README.md

@@ -1,17 +1,19 @@
-# SSB
+# THIS PROJECT IS NO L0NGER MAINTAINED, PLEASE USE AWACS-SCANNER INSTEAD
+
+## SSB
 ![image](https://user-images.githubusercontent.com/72181445/153228795-7346bd04-69eb-4205-9d27-c104ad7295ea.png)
-# Current version: Mark_V10
+### Current version: Mark_V13.3.3
 
-# Put on the night apparence mode so the logos look alot cooler :)
+## Put on the night apparence mode so the logos look alot cooler :)
 
-# Description
+## Description
 SSB=simple subdomain bruteforcer
 
 SSB Tries to find subdomains for a domain and scan them for ports/services. When SSB has identified all of the services the subdomain is running, it will then scan the services for common misconfigurations and credentials.
 
 SSB  scans the subdomains for the most common ports and services i've seen in the wild.
 
-# Update log (only major updates)
+## Update log (only major updates)
 Update: Mark_v0: Scans for ports in the found subdomains.
 
 Update: Mark_v3: SSH Bruteforce added and ftp threads increased, problems with report generating solved.
@@ -27,55 +29,69 @@ Update: Mark_v8: Added flags and hotfixes
 Update: Mark_v9: Added new scan type: light_scan (only service detection)
 
 Update: Mark_v10: Flag ui upgraded to argparse 
-# Under dev?: Currently yes
-
-# BACKGROUND:
-I started this project on 2.2.2022
-
-# HOW TO SETUP:
-
-pip3 install requests
-
-pip3 install termcolor
 
-pip3 install ftplib
+Update: Mark_v11: ssb now uses 3 different programs to find subdomains (sublis3r,findomain,assetfinder)
 
-pip3 install paramiko
+Update: Mark_v11.2.1: Added url discovery and finding sensitive files in those urls, fixed bug in color handling
 
-sudo apt-get install libmariadb3 libmariadb-dev
+Update: Mark_v13.3.2: Added target list mode, colored errors, fixed alot of stuff :D
+## Under dev?: NO
 
-pip3 install mariadb
-
-pip3 install smbprotocol
-
-pip3 install telnetlib
+## BACKGROUND:
+I started this project on 2.2.2022
 
+## HOW TO SETUP:
+```
+chmod +x install.sh
+./install.sh
+```
 And you're done, now just launch the app using PYTHON3
 
-python3 ssb.py
-
-# Usage:
---help   (not_necessary)    Displays the help page 
-
--h   (necessary)    Hostname to scan 
-
---scan-type   (necessary)    Scan types: Validate, light_scan, scan    Validate=validates if subdomain exists light_scan=service detection      scan=all of the mentioned + bruteforce 
-
--s   (necessary)    Subdomain find method: 1=Sublist3r 2=Wordlist 3=Only this domain 
-
---dns-threads   (not_necessary)    The amount of threads that will validate subdomains (default=10) 
-
---web-threads   (not_necessary)    The amount of threads that will be requesting files in the http discovery phase (works only with scan scan_type) (Default:40) 
-
--w   (not_necessary)    Wordlist (used with -s 2) 
-
-# Examples:
-python3 ssb.py -t somerandomassdomain.com -s 1 --scan-type scan 
-
-python3 ssb.py -t somerandomassdomain.com -s 2 -w subdomains.txt --scan-type light_scan
-
-python3 ssb.py -t somerandomassdomain.com -s 1 --scan-type validate
-
+`python3 ssb`
+
+## Usage:  
+```
+  -h, --help            show this help message and exit
+  
+  -t [TARGET], --target [TARGET]
+                        (not_necessary) Target to scan
+                        
+  -tl [TARGET_LIST], --target-list [TARGET_LIST]
+                        (not_necessary) Target list (used with -s 4)
+                        
+  --scan-type SCAN_TYPE, --scan-type SCAN_TYPE
+                        (necessary) Scan types: Validate, light_scan,
+                        scan Validate=validates if subdomain exists
+                        light_scan=service detection scan=all of the mentioned
+                        + bruteforce
+                        
+  -s SCAN_METHOD, --scan-method SCAN_METHOD
+                        (necessary) Subdomain find method:
+                        1=Automated 2=Wordlist 3=Only this domain 4=Read
+                        targets from a list (no subdomain enumeration)
+                        
+  --dns-threads [DNS_THREADS], --dns-threads [DNS_THREADS]
+                        (not_necessary) The amount of threads that will
+                        validate subdomains (default=10)
+                        
+  --web-threads [WEB_THREADS], --web-threads [WEB_THREADS]
+                        (not_necessary) The amount of threads that will be
+                        requesting files in the http discovery phase (works
+                        only with scan scan_type) (Default:40)
+                        
+  -w [WORDLIST], --wordlist [WORDLIST]
+                        (not_necessary) Wordlist (used with -s 2)
+```
+## Examples:
+```
+./ssb -t somerandomassdomain.com -s 1 --scan-type scan 
+
+./ssb -t somerandomassdomain.com -s 2 -w subdomains.txt --scan-type light_scan
+
+./ssb -t somerandomassdomain.com -s 1 --scan-type validate
+
+./ssb -tl hosts.txt -s 4 --scan-type scan
+```
 # Features:
 <img src="https://user-images.githubusercontent.com/72181445/153476377-b250f42b-b0c0-4153-bc58-e42a9146d960.png" width=200></img>
 
