Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'recon'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Categories

  • Files
  • Online Book
  • Services

Categories

  • Hacking

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

  1. Recon for bug bounty, penetration testers & ethical hackers. The full methodology of website reconnaissance and bug bounty. What you’ll learn Recon on websites Gathering subdomains Gathering URLs Gathering parameters Information gathering Collecting sensitive data from websites Deep recon on the website Requirements Basic knowledge of Linux is required Basic knowledge of vulnerabilities Description This course is entirely made for website reconnaissance for bug bounty hunters, penetration testers & ethical hackers. This is an intermediate-level course. All the topics are discussed here regarding recon on websites. Some of the topics are what is a survey, what is recon, recon for bug bounty hunters and penetration testers, Subdomain enumeration, URL enumeration, parameter brute-forcing, Creating your recon tools, and many more… This course is entirely focused on website recon and vulnerability assessment. There will be the whole methodology of website reconnaissance, bug bounty hunting, and penetration testing. The videos are divided into small sections for the students to learn. All the resources are provided in the resource section, including links, pdf, and payloads used in the course. Course Curriculum : Introduction Introduction to recon Subdomain enumeration from tools Subdomain enumeration #1 Subdomain enumeration #2 Subdomain enumeration #3 Subdomain enumeration #4 Subdomain bruteforcing Filtering unique domains Subdomain generator Subdomain enumeration from websites Subdomain enumeration from website #1 Subdomain enumeration from website #2 Subdomain enumeration from website #3 Subdomain enumeration from website #4 Filtering live domains Filtering live domains URL extraction from the internet URL extraction from the internet #1 URL extraction from the internet #2 Finding parameters Finding parameters Parameter bruteforcer Finding URLs from past URL from past Sorting urls Sorting URLs for vulnerabilities Automation for replacing parameters with Payloads Automation for replacing parameters with Payloads Footprinting websites ( Website recon ) What web recon Netcraft Security headers Dnsdumpmaster Whois recon Mxtoolbox OSINT Maltego Browser add-ons for recon analyzer retire.js shodan Knoxx Hack-tools addon WAF identification WAF identification Subdomain takeover HostileSubBruteForcer Sub404 Subject Fuzzing (Content-Discovery) dir ffuf Port scanning Introduction to Nmap Port specification in nmap Service and version detection from nmap Firewall bypass technique Fast port scanning Nabu mass can Visual recon Gowitness Google Dorking Introduction to google Dorking Understanding the URL structure Syntax of google Dorking Google Dorking operators Google search operators ( Part – 1 ) Google search operators ( Part – 2 ) Google Dorking practical Introduction to practical google Dorking How to find directory listing vulnerabilities? How to dork for WordPress plugins and themes? How to work for web server versions? How to dork for application-generated system reports? Dorking for SQLi Reading materials for google Dorking Tips for advanced google Dorking Tip #1 Tip #2 Tip #3 Shodan Dorking Intro to shodan Dorking Shodan web interface Shodan search filters Shodan Dorking practical Finding server Finding files and directories Finding operating systems Finding compromised devices and websites Shodan command line Introduction to the shodan command line Practical shodan in command line Github Dorking Introduction to GitHub Dorking Github Dorking practical Vulnerability scanning Nuclei Wp-Scan Scanning with burp suite Metasploit for recon DNS recon using Metasploit Sub-domain enumeration using Metasploit E-mail address finding Port scanning using Metasploit TCP SYN port scan using Metasploit SSH version detection FTP version enumeration MySQL version detection HTTP enumeration Payloads for bug bounty hunters Payloads for bug hunters and penetration testers How to create tools for recon? SSRF finder tool XSS finding too URL extractor from javascript files Full website recon tool Bonus Bonus video Thank you 🙂 Vivek Pandit Who this course is for: Bug bounty hunters, penetration testers, ethical hackers, etc. [Hidden Content] [hide][Hidden Content]]
  2. DNSRecon is a Python-based tool for DNS scanning and enumeration. It offers various functionalities, including enumerating standard records (A, NS, SOA, and MX) for a specified domain and expanding top-level domains for a given domain. The tool comes with a user-friendly, graph-oriented interface that enables you to observe, categorize, and organize different records of a specific domain with ease. To use the tool, you need to install it and then access the URL provided by the installer via a private browser window. Each search requires opening a new private window, or clearing your browser cache to refresh the graphics. [Hidden Content] Happy hunting!
