Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'sn1per'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 19 results

  1. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.1 – Fixed issue with dirsearch installation/command syntax update v9.1 – Updated Nuclei sc0pe templates v9.1 – Fixed issue with Nuclei sc0pe parsers not working v9.1 – Fixed issue with GAU installer/commmand not working v9.1 – Fixed issue with passive URL fetching v9.1 – Fixed issue with nuclei not being installed v9.1 – Removed error in hackertarget URL fetching v9.1 – Added dnsutils to installer to fix missing deps v9.1 – Fixed issue with gau in webscan modes not running v9.1 – Updated subfinder to latest version v9.1 – Added new email spoofing security checks to OSINT mode (-o) v9.1 – Removed spoofcheck.py v9.1 – Updated timeout settings for curl which was causing sockets/scans to hang v9.1 – Fixed issue with Nuclei symlink missing in installer v9.1 – Fixed issue with Nuclei sc0pe parser not parsing results correctly v9.1 – Fixed issue with Dirsearch not running due to invalid command settings v9.1 – Fixed issue with Nuclei templates not being installed v9.1 – Fixed issue with enum4linux command not being installed v9.1 – Fixed HackerTarget API integration v9.1 – Fixed issue with ping command not being installed v9.1 – Fixed issue with carriage returns in conf v9.1 – Fixed issue with DNS resolution in ‘discover’ mode scans causing duplicate hosts v9.1 – Fixed issue with bruteforce running automatically due to changes in conf file v9.1 – Added verbose scan notifications for disabled conf options v9.1 – Updated default aux mode options in default sniper.conf [hide][Hidden Content]]
  2. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v9.0 – Added Fortinet FortiGate SSL VPN Panel Detected sc0pe template v9.0 – Added CVE-2020-17519 – Apache Flink Path Traversal sc0pe template v9.0 – Added RabbitMQ Management Interface Detected sc0pe template v9.0 – Added CVE-2020-29583 Zyxel SSH Hardcoded Credentials via BruteX v9.0 – Removed vulnscan NMap CSV updates/downloads to save space/bandwidth v9.0 – Added Nuclei sc0pe parser v9.0 – Added Nuclei vulnerability scanner v9.0 – Added WordPress WPScan sc0pe vulnerability parser v9.0 – Fixed issue with wrong WPscan API key command v9.0 – Added CVE-2020-11738 – WordPress Duplicator plugin Directory Traversal sc0pe template v9.0 – Renamed AUTO_VULNSCAN setting to “VULNSCAN” in sniper.conf to perform vulnerability scans via ‘normal’ mode [hide][Hidden Content]]
  3. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.9 – Tuned sniper.conf around performance for all scans and recon modes v8.9 – Added out of scope options to sniper.conf v8.9 – Added automatic HTTP/HTTPS web scans and vulnerability scans to ‘normal’ mode v8.9 – Added SolarWinds Orion Panel Default Credentials sc0pe template v8.9 – Added SolarWinds Orion Panel sc0pe template v8.9 – Fixed issue with theHarvester not running on Kali 2020.4 v8.9 – Added WPScan API support to sniper.conf v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Config Password Disclosure sc0pe template v8.9 – Added CVE-2020-8209 – XenMobile-Citrix Endpoint Management Path Traversal sc0pe template v8.9 – Removed verbose error for chromium on Ubuntu v8.9 – Added CVE-2020-8209 – Citrix XenMobile Server Path Traversal sc0pe template v8.9 – Fixed F+ in CSP Not Enforced sc0pe template v8.9 – Added CVE-2020-14815 – Oracle Business Intelligence Enterprise DOM XSS sc0pe template v8.9 – Fixed issue with dnscan not working in Kali 2020.3 v8.9 – Fixed issue with screenshots not working in Ubuntu 2020 v8.9 – Added Frontpage Service Password Disclosure sc0pe template v8.9 – Removed Yasuo tool [hide][Hidden Content]]
  4. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.8 – Added automatic ‘flyover’ scans of all discovered domains for ‘recon’ mode v8.8 – Added static grep searching rules of all URL’s and sub-domains (see sniper.conf for details) v8.8 – Added verbose status logging to flyover mode showing HTTP status/redirect/title, etc. v8.8 – Added integration for Port Scanner Add-on for Sn1per Professional v8.8 – Added enhanced scanning of all unique dynamic URL’s via InjectX fuzzer v8.8 – Added CVE-2020-25213 – WP File Manager File Upload sc0pe template v8.8 – Added cPanel Login Found sc0pe template v8.8 – Added WordPress WP-File-Manager Version Detected sc0pe template v8.8 – Added VMware vCenter Unauthenticated Arbitrary File Read sc0pe template v8.8 – Added PHP Composer Disclosure sc0pe template v8.8 – Added Git Config Disclosure sc0pe template v8.8 – Added updated NMap vulscan DB files v8.8 – Added CVE-2020-9047 – exacqVision Web Service Remote Code Execution sc0pe template v8.8 – Removed UDP port scan settings/options and combined with full portscan ports v8.8 – Added CVE-2019-8442 – Jira Webroot Directory Traversal sc0pe template v8.8 – Added CVE-2020-2034 – PAN-OS GlobalProtect OS Command Injection sc0pe template v8.8 – Added CVE-2020-2551 – Unauthenticated Oracle WebLogic Server Remote Code Execution sc0pe template v8.8 – Added CVE-2020-14181 – User Enumeration Via Insecure Jira Endpoint sc0pe template v8.8 – Added Smuggler HTTP request smuggling detection v8.8 – Added CVE-2020-0618 – Remote Code Execution SQL Server Reporting Services sc0pe template v8.8 – Added CVE-2020-5412 – Full-read SSRF in Spring Cloud Netflix sc0pe template v8.8 – Added Jaspersoft Detected sc0pe template v8.8 – Added improved dirsearch exclude options to all web file/dir searches v8.8 – Fixed naming conflict for theharvester v8.8 – Created backups of all NMap HTML reports for fullportonly scans v8.8 – Added line limit to GUA URL’s displayed in console [hide][Hidden Content]]
  5. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.7 – Updated web file bruteforce lists v8.7 – Added updated Slack API integration/notifications v8.7 – Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers v8.7 – Added CVE-2020-15129 – Open Redirect In Traefik sc0pe template v8.7 – Added MobileIron Login sc0pe template v8.7 – Added Revive Adserver XSS sc0pe template v8.7 – Added IceWarp Webmail XSS sc0pe template v8.7 – Added Mara CMS v7.5 XSS sc0pe template v8.7 – Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template v8.7 – Added Magento 2.3.0 SQL Injection sc0pe template v8.7 – Added CVE-2020-15920 – Unauthenticated RCE at Mida eFramework sc0pe template v8.7 – Added CVE-2019-7192 – QNAP Pre-Auth Root RCE sc0pe template v8.7 – Added CVE-2020-10204 – Sonatype Nexus Repository RCE sc0pe template v8.7 – Added CVE-2020-13167 – Netsweeper WebAdmin unixlogin.php Python Code Injection sc0pe template v8.7 – Added CVE-2020-2140 – Jenkin AuditTrailPlugin XSS sc0pe template v8.7 – Added CVE-2020-7209 – LinuxKI Toolset 6.01 Remote Command Execution sc0pe template v8.7 – Added CVE-2019-16662 – rConfig 3.9.2 Remote Code Execution sc0pe template v8.7 – Added Sitemap.xml Detected sc0pe template v8.7 – Added Robots.txt Detected sc0pe template v8.7 – Added AWS S3 Public Bucket Listing sc0pe template v8.7 – Fixed logic error in stealth mode recon scans not running v8.7 – Added CVE-2020-7048 – WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template v8.7 – Fixed F- detection in WordPress Sc0pe templates v8.7 – Added CVE-2020-11530 – WordPress Chop Slider 3 Plugin SQL Injection sc0pe template v8.7 – Added CVE-2019-11580 – Atlassian Crowd Data Center Unauthenticated RCE sc0pe template v8.7 – Added CVE-2019-16759 – vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template [hide][Hidden Content]]