@@ -107,6 +123,7 @@ Http/Https File Discovery
 
 Http/Https Method Scan
 
+Url discovery, sensitive file discovery
 
 <img src="https://user-images.githubusercontent.com/72181445/153479607-5ba66053-b54b-408c-9ac1-ca7e373cb083.png" width=200></img>
 
@@ -118,7 +135,9 @@ Telnet Bruteforce
 Rpcbind Process Lister
 
 
-# TECHNICAL DETAILS:
+
+
+## TECHNICAL DETAILS:
 
 +Uses DNS resolving instead of a port specific or ping scan.
 
@@ -129,7 +148,7 @@ Rpcbind Process Lister
 +Validates HTTP and HTTPS ports by actually making a request instead of relying off the fact that it is open (many http/https ports that i've seen in the wild are timeouts)
 
 
--+Easy to use so that it is fast for pen-testers but also script kiddies can operate this which is bad (Unlike nmap which needs flags to be set right)...
+-+Easy to use so that it is fast for pen-testers but also script kiddies can operate this which is bad...
 
 +Automatically scans subdomains without having the need for the hassle of scanning subdomains, making a list, nmap scanning them.
 

install.sh

@@ -0,0 +1,13 @@
+pip3 install requests
+pip3 install termcolor
+pip3 install ftplib
+pip3 install paramiko
+sudo apt-get install libmariadb3 libmariadb-dev
+apt install golang
+pip3 install mariadb
+pip3 install smbprotocol
+pip3 install telnetlib
+go get -u github.com/tomnomnom/assetfinder
+wget https://github.com/findomain/findomain/releases/latest/download/findomain-linux && chmod +x findomain-linux && cp findomain-linux /usr/bin/findomain
+git clone https://github.com/signedsecurity/sigurlfind3r.git && cd sigurlfind3r/cmd/sigurlfind3r/ && go build; mv sigurlfind3r /usr/local/bin/
+echo "SSB INSTALLED!"

json_data/parameters.json

@@ -1,6 +1,7 @@
 {
 "params": {
- "-t": "necessary",
+ "-t": "not_necessary",
+ "-tl": "not_necessary",
  "--scan-type": "necessary",
  "-s": "necessary",
  "--dns-threads": "not_necessary",
@@ -9,13 +10,15 @@
 },
 "description": {
  "-t": "Target to scan",
+ "-tl": "Target list (used with -s 4)",
  "--scan-type": "Scan types: Validate, light_scan, scan    Validate=validates if subdomain exists light_scan=service detection      scan=all of the mentioned + bruteforce",
- "-s": "Subdomain find method: 1=Sublist3r 2=Wordlist 3=Only this domain",
+ "-s": "Subdomain find method: 1=Automated 2=Wordlist 3=Only this domain 4=Read targets from a list (no subdomain enumeration)",
  "--dns-threads": "The amount of threads that will validate subdomains (default=10)",
  "--web-threads": "The amount of threads that will be requesting files in the http discovery phase (works only with scan scan_type) (Default:40)",
  "-w": "Wordlist (used with -s 2)"
 },
 "fullname": {
+ "-tl": "--target-list",
  "-t": "--target",
  "-s": "--scan-method",
  "-w": "--wordlist",