  3. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.1 – Fixed issue with dirsearch installation/command syntax update v9.1 – Updated Nuclei sc0pe templates v9.1 – Fixed issue with Nuclei sc0pe parsers not working v9.1 – Fixed issue with GAU installer/commmand not working v9.1 – Fixed issue with passive URL fetching v9.1 – Fixed issue with nuclei not being installed v9.1 – Removed error in hackertarget URL fetching v9.1 – Added dnsutils to installer to fix missing deps v9.1 – Fixed issue with gau in webscan modes not running v9.1 – Updated subfinder to latest version v9.1 – Added new email spoofing security checks to OSINT mode (-o) v9.1 – Removed spoofcheck.py v9.1 – Updated timeout settings for curl which was causing sockets/scans to hang v9.1 – Fixed issue with Nuclei symlink missing in installer v9.1 – Fixed issue with Nuclei sc0pe parser not parsing results correctly v9.1 – Fixed issue with Dirsearch not running due to invalid command settings v9.1 – Fixed issue with Nuclei templates not being installed v9.1 – Fixed issue with enum4linux command not being installed v9.1 – Fixed HackerTarget API integration v9.1 – Fixed issue with ping command not being installed v9.1 – Fixed issue with carriage returns in conf v9.1 – Fixed issue with DNS resolution in ‘discover’ mode scans causing duplicate hosts v9.1 – Fixed issue with bruteforce running automatically due to changes in conf file v9.1 – Added verbose scan notifications for disabled conf options v9.1 – Updated default aux mode options in default sniper.conf [hide][Hidden Content]]
  4. Arsenal is a Simple shell script (Bash) used to install tools and requirements for Bug Bounty. Requirements in Arsenal✔️ Python3🐍 Git🌌 Ruby💎 Wget🌐 GO-Lang💩💩💩 Rust [hide][Hidden Content]]
  5. Reconator is a Framework for automating your process of reconnaissance without any Computing resource (Systemless Recon) free of cost. Its Purely designed to host on Heroku which is a free cloud hosting provider. It performs the work of enumerations along with many vulnerability checks and obtains maximum information about the target domain. It also performs various vulnerability checks like XSS, Open Redirects, SSRF, CRLF, LFI, SQLi, and much more. Along with these, it performs OSINT, fuzzing, dorking, ports scanning, nuclei scan on your target. Reconator receives all the targets that need to be reconed via a Web Interface and adds into the Queue and Notifies via Telebot on start and end of Recon on a target. So this is 100% automated and doesn’t require any manual interaction. 🔥 Features 🔥 Systemless Recon 100% Free Fast scan and Easy to use Permanent storage of Results in DB Notification support via Telegram bot Fully Automated Scanner Easy access via Web UI Queue support allows to add many targets Easy Deploy Easy Recon Runs 24/7 for 22 Days [Heroku – 550 hrs/month free] [hide][Hidden Content]]
  6. Description This course will teach you what specific parts are required within the pre-engagement documentation and how to perform the initial investigation of the target while only using open-source intelligence and passive reconnaissance methods. What you’ll learn Before you can start your penetration tests there are a lot of things that come to mind. What documents are needed, what should be in them, what is information gathering, and how/where should you start? In this course, Penetration Testing: Planning, Scoping, and Recon, you’ll learn to perform passive reconnaissance through OSINT and passive methods, and learn what is required in document pre-engagement for you, as a pentester, and your customer to finalize. First, you’ll explore the most important information in the pre-engagement documents like SoW, NDA, and Rules of Engagement. Next, you’ll discover how to leverage OSINT tools and frameworks to gather information about your target. Finally, you’ll learn how to leverage passive scanning tools to gather the information which will aid you in finding targets that could lead you to initial compromise. When you’re finished with this course, you’ll have the skills and knowledge needed to create documents with all the required elements to start an engagement, as well as a good foundation on how to gather information through OSINT and passive reconnaissance tools allowing you to gather valuable data about the target company. [hide][Hidden Content]]
  7. AWS Recon A multi-threaded AWS inventory collection tool. The creators of this tool have a recurring need to be able to efficiently collect a large amount of AWS resource attributes and metadata to help clients understand their cloud security posture. There are a handful of tools (e.g. AWS Config, CloudMapper, CloudSploit, Prowler) that do some form of resource collection to support other functions. But we found we needed broader coverage and more details at a per-service level. We also needed a consistent and structured format that allowed for integration with our other systems and tooling. Enter AWS Recon, multi-threaded AWS inventory collection tool written in plain Ruby. Though most AWS tooling tends to be dominated by Python, the Ruby SDK is quite mature and capable. The maintainers of the Ruby SDK have done a fantastic job making it easy to handle automatic retries, paging of large responses, and threading huge numbers of requests. Changelog v0.5.21 Add S3 bucket object ownership (ref). [hide][Hidden Content]]
  8. Complete Methodology for Ethical Hacking, Pentesting & Bug Bounties with Live Attacks What you'll learn Recon Target Expansion Content Discovery Fuzzing CMS Identification Certificate Transparency Visual Recon Github Recon Custom Wordlists Mindmaps Bug Bounty Automation Bash Scripting Bug Bounty Roadmap Report Writing Shodan for Exploitation Subdomain Enumeartion DNS Dumpster FFUF & WFUZZ Project Discovery Subjack for Bug bounties Amass for Bug bounties Dirsearch for Bug bounties Masscan for Bug bounties Nmap for Bug bounties CTF Recon Methodologies ASN Identification TLS Cert Extraction Requirements Basic IT Skills No Linux, programming or hacking knowledge required. Computer with a minimum of 4GB ram/memory & Internet Connection Operating System: Windows / OS X / Linux Description Welcome to Recon for Bug Bounty, Pentesting & Ethical Hacking. This course starts with the Basics of Recon & Bug Bounty Hunting Fundamentals to Advance Exploitation. This course starts with basics with Web and Web Server Works and how it can be used in our day to day life. We will also learn about DNS, URL vs URN vs URI and Recon for Bug Bounties to make our base stronger and then further move on to Target Expansion, Content Discovery, Fuzzing CMS Identification, Certificate Transparency, Visual Recon , Github Recon , Custom Wordlists , Mind maps, Bug Bounty Automation, Bug Bounty Platforms with practicals. This course covers All the Tools & Techniques for Penetration Testing & Bug Bounties for a better understanding of what’s happening behind the hood. The course also includes in depth approach towards any target and increases the scope for mass hunting and success. With this course, we will learn Target Selection Techniques for Host, Subnet Scans & Host Discovery, Content Discovery, Subdomain Enumeration Horizontal & Vertical, CMS Identification, Fuzzing the target for finding web vulnerabilities like XSS, Open Redirect, SSRF, Sql Injection etc. How to increase the scope and take screenshots for large number for hosts for better visualisation. We will also learn How to use Shodan for Bug Bounties to find critical vulnerabilities in targets. We will also see Github Recon to find sensitive information for targets like API keys from GitHub Repositories. Next we will see How to perform Automation for daily day to day tasks and easier ways to run tools, We will also see How to write Bug Bounty & pentesting Reports. We will also cover mind maps by other hackers for a better approach towards any target and also we will see mindmap created by us. We will also see Bug Bounty Platforms and how to kick start our journey on them. Here's a more detailed breakdown of the course content: In all the sections we will start the fundamental principle of How the scan works and How can we perform Exploitation. In Introduction, We will cover What is Web, What are Web Servers, DNS and We will also learn about DNS and How DNS works and also How DNS is important in our day to day life.We will also see the difference between URL, URN and URI, We will also see the complete breakdown of URL to understand better. We will also learn about Bug-Bounty Hunting and Understand the Importance of Recon in Bug-Bounty Hunting and Pentesting. Before starting the journey, We will see Top-10 rules for Bug-Bounty Hunting and we will understand the psychology of the Hackers. In Shodan for Bug-Bounties we will start with the installation of Shodan and we will learn about Shodan Queries such as Info, Count downloads and many more and will run them from our command line. We will also learn Host Enumeration, Parse dataset, Search Queries, Scan commands using Shodan. The Section cannot be completed without learning about Shodan GUI which is very simple and easily understandable. We will also see Shodan Images, Exploits , Report generation and alot more. In the end, we will see the summary and revision of the section to remember the important queries and key points. We will see live hunting with Shodan and understand about latest CVE’s and perform exploits. We will see Jenkins