Created
March 19, 2018 13:53
-
-
Save cnmiller/b189a28b22f0bc7618f291b36e1ea946 to your computer and use it in GitHub Desktop.
SWI.sh
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| BLUE='\033[1;34m' | |
| RED='\033[1;31m' | |
| GREEN='\033[1;32m' | |
| NC='\033[0m' | |
| echo -e "${BLUE} | |
| ▄▄▄▄▄▄▄▄▄▄▄ ▄ ▄ ▄▄▄▄▄▄▄▄▄▄▄ ▄▄▄▄▄▄▄▄▄▄▄ ▄ ▄ | |
| ▐░░░░░░░░░░░▌▐░▌ ▐░▌▐░░░░░░░░░░░▌ ▐░░░░░░░░░░░▌▐░▌ ▐░▌ | |
| ▐░█▀▀▀▀▀▀▀▀▀ ▐░▌ ▐░▌ ▀▀▀▀█░█▀▀▀▀ ▐░█▀▀▀▀▀▀▀▀▀ ▐░▌ ▐░▌ | |
| ▐░▌ ▐░▌ ▐░▌ ▐░▌ ▐░▌ ▐░▌ ▐░▌ | |
| ▐░█▄▄▄▄▄▄▄▄▄ ▐░▌ ▄ ▐░▌ ▐░▌ ▐░█▄▄▄▄▄▄▄▄▄ ▐░█▄▄▄▄▄▄▄█░▌ | |
| ▐░░░░░░░░░░░▌▐░▌ ▐░▌ ▐░▌ ▐░▌ ▐░░░░░░░░░░░▌▐░░░░░░░░░░░▌ | |
| ▀▀▀▀▀▀▀▀▀█░▌▐░▌ ▐░▌░▌ ▐░▌ ▐░▌ ▀▀▀▀▀▀▀▀▀█░▌▐░█▀▀▀▀▀▀▀█░▌ | |
| ▐░▌▐░▌▐░▌ ▐░▌▐░▌ ▐░▌ ▐░▌▐░▌ ▐░▌ | |
| ▄▄▄▄▄▄▄▄▄█░▌▐░▌░▌ ▐░▐░▌ ▄▄▄▄█░█▄▄▄▄ ▄ ▄▄▄▄▄▄▄▄▄█░▌▐░▌ ▐░▌ | |
| ▐░░░░░░░░░░░▌▐░░▌ ▐░░▌▐░░░░░░░░░░░▌▐░▌▐░░░░░░░░░░░▌▐░▌ ▐░▌ | |
| ▀▀▀▀▀▀▀▀▀▀▀ ▀▀ ▀▀ ▀▀▀▀▀▀▀▀▀▀▀ ▀ ▀▀▀▀▀▀▀▀▀▀▀ ▀ ▀ ${NC} | |
| -------------------------------------------------------------------- | |
| ${BLUE}S${NC}imple ${BLUE}W${NC}in ${BLUE}I${NC}dentifier | v0.1 | 16 MAR 2018 | |
| --------------------------------------------------------------------" | |
| ############################################################################### | |
| # Don't want to wait for Nessus results? The Simple Win Identifier (SWI.sh) is | |
| # a quick and dirty script to identify easy wins during penetration testing | |
| # engagements. When run against a directory containing .html files (generated | |
| # by EyeWitness, httpscreenshot, etc.) SWI.sh parses them, searching for any | |
| # misconfigurations or vulnerabilities that can give the testers a quick win. | |
| # This script is designed to be simple and modular so that additional tests can | |
| # be easily added. Disclaimer: I am not a programmer. Good Luck! | |
| # | |
| # Current tests include: Directory Listings, Jenkins, & Default Tomcat. Pull | |
| # requests appreciated. | |
| ############################################################################### | |
| ############################################################################### | |
| # Parse Command Line arguments | |
| ############################################################################### | |
| HELP=false | |
| BRUTE=false | |
| DIR=false | |
| USAGE="Usage: $(basename "$0") -d ~/path/to/html/files/ <[options]>" | |
| DESCRIPTION="Description: A script to quickly identify easy wins during pentests" | |
| while getopts bhd: option | |
| do | |
| case "${option}" | |
| in | |
| b) BRUTE=true;; | |
| h) HELP=true;; | |
| d) DIR=${OPTARG};; | |
| * ) if [ -z "$1" ]; then break; else echo "Try $(basename "$0") -h for help"; exit 1; fi;; | |
| esac | |
| done | |
| if $HELP || [ "$1" = "" ]; then | |
| echo $USAGE | |
| echo $DESCRIPTION | |
| echo "Options:" | |
| echo " -b bruteforce common passwords" | |
| echo " -d path to directory containing HTML files" | |
| echo " -h show this help text" | |
| exit | |
| fi | |
| ############################################################################### | |
| # Search .html files for service fingerprints | |
| ############################################################################### | |
| echo "----------------------------------------------------------" | |
| echo -e "\033[1m[*] Checking for .html files in $DIR\033[0m" | |
| FILE_NUMBER=$(find $DIR*.html -type f | wc -l) | |
| if (( $FILE_NUMBER > 0 )); then | |
| echo -e "${GREEN}[+] Found: $FILE_NUMBER .html files${NC}" | |
| else | |
| echo -e "${RED}[-] No .html files found in $DIR${NC}" | |
| exit | |
| fi | |
| echo | |
| # Check for Jenkins | |
| echo "----------------------------------------------------------" | |
| echo -e "\033[1m[*] Checking for Jenkins\033[0m" | |
| if find $DIR*.html -type f -exec grep -l "jenkins-ci.org" {} + | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'; then | |
| : | |
| else | |
| echo -e "${RED}[-] None Found${NC}" | |
| fi | |
| echo | |
| # Check for Jenkins with no authentication | |
| echo "----------------------------------------------------------" | |
| echo -e "\033[1m[*] Checking for Jenkins (No Authentication)\033[0m" | |
| if find $DIR*.html -type f -exec grep -l "Manage Jenkins" {} + | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'; then | |
| : | |
| else | |
| echo -e "${RED}[-] None Found${NC}" | |
| fi | |
| echo | |
| # Check for Default Tomcat Splash Pages | |
| echo "----------------------------------------------------------" | |
| echo -e "\033[1m[*] Checking for Default Tomcat Splash Pages\033[0m" | |
| if find $DIR*.html -type f -exec grep -l "tomcat.apache.org" {} + | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'; then | |
| : | |
| else | |
| echo -e "${RED}[-] None Found${NC}" | |
| fi | |
| echo | |
| # Check for Directory Listings | |
| echo "----------------------------------------------------------" | |
| echo -e "\033[1m[*] Checking for Directory Listings\033[0m" | |
| if find $DIR*.html -type f -exec grep -l "Index of /" {} + | grep -o '[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}\.[0-9]\{1,3\}'; then | |
| : | |
| else | |
| echo -e "${RED}[-] None Found${NC}" | |
| fi | |
| echo | |
| ############################################################################### | |
| # Begin Brute Forcing | |
| ############################################################################### | |
| if $BRUTE; then | |
| echo -e "\033[1m----------------------------------------------------------\033[0m" | |
| echo -e "\033[1m${BLUE}[*] Beginning Brute Force Attacks\033[0m${NC}" | |
| echo -e "\033[1m----------------------------------------------------------\033[0m" | |
| fi |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment