE

echo "masscan --open -p 3389 -iL $RANGE $EXCLUDE --banners -oB rdp $RATE"
masscan --open -p 3389 -iL $RANGE $EXCLUDE --banners -oB rdp $RATE
echo "masscan --open -p 2010,8000,9999 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB jdwp $RATE"
masscan --open -p 2010,8000,9999 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB jdwp $RATE
echo "masscan --open -p 3389 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB rdp $RATE"
masscan --open -p 3389 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB rdp $RATE
masscan --readscan rdp | awk '{print $6}' > rdp.txt

echo "masscan --open -p 4369 -iL $RANGE $EXCLUDE --banners -oB erlang $RATE"
masscan --open -p 4369 -iL $RANGE $EXCLUDE --banners -oB erlang $RATE
echo "masscan --open -p 4369 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB erlang $RATE"
masscan --open -p 4369 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB erlang $RATE
masscan --readscan erlang | awk '{print $6}' > erlang.txt

echo "Checking for cisco smart install"
#echo "masscan --open -p 4786 -iL $RANGE $EXCLUDE --banners -oB siet $RATE"
masscan --open -p 4786 -iL $RANGE $EXCLUDE --banners -oB siet $RATE
echo "masscan --open -p 4786 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB siet $RATE"
masscan --open -p 4786 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB siet $RATE
masscan --readscan siet | awk '{print $6}' > siet.txt

echo "masscan --open -p 5900 -iL $RANGE $EXCLUDE --banners -oB vnc $RATE"
masscan --open -p 5900 -iL $RANGE $EXCLUDE --banners -oB vnc $RATE
echo "masscan --open -p 5900 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB vnc $RATE"
masscan --open -p 5900 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB vnc $RATE
masscan --readscan vnc | awk '{print $6}' > vnc.txt

echo "masscan --open -p 5984 -iL $RANGE $EXCLUDE --banners -oB couchdb $RATE"
masscan --open -p 5984 -iL $RANGE $EXCLUDE --banners -oB couchdb $RATE
echo "masscan --open -p 5984 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB couchdb $RATE"
masscan --open -p 5984 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB couchdb $RATE
masscan --readscan couchdb | awk '{print $6}' > couchdb.txt

echo "masscan --open -p 5985,5986 -iL $RANGE $EXCLUDE --banners -oB winrm $RATE"
masscan --open -p 5985,5986 -iL $RANGE $EXCLUDE --banners -oB winrm $RATE
echo "masscan --open -p 5985,5986 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB winrm $RATE"
masscan --open -p 5985,5986 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB winrm $RATE

echo "masscan --open -p 6000-6005 -iL $RANGE $EXCLUDE --banners -oB x11 $RATE"
masscan --open -p 6000-6005 -iL $RANGE $EXCLUDE --banners -oB x11 $RATE
echo "masscan --open -p 6000-6005 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB x11 $RATE"
masscan --open -p 6000-6005 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB x11 $RATE

echo "masscan --open -p 6379 -iL $RANGE $EXCLUDE --banners -oB redis $RATE"
masscan --open -p 6379 -iL $RANGE $EXCLUDE --banners -oB redis $RATE
echo "masscan --open -p 6379 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB redis $RATE"
masscan --open -p 6379 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB redis $RATE
masscan --readscan redis | awk '{print $6}' > redis.txt

echo "masscan --open -p 7001 -iL $RANGE $EXCLUDE --banners -oB weblogic $RATE"
masscan --open -p 7001 -iL $RANGE $EXCLUDE --banners -oB weblogic $RATE
echo "masscan --open -p 7001 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB weblogic $RATE"
masscan --open -p 7001 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB weblogic $RATE
masscan --readscan weblogic | awk '{print $6}' > weblogic.txt

echo "masscan --open -p 8383,8400, -iL $RANGE $EXCLUDE --banners -oB manage_engine $RATE"
masscan --open -p 8383,8400, -iL $RANGE $EXCLUDE --banners -oB manage_engine $RATE
echo "masscan --open -p 8383,8400, -iL $RANGE $EXCLUDE $INTERFACE --banners -oB manage_engine $RATE"
masscan --open -p 8383,8400, -iL $RANGE $EXCLUDE $INTERFACE --banners -oB manage_engine $RATE

echo "masscan --open -p 16992,16993,5900,623,664 -iL $RANGE $EXCLUDE --banners -oB intel-amt $RATE"
masscan --open -p 16992,16993,5900,623,664 -iL $RANGE $EXCLUDE --banners -oB intel-amt $RATE
echo "masscan --open -p 16992,16993,5900,623,664 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB intel-amt $RATE"
masscan --open -p 16992,16993,5900,623,664 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB intel-amt $RATE

echo "masscan --open -p 860,3205,3260 -iL $RANGE $EXCLUDE $RATE --banners -oB iscsi"
masscan --open -p 860,3205,3260 -iL $RANGE $EXCLUDE $RATE --banners -oB iscsi
echo "masscan --open -p 860,3205,3260 -iL $RANGE $EXCLUDE $INTERFACE $RATE --banners -oB iscsi"
masscan --open -p 860,3205,3260 -iL $RANGE $EXCLUDE $INTERFACE $RATE --banners -oB iscsi