Exploitation Logs, Jenkins Exploitation Credentials, ADB under Shodan LIVE Hunting. In Certificate Transparency for Subdomain Enumeration we will learn about crt[dot]sh, wildcards of crt[dot]sh and We will learn automation for crt[dot]shto enumerate subdomains for a target. We will also learn about Shodan, Censys for Subdomain Enumeration, We will learn about Google and Facebook Certificate Transparency. We will also learn to find out Subdomains using DNS Dumpster and enumerate all the DNS records as well as save the hosts in a xlsx format. We will also see the workflow for dnsdumpster to know about the whole target server from its DNS records like A, CNAME, MX, TXT etc. In Scope Expansion we will learn about ASN Lookup, Pentest tools, VirusTotal. We will also learn about some awesome tools like Sublister, Subfinder, knockpy, Asset Finder, Amass, Findomain, Sublert, Project Discovery Nmmapper and a lot more. We will also understand how to use them effectively for expanding the scope to walk on less travelled road and achieve success in bug bounties In DNS Enumeration for Bug-Bounties we will learn and understand about DNS Dumpster, DNS Goodies, Altdns, Massdns, Vertical & Horizontal Correlation (Viewdns.info) and enumerate the subdomains from the recursive DNS. We will start with Introduction to Fuzzing, Its importance and Step by Step process, We will see fuzzing practically on LAB and LIVE websites to understand better. We will Learn, Understand and Use tools like Wfuzz and FFUF and also see how we can perform recursive fuzzing on the target. We will also perform HTTP Basic Auth Fuzz to crack the login of the dashboards and also do Login Authentication Cracking with the help of useful wordlists. We will utilise some of the wordlists like Seclists, FuzzDB, Jhaddix All.txt and will also see how to make our own custom wordlists for the targets. Content Discovery covers tools like Dirsearch, Gobuster which will be helpful for finding out sensitive endpoints of the targets like db.conf or env files which may contain the DB username and passwords. Also sensitive information like periodic backups or source code and can also be identified which can lead to compromise of the whole server. In CMS Identification we will learn and understand about Wappalyzer, Builtwith, Netcraft, Whatweb, Retire.js As Banner Grabbing and identifying information about the target is the foremost step, we will identify the underlying technologies which will enable us to narrow down the approach which will lead to success. In WAF Identification we will see WAF Detection with Nmap, WAF Fingerprinting with Nmap, WafW00f vs Nmap. We will know, If there are any firewalls running on the target and accordingly send our payloads to the targets and throttle our requests so we can evade them successfully. The Mindmaps for Recon and Bug-Bounty section will cover the approach and methodology towards the target for pentesting and bug bounty. A strong and clear visual building block visual representation will help in performing the attack process with more clarity and will help in knowing the next steps. The Bug-Bounty Platforms section contains a Roadmap of How to start your Bug-Bounty Journey on different Platforms like Hackerone, Bugcrowd, Integrity, Synack, It also covers how to Report Private RVDP Programs. With this course, you get 24/7 support, so if you have any questions you can post them in the Q&A section and we'll respond to you as soon as possible. Notes: This course is created for educational purposes only and all the websites I have performed attacks are ethically reported and fixed. Testing any website which doesn’t have a Responsible Disclosure Policy is unethical and against the law, the author doesn’t hold any responsibility. Who this course is for: Anybody interested in learning website & web application hacking / penetration testing Any Beginner who wants to start with Penetration Testing Any Beginner who wants to start with Bug Bounty Hunting Trainer who are willing to start teaching Pentesting Any Professional who working in Cyber Security and Pentesting Ethical Hackers who wants to learn How OWASP Works Beginners in Cyber Security Industry for Analyst Position SOC person who is working into a corporate environment Developers who wants to fix vulnerabilities and build secure applications [Hidden Content] [hide][Hidden Content]]
