Sn1per by @sn1persecurity - https://sn1persecurity.com

root · root · commit c50af967c02e · 2022-12-11T16:50:18.000-07:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,4 +1,6 @@
 ## CHANGELOG:
+* v9.1 - Updated Nuclei sc0pe templates
+* v9.1 - Fixed issue with Nuclei sc0pe parsers not working
 * v9.1 - Fixed issue with GAU installer/commmand not working
 * v9.1 - Fixed issue with passive URL fetching 
 * v9.1 - Fixed issue with nuclei not being installed
diff --git a/README.md b/README.md
@@ -16,7 +16,7 @@
 [![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-workspace-navigator1-3.png)](https://sn1persecurity.com/)
 
 ## The ultimate pentesting toolkit.
-See how Sn1per can help your security team
+Integrate with the leading commercial and open source vulnerability scanners to scan for the latest CVEs and vulnerabilities. 
 
 [![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-workspace-report1-3.png)](https://sn1persecurity.com/)
 
@@ -26,7 +26,7 @@ Security tools are expensive and time-consuming, but with Sn1per, you can save t
 [![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-host-list3-1.png)](https://sn1persecurity.com/)
 
 ### Find what you can't see.
-Hacking is a problem that's only getting worse. But, with Sn1per, you can find what you can’t see—hidden assets and vulnerabilities in your environment. Integrate with the leading commercial and open source vulnerability scanners to scan for the latest CVEs and vulnerabilities. Find out quickly how hackers can attack your business or organization before it’s too late.
+Hacking is a problem that's only getting worse. But, with Sn1per, you can find what you can’t see—hidden assets and vulnerabilities in your environment. 
 
 [![](https://sn1persecurity.com/wordpress/wp-content/uploads/2022/05/Sn1per-Enterprise-host-list2-1.png)](https://sn1persecurity.com/)
 
diff --git a/modes/webporthttp.sh b/modes/webporthttp.sh
@@ -347,7 +347,7 @@ if [[ "$MODE" = "webporthttp" ]]; then
       echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
       echo -e "$OKRED RUNNING NUCLEI SCAN $RESET"
       echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
-      nuclei -silent -t /usr/share/sniper/plugins/nuclei-templates/ -c $THREADS -target http://$TARGET:${PORT} -o $LOOT_DIR/web/nuclei-http-${TARGET}-port${PORT}.txt 
+      nuclei -silent -t /root/nuclei-templates/ -c $THREADS -target http://$TARGET:${PORT} -o $LOOT_DIR/web/nuclei-http-${TARGET}-port${PORT}.txt
     fi
     SSL="false"
     source $INSTALL_DIR/modes/web_autopwn.sh
diff --git a/modes/webporthttps.sh b/modes/webporthttps.sh
@@ -356,7 +356,7 @@ if [[ "$MODE" = "webporthttps" ]]; then
       echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
       echo -e "$OKRED RUNNING NUCLEI SCAN $RESET"
       echo -e "${OKGREEN}====================================================================================${RESET}•x${OKGREEN}[`date +"%Y-%m-%d](%H:%M)"`${RESET}x•"
-      nuclei -silent -t /usr/share/sniper/plugins/nuclei-templates/ -c $THREADS -target https://$TARGET:${PORT} -o $LOOT_DIR/web/nuclei-https-${TARGET}-port${PORT}.txt 
+      nuclei -silent -t /root/nuclei-templates/ -c $THREADS -target https://$TARGET:${PORT} -o $LOOT_DIR/web/nuclei-https-${TARGET}-port${PORT}.txt
     fi
     cd $INSTALL_DIR
     SSL="true"
diff --git a/templates/active/Apache_Tomcat_Scanner.sh b/templates/active/Apache_Tomcat_Scanner.sh
@@ -2,8 +2,8 @@ AUTHOR='@xer0dayz'
 VULN_NAME='Apache Tomcat Detected'
 URI='/404_DOES_NOT_EXIST'
 METHOD='GET'
-MATCH="Apache\ Tomcat"
+MATCH="Apache\ Tomcat\/[0-9]?[0-9]\.[0-9]?[0-9]\.[0-9]?[0-9]"
 SEVERITY='P5 - INFO'
 CURL_OPTS="--user-agent '' -s -L --insecure"
 SECONDARY_COMMANDS=''
-GREP_OPTIONS='-i'
+GREP_OPTIONS='-o'
diff --git a/templates/active/PHP_Info.sh b/templates/active/PHP_Info.sh
@@ -2,8 +2,8 @@ AUTHOR='@xer0dayz'
 VULN_NAME='PHP Info Detected 1'
 URI='/phpinfo.php'
 METHOD='GET'
-MATCH='PHP Version '
+MATCH='>PHP Version \<'
 SEVERITY='P4 - LOW'
 CURL_OPTS="--user-agent '' -s -L --insecure"
 SECONDARY_COMMANDS=''
-GREP_OPTIONS='-i'
+GREP_OPTIONS='-e'
diff --git a/templates/active/VMware_vCenter_Unauthenticated_Arbitrary_File_Read.sh b/templates/active/VMware_vCenter_Unauthenticated_Arbitrary_File_Read.sh
@@ -2,7 +2,7 @@ AUTHOR='@xer0dayz'
 VULN_NAME='VMware vCenter Unauthenticated Arbitrary File Read'
 URI='/eam/vib?id=C:\\ProgramData\\VMware\\vCenterServer\\cfg\\vmware-vpx\\vcdb.properties'
 METHOD='GET'
-MATCH="dbtype|password\.ecrypted"
+MATCH="dbtype\ |password\.ecrypted"
 SEVERITY='P2 - HIGH'
 CURL_OPTS="--user-agent '' -s -L --insecure"
 SECONDARY_COMMANDS=''
diff --git a/templates/passive/network/Interesting_Domain_Found.sh b/templates/passive/network/Interesting_Domain_Found.sh
@@ -1,7 +1,8 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Interesting Domain Found'
-FILENAME="$LOOT_DIR/domains/domains-all-sorted_NA.txt"
-MATCH='admin|dev|portal|stage|prod|tst|test'
+echo "$TARGET" > /tmp/target 
+FILENAME="/tmp/target"
+MATCH="admin|dev|portal|stage|prod|tst|test"
 SEVERITY='P5 - INFO'
 GREP_OPTIONS='-i'
 SEARCH='positive'
diff --git a/templates/passive/network/Possible_Takeover_Detected.sh b/templates/passive/network/Possible_Takeover_Detected.sh
@@ -1,7 +1,7 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Possible Takeover Detected'
 FILENAME="$LOOT_DIR/nmap/takeovers-$TARGET.txt"
-MATCH='netlify|wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|modulus|unbounce|uservoice|wpengine|cloudapp'
+MATCH='anima|bitly|wordpress|instapage|heroku|github|bitbucket|squarespace|fastly|feed|fresh|ghost|helpscout|helpjuice|instapage|pingdom|surveygizmo|teamwork|tictail|shopify|desk|teamwork|unbounce|helpjuice|helpscout|pingdom|tictail|campaign|monitor|cargocollective|statuspage|tumblr|amazon|hubspot|cloudfront|modulus|unbounce|uservoice|wpengine|cloudapp|azure|trafficmanager|netifly|brandpa'
 SEVERITY='P5 - INFO'
 GREP_OPTIONS='-i'
 SEARCH='positive'
diff --git a/templates/passive/network/recursive/Component_With_Known_Vulnerabilities_-_NMap.sh b/templates/passive/network/recursive/Component_With_Known_Vulnerabilities_-_NMap.sh
@@ -1,6 +1,7 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Component With Known Vulnerabilities - NMap'
 FILENAME="$LOOT_DIR/nmap/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET.txt $LOOT_DIR/output/nmap-$TARGET-*.txt"
+OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
 MATCH="vulners.com"
 GREP_OPTIONS='-ih'
 TYPE="network"
diff --git a/templates/passive/network/recursive/Interesting_Ports_Found.sh b/templates/passive/network/recursive/Interesting_Ports_Found.sh
@@ -1,14 +1,23 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Interesting Ports Found'
 FILENAME="$LOOT_DIR/nmap/ports-$TARGET.txt"
-MATCH="21\ |22\ |23\ |137\ |139\ |445\ |8080\ |8443\ |3306\ |5900\ |53\ |8081\ "
+MATCH="21\ |22\ |23\ |137\ |139\ |445\ |8080\ |8443\ |3306\ |5900\ |53\ |8081\ |5432\ "
 SEVERITY='P5 - INFO'
 GREP_OPTIONS='-i'
 SECONDARY_COMMANDS=''
 OUTPUT_NAME=$(echo $VULN_NAME | sed -E 's/[^[:alnum:]]+/_/g')
 TYPE='network'
 
 rm -f /tmp/match.out 2> /dev/null
-rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
-cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null >/tmp/match.out && echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g")" 2> /dev/null | tee -a "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null && /bin/bash "$INSTALL_DIR/bin/slack.sh" "[sn1persecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" && echo "[sn1persecurity.com] •?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ' | sed -r "s/</\&lh\;/g") (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications.txt || rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null 
+cat $FILENAME 2> /dev/null | egrep $GREP_OPTIONS "$MATCH" $SECONDARY_COMMANDS 2> /dev/null | head -n 1 2> /dev/null > /tmp/match.out
+
+CHARS="$(wc -c /tmp/match.out 2> /dev/null | awk '{print $1}' 2> /dev/null)"
+if [[ $CHARS > 0 ]]; then
+	echo "$SEVERITY, $VULN_NAME, $TARGET, $(cat /tmp/match.out 2> /dev/null)" | tee "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
+	# /bin/bash "$INSTALL_DIR/bin/slack.sh" "[+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out | tr '\n' ' ') (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•"
+	#echo "•?((¯°·._.• [+] [$SEVERITY] $VULN_NAME - $TARGET - EVIDENCE: $(cat /tmp/match.out) (`date +"%Y-%m-%d %H:%M"`) •._.·°¯))؟•" >> $LOOT_DIR/scans/notifications_new.txt
+else
+	rm -f "$LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt" 2> /dev/null
+fi
+
 rm -f /tmp/match.out 2> /dev/null
diff --git a/templates/passive/network/recursive/Nessus_Import.sh b/templates/passive/network/recursive/Nessus_Import.sh
diff --git a/templates/passive/web/Autocomplete_Enabled.sh b/templates/passive/web/Autocomplete_Enabled.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Autocomplete Enabled'
-FILENAME="$LOOT_DIR/web/websource-$TARGET-*.txt"
+FILENAME="$LOOT_DIR/web/websource-htt*-$TARGET-*.txt"
 MATCH='autocomplete=\"on\"'
 SEVERITY='P4 - LOW'
 GREP_OPTIONS='-i'
diff --git a/templates/passive/web/CORS_Policy_-_Allow-Credentials_Enabled.sh b/templates/passive/web/CORS_Policy_-_Allow-Credentials_Enabled.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='CORS Policy - Allow-Credentials Enabled'
-FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt"
+FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
 MATCH='Access-Control-Allow-Credentials: true'
 SEVERITY='P4 - LOW'
 GREP_OPTIONS='-i'
diff --git a/templates/passive/web/CORS_Policy_-_Allow-Origin_Wildcard.sh b/templates/passive/web/CORS_Policy_-_Allow-Origin_Wildcard.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='CORS Policy - Allow-Origin Wildcard'
-FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt"
+FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
 MATCH='Access-Control-Allow-Origin: *'
 SEVERITY='P4 - LOW'
 GREP_OPTIONS='-i'
diff --git a/templates/passive/web/Clear-text_Communications_HTTP.sh b/templates/passive/web/Clear-text_Communications_HTTP.sh
@@ -1,12 +1,10 @@
 if [ "$SSL" = "false" ]; then
 	AUTHOR='@xer0dayz'
 	VULN_NAME='Clear-Text Protocol - HTTP'
-	FILENAME="$LOOT_DIR/web/headers-http-$TARGET.txt"
+	FILENAME="$LOOT_DIR/web/headers-http-$TARGET-*.txt"
 	MATCH="200\ OK"
 	SEVERITY='P2 - HIGH'
 	GREP_OPTIONS='-i'
 	SEARCH='positive'
 	SECONDARY_COMMANDS=''
-else
-	break
 fi
diff --git a/templates/passive/web/Drupal_Detected.sh b/templates/passive/web/Drupal_Detected.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Drupal Detected'
-FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt"
+FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
 MATCH="X\-Generator\:\ Drupal\ "
 SEVERITY='P5 - INFO'
 GREP_OPTIONS='-i'
diff --git a/templates/passive/web/Expired_SSL_Certificate.sh b/templates/passive/web/Expired_SSL_Certificate.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Expired SSL Certificate'
-FILENAME="$LOOT_DIR/web/curldebug-$TARGET.txt"
+FILENAME="$LOOT_DIR/web/curldebug-$TARGET-*.txt"
 MATCH='certificate has expired'
 SEVERITY='P3 - MEDIUM'
 GREP_OPTIONS=''
diff --git a/templates/passive/web/Fortinet_FortiGate_SSL_VPN_Panel_Passive_Detection.sh b/templates/passive/web/Fortinet_FortiGate_SSL_VPN_Panel_Passive_Detection.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Fortinet FortiGate SSL VPN Panel Passive Detection'
-FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt"
+FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
 MATCH="Server\:\ xxxxxxxx-xxxxx"
 SEVERITY='P5 - INFO'
 GREP_OPTIONS='-i'
diff --git a/templates/passive/web/Insecure_Cookie_-_HTTPOnly_Not_Set.sh b/templates/passive/web/Insecure_Cookie_-_HTTPOnly_Not_Set.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Insecure Cookie - HTTPOnly Not Set'
-FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt"
+FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
 MATCH='Set-Cookie'
 SEVERITY='P3 - MEDIUM'
 GREP_OPTIONS='-i'
diff --git a/templates/passive/web/Insecure_Cookie_-_Secure_Not_Set.sh b/templates/passive/web/Insecure_Cookie_-_Secure_Not_Set.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Insecure Cookie - Secure Not Set'
-FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt"
+FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
 MATCH='Set-Cookie'
 SEVERITY='P3 - MEDIUM'
 GREP_OPTIONS='-i'
diff --git a/templates/passive/web/Insecure_SSL_TLS_Connection.sh b/templates/passive/web/Insecure_SSL_TLS_Connection.sh
@@ -1,10 +1,8 @@
-if [ "$SSL" = "true" ]; then
-	AUTHOR='@xer0dayz'
-	VULN_NAME='Weak SSL TLS Protocols'
-	FILENAME="$LOOT_DIR/web/sslscan-$TARGET.txt"
-	MATCH=' SSLv'
-	SEVERITY='P2 - HIGH'
-	GREP_OPTIONS='-i'
-	SEARCH='positive'
-	SECONDARY_COMMANDS=''
-fi
+AUTHOR='@xer0dayz'
+VULN_NAME='Weak SSL TLS Protocols'
+FILENAME="$LOOT_DIR/web/sslscan-$TARGET.txt $LOOT_DIR/web/sslscan-$TARGET-*.txt"
+MATCH="SSLv*   enabled"
+SEVERITY='P2 - HIGH'
+GREP_OPTIONS='-i'
+SEARCH='positive'
+SECONDARY_COMMANDS=''
diff --git a/templates/passive/web/Insecure_SSL_TLS_Connection_CN_Mismatch.sh b/templates/passive/web/Insecure_SSL_TLS_Connection_CN_Mismatch.sh
@@ -1,13 +1,9 @@
-if [ "$SSL" = "true" ]; then
-	AUTHOR='@xer0dayz'
-	VULN_NAME='Insecure SSL TLS Connection CN Mismatch'
-	FILENAME="$LOOT_DIR/web/curldebug-$TARGET.txt"
-	MATCH='failed to verify the legitimacy of the server'
-	SEVERITY='P3 - MEDIUM'
-	GREP_OPTIONS='-i'
-	SEARCH='positive'
-	SECONDARY_COMMANDS=''
-	URI="/"
-else
-	break
-fi
+AUTHOR='@xer0dayz'
+VULN_NAME='Insecure SSL TLS Connection CN Mismatch'
+FILENAME="$LOOT_DIR/web/curldebug-$TARGET.txt"
+MATCH='failed to verify the legitimacy of the server'
+SEVERITY='P3 - MEDIUM'
+GREP_OPTIONS='-i'
+SEARCH='positive'
+SECONDARY_COMMANDS=''
+URI="/"
diff --git a/templates/passive/web/Interesting_Title_Found.sh b/templates/passive/web/Interesting_Title_Found.sh
@@ -1,7 +1,7 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='Interesting Title Found'
-FILENAME="$LOOT_DIR/web/title-htt*-$TARGET.txt"
-MATCH='admin|dev|portal'
+FILENAME="$LOOT_DIR/web/title-htt*-$TARGET-*.txt"
+MATCH='admin|dev|portal|login|sign|signup|registration|account'
 SEVERITY='P5 - INFO'
 GREP_OPTIONS='-i'
 SEARCH='positive'
diff --git a/templates/passive/web/Server_Header_Disclosure.sh b/templates/passive/web/Server_Header_Disclosure.sh
@@ -1,18 +1,18 @@
 if [ "$SSL" = "false" ]; then
 	AUTHOR='@xer0dayz'
 	VULN_NAME='Server Header Disclosure - HTTP'
-	FILENAME="$LOOT_DIR/web/headers-http-$TARGET.txt"
+	FILENAME="$LOOT_DIR/web/headers-http-$TARGET-*.txt"
 	MATCH="Server\:"
-	SEVERITY='P4 - LOW'
+	SEVERITY='P5 - INFO'
 	GREP_OPTIONS='-i'
 	SEARCH='positive'
 	SECONDARY_COMMANDS=''
 else
 	AUTHOR='@xer0dayz'
 	VULN_NAME='Server Header Disclosure - HTTPS'
-	FILENAME="$LOOT_DIR/web/headers-https-$TARGET.txt"
+	FILENAME="$LOOT_DIR/web/headers-https-$TARGET-*.txt"
 	MATCH="Server\:"
-	SEVERITY='P4 - LOW'
+	SEVERITY='P5 - INFO'
 	GREP_OPTIONS='-i'
 	SEARCH='positive'
 	SECONDARY_COMMANDS=''
diff --git a/templates/passive/web/X-Powered-By_Header_Found.sh b/templates/passive/web/X-Powered-By_Header_Found.sh
@@ -1,6 +1,6 @@
 AUTHOR='@xer0dayz'
 VULN_NAME='X-Powered-By Header Found'
-FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt"
+FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET-*.txt"
 MATCH='X-Powered-By'
 SEVERITY='P5 - INFO'
 GREP_OPTIONS='-i'
diff --git a/templates/passive/web/recursive/Nuclei_Vulnerability_Scan_-_HTTP.sh b/templates/passive/web/recursive/Nuclei_Vulnerability_Scan_-_HTTP.sh
@@ -6,14 +6,14 @@ GREP_OPTIONS='-ih'
 