# A authentication bypass and execution of code vulnerability in HPE Integrated Lights-out 4 (iLO 4) version prior to 2.53 was found.
echo "masscan --open -p 17988 -iL $RANGE $EXCLUDE --banners -oB hi-lo $RATE"
masscan --open -p 17988 -iL $RANGE $EXCLUDE --banners -oB hi-lo $RATE
echo "masscan --open -p 17988 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB hi-lo $RATE"
masscan --open -p 17988 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB hi-lo $RATE
masscan --readscan hi-lo | awk '{print $6}' > hi-lo.txt

echo "masscan --open -p 25672 -iL $RANGE $EXCLUDE --banners -oB rabbitmq $RATE"
masscan --open -p 25672 -iL $RANGE $EXCLUDE --banners -oB rabbitmq $RATE
echo "masscan --open -p 25672 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB rabbitmq $RATE"
masscan --open -p 25672 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB rabbitmq $RATE
masscan --readscan rabbitmq | awk '{print $6}' > rabbitmq.txt

echo "masscan --open -p 27017 -iL $RANGE $EXCLUDE --banners -oB mongodb $RATE"
masscan --open -p 27017 -iL $RANGE $EXCLUDE --banners -oB mongodb $RATE
echo "masscan --open -p 27017 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB mongodb $RATE"
masscan --open -p 27017 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB mongodb $RATE
masscan --readscan mongodb | awk '{print $6}' > mongodb.txt

echo "masscan --open -p 389 -iL $RANGE $EXCLUDE --banners -oB ldap $RATE"
masscan --open -p 389 -iL $RANGE $EXCLUDE --banners -oB ldap $RATE
echo "masscan --open -p 389 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ldap $RATE"
masscan --open -p 389 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ldap $RATE
masscan --readscan ldap | awk '{print $6}' > ldap.txt

echo "masscan --open -p 636 -iL $RANGE $EXCLUDE --banners -oB ldaps $RATE"
masscan --open -p 636 -iL $RANGE $EXCLUDE --banners -oB ldaps $RATE
echo "masscan --open -p 636 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ldaps $RATE"
masscan --open -p 636 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB ldaps $RATE
masscan --readscan ldaps | awk '{print $6}' > ldaps.txt

echo "masscan --open -p 9999,30718 -iL $RANGE $EXCLUDE --banners -oB lantronix $RATE"
masscan --open -p 9999,30718 -iL $RANGE $EXCLUDE --banners -oB lantronix $RATE
echo "masscan --open -p 9999,30718 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB lantronix $RATE"
masscan --open -p 9999,30718 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB lantronix $RATE

echo "masscan --open -p 8000,50000,50013 -iL $RANGE $EXCLUDE --banners -oB sap $RATE"
masscan --open -p 8000,50000,50013 -iL $RANGE $EXCLUDE --banners -oB sap $RATE
echo "masscan --open -p 8000,50000,50013 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB sap $RATE"
masscan --open -p 8000,50000,50013 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB sap $RATE

echo "masscan --open -p 3260 -iL $RANGE $EXCLUDE --banners -oB iSCSI $RATE"
masscan --open -p 3260 -iL $RANGE $EXCLUDE --banners -oB iSCSI $RATE
echo "masscan --open -p 3260 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB iSCSI $RATE"
masscan --open -p 3260 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB iSCSI $RATE
masscan --readscan iSCSI | awk '{print $6}' > iSCSI.txt

echo "masscan --open -p 9010 -iL $RANGE $EXCLUDE --banners -oB track-it $RATE"
masscan --open -p 9010 -iL $RANGE $EXCLUDE --banners -oB track-it $RATE
echo "masscan --open -p 9010 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB track-it $RATE"
masscan --open -p 9010 -iL $RANGE $EXCLUDE $INTERFACE --banners -oB track-it $RATE
masscan --readscan track-it | awk '{print $6}' > track-it.txt

# search for titles in banners
masscan --readscan http | grep title | grep --color=auto -i tomcat
masscan --readscan http | grep title | grep --color=auto -i bitnami
masscan --readscan http | grep title | grep --color=auto -i jenkins
masscan --readscan http | grep title | grep --color=auto -i xerox

# delete files of size zero
find ./ -size 0 -print0 | xargs -0 rm --

# perform web screenshots:
mkdir web
cd web
mkdir web
cd web

# Aquatone
# create dirs
mkdir aquatone && cd aquatone
mkdir aquatone && cd aquatone
wget https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip -O temp.zip && unzip temp.zip && rm README.md && rm LICENSE.txt && rm temp.zip
cat ../../http.xml | ./aquatone

# download aquatone
wget https://github.com/michenriksen/aquatone/releases/download/v1.7.0/aquatone_linux_amd64_1.7.0.zip -O temp.zip && unzip temp.zip && rm README.md && rm LICENSE.txt && rm temp.zip
cd .. && mkdir gowitness && cd gowitness
go install github.com/sensepost/gowitness@latest
~/go/bin/gowitness nmap -f ../../http.xml

# run aquatone
cat ../../http.xml | ./aquatone
Expand All @@ -282,9 +272,11 @@ find ./ -size 0 -print0 | xargs -0 rm --
~/go/bin/gowitness nmap -f ../../http.xml

# Jexboss

cd ..
git clone https://github.com/sho-luv/jexboss.git
cd jexboss
sqlite3 gowitness/gowitness.sqlite3 "select url from urls" > urls.txt
./jexboss.py -mode file-scan -file urls.txt -out vulnerable_systems.txt