  9. Recon The step of recognizing a target in both Bug Bounties and Pentest can be very time-consuming. Thinking about it, I decided to create my own recognition script with all the tools I use most in this step. All construction of this framework is based on the methodologies of @ofjaaah and @Jhaddix. These people were my biggest inspirations to start my career in Information Security and I recommend that you take a look at their content, you will learn a lot! Feature ASN Enumeration metabigor Subdomain Enumeration Assetfinder Subfinder Amass Findomain Sublist3r Knock SubDomainizer GitHub Sudomains RapidDNS Riddler SecurityTrails Alive Domains httprobe httpx WAF Detect wafw00f Domain organization Regular expressions Subdomain Takeover Subjack DNS Lookup Discovering IPs dnsx DNS Enumeration and Zone Transfer dnsrecon dnsenum Favicon Analysis favfreak Shodan Directory Fuzzing ffuf Google Hacking Some Dorks that I consider important CredStuff-Auxiliary Googler GitHub Dorks Jhaddix Dorks Credential Stuffing CredStuff-Auxiliary Screenshots EyeWitness Port Scan Masscan Nmap Naabu Link Discovery Endpoints Enumeration and Finding JS files Hakrawler Waybackurls Gospider ParamSpider Vulnerabilities Nuclei ➔ I used all the default templates 403 Forbidden Bypass Bypass-403 XSS XSStrike Gxss LFI Oneliners gf ffuf RCE My GrepVuln function Open Redirect My GrepVuln function SQLi Oneliners gf sqlmap [hide][Hidden Content]]
  10. MagicRecon is a powerful shell script to maximize the recon and data collection process of an objective and finding common vulnerabilities, all this saving the results obtained in an organized way in directories and with various formats. The new version of MagicRecon has a large number of new tools to automate as much as possible the process of collecting data from a target and searching for vulnerabilities. It also has a menu where the user can select which option he wants to execute. This new version also has the option of "Install dependencies" with which the user can easily install all the tools and dependencies that are needed to run MagicRecon. The script code has been made in a modular way so that any user can modify it to their liking. With MagicRecon you can easily find: Sensitive information disclosure. Missing HTTP headers. Open S3 buckets. Subdomain takeovers. SSL/TLS bugs. Open ports and services. Email spoofing. Endpoints. Directories. Juicy files. Javascript files with senstive info. CORS missconfigurations. Cross-site scripting (XSS). Open Redirect. SQL Injection. Server-side request forgery (SSRF). CRLF Injection. Remote Code Execution (RCE). Other bugs. [hide][Hidden Content]]
  11. 3klCon Project Full Automation Recon tool which works with Small and Medium scopes. Recommended to use it on VPS machine, it’ll discover secrets and searching for vulnerabilities. Tools used Subfinder Assetfinder Altdns Dirsearch Httpx Waybackurls Gau Git-hound Gitdorks.sh Naabu Gf Gf-templates Nuclei Nuclei-templets Subjack Port_scan.sh Changelog v1.1 Editing the tool’s methodology, you can check it there:”” Editing the selected tools, change some, and use more tools Upgrading to python3 Editing some processes to be as a user option like directory bruteforcing and port scan [hide][Hidden Content]]
  12. Summary This is a simple script intended to perform a full recon on an objective with multiple subdomains Features Tools checker Google Dorks (based on deggogle_hunter) Subdomain enumeration (passive, resolution, bruteforce and permutations) Sub TKO (subjack and nuclei) Web Prober (httpx) Web screenshot (aquatone) Template scanner (nuclei) Port Scanner (naabu) Url extraction (waybackurls, gau, hakrawler, github-endpoints) Pattern Search (gf and gf-patterns) Param discovery (paramspider and arjun) XSS (Gxss and dalfox) Open redirect (Openredirex) SSRF checks (from m4ll0k/Bug-Bounty-Toolz/SSRF.py) Github Check (git-hound) Favicon Real IP (fav-up) JS Checks (LinkFinder, SecretFinder, scripts from JSFScan) Fuzzing (ffuf) Cors (Corsy) SSL Check (testssl) Interlace integration Custom output folder (default under Recon/target.com/) Run standalone steps (subdomains, subtko, web, gdorks...) Polished installer compatible with most distros Verbose mode Update tools script [hide][Hidden Content]]
  13. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.0 – Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template v9.0 – Added CVE-2020-17519 – Apache Flink Path Traversal sc0pe template v9.0 – Added RabbitMQ Management Interface Detected sc0pe template v9.0 – Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX v9.0 – Removed vulnscan NMap CSV updates/downloads to save space/bandwidth v9.0 – Added Nuclei sc0pe parser v9.0 – Added Nuclei vulnerability scanner v9.0 – Added WordPress WPScan sc0pe vulnerability parser v9.0 – Fixed issue with wrong WPscan API key command v9.0 – Added CVE-2020-11738 – WordPress Duplicator plugin Directory Traversal sc0pe template v9.0 – Renamed AUTO_VULNSCAN setting to “VULNSCAN” in sniper.conf to perform vulnerability scans via ‘normal’ mode [hide][Hidden Content]]