 rm -f $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
 MATCH="\[critical\]"
-egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P1 - CRITICAL, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
+egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P1 - CRITICAL, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " "  $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
 MATCH="\[high\]"
-egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P2 - HIGH, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
+egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P2 - HIGH, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " "  $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
 MATCH="\[medium\]"
-egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P3 - MEDIUM, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
+egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P3 - MEDIUM, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " "  $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
 MATCH="\[low\]"
-egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
+egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P4 - LOW, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " "  $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
 MATCH="\[info\]"
-egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P5 - INFO, Nuclei Vulnerability Scan, " $3 ", " $6}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
+egrep "$GREP_OPTIONS" "$MATCH" $FILENAME 2> /dev/null | awk -v AWK_TARGET="$TARGET" '$50=AWK_TARGET{print "P5 - INFO, Nuclei Vulnerability Scan, " $1 ", " $4 " " $5 " " $6 " " $7 " " $8 " " $9 " " $10 " " $11 " "  $12 " " $13 " " $14 " " $15 " " $16 " " $17 " " $18 " " $19 " " $20 " " $21 " " $22 " " $23 " " $24 " " $25}' 2> /dev/null >> $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
 
 cat $LOOT_DIR/vulnerabilities/sc0pe-$TARGET-$OUTPUT_NAME.txt 2> /dev/null
diff --git a/templates/passive/web/recursive/Nuclei_Vulnerability_Scan_-_HTTPS.sh b/templates/passive/web/recursive/Nuclei_Vulnerability_Scan_-_HTTPS.sh