  14. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.9 – Tuned sniper.conf around performance for all scans and recon modes v8.9 – Added out of scope options to sniper.conf v8.9 – Added automatic HTTP/HTTPS web scans and vulnerability scans to ‘normal’ mode v8.9 – Added SolarWinds Orion Panel Default Credentials sc0pe template v8.9 – Added SolarWinds Orion Panel sc0pe template v8.9 – Fixed issue with theHarvester not running on Kali 2020.4 v8.9 – Added WPScan API support to sniper.conf v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Path Traversal sc0pe template v8.9 – Removed verbose error for chromium on Ubuntu v8.9 – Added CVE-2020-8209 – Citrix XenMobile Server Path Traversal sc0pe template v8.9 – Fixed F+ in CSP Not Enforced sc0pe template v8.9 – Added CVE-2020-14815 – Oracle Business Intelligence Enterprise DOM XSS sc0pe template v8.9 – Fixed issue with dnscan not working in Kali 2020.3 v8.9 – Fixed issue with screenshots not working in Ubuntu 2020 v8.9 – Added Frontpage Service Password Disclosure sc0pe template v8.9 – Removed Yasuo tool [hide][Hidden Content]]
  15. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.8 – Added automatic ‘flyover’ scans of all discovered domains for ‘recon’ mode v8.8 – Added static grep searching rules of all URL’s and sub-domains (see sniper.conf for details) v8.8 – Added verbose status logging to flyover mode showing HTTP status/redirect/title, etc. v8.8 – Added integration for Port Scanner Add-on for Sn1per Professional v8.8 – Added enhanced scanning of all unique dynamic URL’s via InjectX fuzzer v8.8 – Added CVE-2020-25213 – WP File Manager File Upload sc0pe template v8.8 – Added cPanel Login Found sc0pe template v8.8 – Added WordPress WP-File-Manager Version Detected sc0pe template v8.8 – Added VMware vCenter Unauthenticated Arbitrary File Read sc0pe template v8.8 – Added PHP Composer Disclosure sc0pe template v8.8 – Added Git Config Disclosure sc0pe template v8.8 – Added updated NMap vulscan DB files v8.8 – Added CVE-2020-9047 – exacqVision Web Service Remote Code Execution sc0pe template v8.8 – Removed UDP port scan settings/options and combined with full portscan ports v8.8 – Added CVE-2019-8442 – Jira Webroot Directory Traversal sc0pe template v8.8 – Added CVE-2020-2034 – PAN-OS GlobalProtect OS Command Injection sc0pe template v8.8 – Added CVE-2020-2551 – Unauthenticated Oracle WebLogic Server Remote Code Execution sc0pe template v8.8 – Added CVE-2020-14181 – User Enumeration Via Insecure Jira Endpoint sc0pe template v8.8 – Added Smuggler HTTP request smuggling detection v8.8 – Added CVE-2020-0618 – Remote Code Execution SQL Server Reporting Services sc0pe template v8.8 – Added CVE-2020-5412 – Full-read SSRF in Spring Cloud Netflix sc0pe template v8.8 – Added Jaspersoft Detected sc0pe template v8.8 – Added improved dirsearch exclude options to all web file/dir searches v8.8 – Fixed naming conflict for theharvester v8.8 – Created backups of all NMap HTML reports for fullportonly scans v8.8 – Added line limit to GUA URL’s displayed in console [hide][Hidden Content]]
  16. NUUBI is a Recon Tools, Scanners, and tools for penetration testing. Reconnaissance is the first phase of penetration testing which means gathering information before any real attacks are planned. So it is an Incredible fast recon tool for penetration tester which is specially designed for the Reconnaissance phase. ✔️ Features: Infromation Modules : Banner grabing Subnetlookup Cms detect Certificate Transparency log monitor Dnslookup Extract links GeoIP lookup Httpheaders Nmapscan Subdomain lookup Traceroute Find hosts sharing DNS servers URL and website scanner for potentially malicious websites Github username Whois Crawler Reverse ip Reverse DNS Zonetransfer Nping test Ping Response Check an Autonomous System Number (ASN) Cloudflare Cookie Scraper [hide][Hidden Content]]
  17. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.7 – Updated web file bruteforce lists v8.7 – Added updated Slack API integration/notifications v8.7 – Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers v8.7 – Added CVE-2020-15129 – Open Redirect In Traefik sc0pe template v8.7 – Added MobileIron Login sc0pe template v8.7 – Added Revive Adserver XSS sc0pe template v8.7 – Added IceWarp Webmail XSS sc0pe template v8.7 – Added Mara CMS v7.5 XSS sc0pe template v8.7 – Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template v8.7 – Added Magento 2.3.0 SQL Injection sc0pe template v8.7 – Added CVE-2020-15920 – Unauthenticated RCE at Mida eFramework sc0pe template v8.7 – Added CVE-2019-7192 – QNAP Pre-Auth Root RCE sc0pe template v8.7 – Added CVE-2020-10204 – Sonatype Nexus Repository RCE sc0pe template v8.7 – Added CVE-2020-13167 – Netsweeper WebAdmin unixlogin.php Python Code Injection sc0pe template v8.7 – Added CVE-2020-2140 – Jenkin AuditTrailPlugin XSS sc0pe template v8.7 – Added CVE-2020-7209 – LinuxKI Toolset 6.01 Remote Command Execution sc0pe template v8.7 – Added CVE-2019-16662 – rConfig 3.9.2 Remote Code Execution sc0pe template v8.7 – Added Sitemap.xml Detected sc0pe template v8.7 – Added Robots.txt Detected sc0pe template v8.7 – Added AWS S3 Public Bucket Listing sc0pe template v8.7 – Fixed logic error in stealth mode recon scans not running v8.7 – Added CVE-2020-7048 – WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template v8.7 – Fixed F- detection in WordPress Sc0pe templates v8.7 – Added CVE-2020-11530 – WordPress Chop Slider 3 Plugin SQL Injection sc0pe template v8.7 – Added CVE-2019-11580 – Atlassian Crowd Data Center Unauthenticated RCE sc0pe template v8.7 – Added CVE-2019-16759 – vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template [hide][Hidden Content]]
  18. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.6 – Added new Sn1per configuration flow that allows persistent user configurations and API key transfer v8.6 – Updated port lists to remove duplicate ports error and slim down list v8.6 – Updated PHP to 7.4 v8.6 – Added CVE-2020-12720 – vBulletin Unauthenticaed SQLi v8.6 – Added CVE-2020-9757 – SEOmatic < 3.3.0 Server-Side Template Injection v8.6 – Added CVE-2020-1147 – Remote Code Execution in Microsoft SharePoint Server v8.6 – Added CVE-2020-3187 – Citrix Unauthenticated File Deletion v8.6 – Added CVE-2020-8193 – Citrix Unauthenticated LFI v8.6 – Added CVE-2020-8194 – Citrix ADC & NetScaler Gateway Reflected Code Injection v8.6 – Added CVE-2020-8982 – Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read v8.6 – Added CVE-2020-9484 – Apache Tomcat RCE by deserialization v8.6 – Added Cisco VPN scanner template v8.6 – Added Tiki Wiki CMS scanner template v8.6 – Added Palo Alto PAN OS Portal scanner template v8.6 – Added SAP NetWeaver AS JAVA LM Configuration Wizard Detection v8.6 – Added delete task workspace function to remove running tasks v8.6 – Added CVE-2020-3452 – Cisco ASA/FTD Arbitrary File Reading Vulnerability Sc0pe template v8.6 – Updated theharvester command to exclude github-code search v8.6 – Updated theharvester installer to v3.1 v8.6 – Added urlscan.io API to OSINT mode (-o) v8.6 – Added OpenVAS package to install.sh v8.6 – Added Palo Alto GlobalProtect PAN-OS Portal Sc0pe template v8.6 – Fixed issue with Javascript downloader downloading localhost files instead of target v8.6 – Added CVE-2020-5902 F5 BIG-IP RCE sc0pe template v8.6 – Added CVE-2020-5902 F5 BIG-IP XSS sc0pe template v8.6 – Added F5 BIG-IP detection sc0pe template v8.6 – Added interesting ports sc0pe template v8.6 – Added components with known vulnerabilities sc0pe template v8.6 – Added server header disclosure sc0pe template v8.6 – Added SMBv1 enabled sc0pe template v8.6 – Removed verbose comment from stealth scan [hide][Hidden Content]]
  19. Blue Eye is a python Recon Toolkit script. It shows ports and headers. Subdomain resolves to the IP addresses, company email addresses and much more ..! Author: Jolanda de Koff Blue Eye shows the: ✓ Subdomain resolves to the IP addresses ✓ Ports ✓ HTTP Header ✓ Mail Servers ✓ DNS Text Records ✓ Nameserver Records ✓ List of GitHub user pages ✓ List of possible company email addresses harvested from GitHub user pages and from DuckDuckGo and Linkedin searches [hide][Hidden Content]]
  20. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.5 – Added manual installer for Metasploit v8.5 – Added Phantomjs manual installer v8.5 – Added sc0pe template to check for default credentials via BruteX v8.5 – Added fullportscans to all ‘web’ mode scans to ensure full port coverage v8.5 – Fixed issue with 2nd stage OSINT scans not running v8.5 – Added port values to sc0pe engine to define port numbers v8.5 – Fixed issue with LinkFinder not working v8.5 – Fixed issue with Javascript link parser v8.5 – Added phantomjs dependency to fix webscreenshots on Ubuntu v8.5 – Added http-default-accounts NMap NSE to check for default web credentials v8.5 – Fixed several issues with install.sh to resolve deps on Ubuntu and Kali 2020.2 v8.5 – Removed larger wordlists to reduce install size of Sn1per v8.5 – Added 20+ new active/passive sc0pe templates v8.5 – Fixed issue with installer on latest Kali and Docker builds v8.5 – Fixed custom installer for Arachni v8.5 – Fixed Dockerfile with updated Kali image (CC. @stevemcilwain) [hide][Hidden Content]]
  21. Additions: MkCheck - MikroTik Router Exploitation Framework. RouterSploit - Network Router Exploitation Framework. XSStrike - Cross Site Scripting detection suite. HoneyTel - TelNet-IoT-HoneyPot used to analyze collected botnet payloads. ACLight2 - Used to discover Shadow Admin accounts on an exploited system. SMBGhost - Now has a scanner, as well as an exploitative option. Overview Sifter is a osint, recon & vulnerability scanner. It combines a plethara of tools within different module sets in order to quickly perform recon tasks, check network firewalling, enumerate remote and local hosts, and scan for the 'blue' vulnerabilities within microsft and if unpatched, exploit them. It uses tools like blackwidow and konan for webdir enumeration and attack surface mapping rapidly using ASM. Gathered info is saved to the results folder, these output files can be easily parsed over to TigerShark in order to be utilised within your campaign. Or compiled for a final report to wrap up a penetration test. [hide][Hidden Content]]
  22. FinalRecon is a fast and simple python script for web reconnaissance. It follows a modular structure so in future new modules can be added with ease. Features FinalRecon provides detailed information such as : Header Information Whois SSL Certificate Information Crawler html CSS Javascripts Internal Links External Links Images robots sitemaps Links inside Javascripts Links from Wayback Machine from Last 1 Year DNS Enumeration A, AAAA, ANY, CNAME, MX, NS, SOA, TXT Records DMARC Records Subdomain Enumeration Data Sources BuffOver crt.sh ThreatCrowd AnubisDB ThreatMiner Facebook Certificate Transparency API Auth Token is Required for this source, read Configuration below Traceroute Protocols UDP TCP ICMP Directory Searching Support for File Extensions Directories from Wayback Machine from Last 1 Year Port Scan Fast Top 1000 Ports Open Ports with Standard Services Export Formats txt xml csv [Hidden Content]
  23. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.3 – Added Github subdomain retrieval (requires API key/conf options enabled) v8.3 – Added NMAP_OPTIONS setting to sniper.conf to configure optional NMap scan settings v8.3 – Added option to specify custom Sn1per configuration via (-c) switch v8.3 – Created several custom config files to select from, including: bug_bounty_quick, bug_bounty_max_javascript, super_stealth_mode, webpwn_only + more v8.3 – Added workspace –export option to backup/export a workspace v8.3 – Added flyover mode tuning options to sniper.conf v8.3 – Added GitGraber automated Github leak search ([Hidden Content]) v8.3 – Added static Javascript parsing for sub-domains, URL’s, path relative links and comments v8.3 – Added js-beautifier v8.3 – Added LinkFinder Javascript link finder ([Hidden Content]) v8.3 – Added fprobe HTTP probe checker ([Hidden Content]) v8.3 – Added Cisco RV320 and RV325 Unauthenticated Remote Code Execution CVE-2019-1653 MSF exploit v8.3 – Improved performance of ‘stealth’ and ‘recon’ modes v8.3 – Updated default port lists v8.3 – Improved performance of all port scans v8.3 – Removed all pip v2 commands from installer v8.3 – Added fix for missing Amass package v8.3 – Added sniper.conf options for OPENVAS_HOST and OPENVAS_PORT selection for remote instances v8.3 – Improved ‘vulnscan’ mode via OpenVAS to scan the same asset multiple times with improved error handling [HIDE][Hidden Content]]
  24. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.1 – Added Citrix Gateway Arbitary Code Execution CVE-2019-19781 vulnerability detection v8.1 – Added Pulse Secure VPN Arbitrary File Disclosure CVE-2019-11510 exploit v8.1 – Added –data-length=50 for NMap IPS evasion v8.1 – Removed NMap vulscan script due to F+ results v8.1 – Fixed issue with CRT.SH sub-domain retrieval v8.1 – Updated Kali Linux keyring package v8.1 – Fixed “[: ==: unary operator expected” in all code v8.1 – Updated Sn1per Professional autoload settings v8.1 – Updated web brute force wordlists v8.1 – Removed null and debug errors from passive spider API output v8.1 – Updated Commoncrawl index repo v8.1 – Updated DockerFile repository v8.1 – Fixed issue with -dh flag to delete host with Sn1per Pro v8.0 v8.1 – Fixed issue with subfinder missing v8.1 – Fixed issue with 7zip missing v8.1 – Added check for Ubuntu to install.sh automatically [HIDE][Hidden Content]]
  25. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.0 – Added ASnip tool to retrieve ASN’s via ‘recon’ mode v8.0 – Added Shodan sub-domain lookup v8.0 – Added script timeout flag for NMap scripts v8.0 – Fixed issue with dnsenum getting stuck on gathering dns info stage v8.0 – Added option to force upgrade/install.sh without user prompt (ie. ./install.sh force) v8.0 – Fixed issue with theHarvester package on Ubuntu systems v8.0 – Fixed error “[: ==: unary operator expected” in all modes v8.0 – Added net-tools package for Ubuntu OS deps [HIDE][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.