  6. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.6 – Added new Sn1per configuration flow that allows persistent user configurations and API key transfer v8.6 – Updated port lists to remove duplicate ports error and slim down list v8.6 – Updated PHP to 7.4 v8.6 – Added CVE-2020-12720 – vBulletin Unauthenticaed SQLi v8.6 – Added CVE-2020-9757 – SEOmatic < 3.3.0 Server-Side Template Injection v8.6 – Added CVE-2020-1147 – Remote Code Execution in Microsoft SharePoint Server v8.6 – Added CVE-2020-3187 – Citrix Unauthenticated File Deletion v8.6 – Added CVE-2020-8193 – Citrix Unauthenticated LFI v8.6 – Added CVE-2020-8194 – Citrix ADC & NetScaler Gateway Reflected Code Injection v8.6 – Added CVE-2020-8982 – Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read v8.6 – Added CVE-2020-9484 – Apache Tomcat RCE by deserialization v8.6 – Added Cisco VPN scanner template v8.6 – Added Tiki Wiki CMS scanner template v8.6 – Added Palo Alto PAN OS Portal scanner template v8.6 – Added SAP NetWeaver AS JAVA LM Configuration Wizard Detection v8.6 – Added delete task workspace function to remove running tasks v8.6 – Added CVE-2020-3452 – Cisco ASA/FTD Arbitrary File Reading Vulnerability Sc0pe template v8.6 – Updated theharvester command to exclude github-code search v8.6 – Updated theharvester installer to v3.1 v8.6 – Added urlscan.io API to OSINT mode (-o) v8.6 – Added OpenVAS package to install.sh v8.6 – Added Palo Alto GlobalProtect PAN-OS Portal Sc0pe template v8.6 – Fixed issue with Javascript downloader downloading localhost files instead of target v8.6 – Added CVE-2020-5902 F5 BIG-IP RCE sc0pe template v8.6 – Added CVE-2020-5902 F5 BIG-IP XSS sc0pe template v8.6 – Added F5 BIG-IP detection sc0pe template v8.6 – Added interesting ports sc0pe template v8.6 – Added components with known vulnerabilities sc0pe template v8.6 – Added server header disclosure sc0pe template v8.6 – Added SMBv1 enabled sc0pe template v8.6 – Removed verbose comment from stealth scan [hide][Hidden Content]]
  7. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.5 – Added manual installer for Metasploit v8.5 – Added Phantomjs manual installer v8.5 – Added sc0pe template to check for default credentials via BruteX v8.5 – Added fullportscans to all ‘web’ mode scans to ensure full port coverage v8.5 – Fixed issue with 2nd stage OSINT scans not running v8.5 – Added port values to sc0pe engine to define port numbers v8.5 – Fixed issue with LinkFinder not working v8.5 – Fixed issue with Javascript link parser v8.5 – Added phantomjs dependency to fix webscreenshots on Ubuntu v8.5 – Added http-default-accounts NMap NSE to check for default web credentials v8.5 – Fixed several issues with install.sh to resolve deps on Ubuntu and Kali 2020.2 v8.5 – Removed larger wordlists to reduce install size of Sn1per v8.5 – Added 20+ new active/passive sc0pe templates v8.5 – Fixed issue with installer on latest Kali and Docker builds v8.5 – Fixed custom installer for Arachni v8.5 – Fixed Dockerfile with updated Kali image (CC. @stevemcilwain) [hide][Hidden Content]]
  8. Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. Sn1per: Automated Pentest Recon Scanner Sn1per Community edition is an automated pentest recon scanner that can be used during pentest to enumerate and scan for vulnerabilities. But there is also Sn1per Professional, a Xero Security’s premium reporting addon, available for : Professional Penetration Testers Bug Bounty Researchers Corporate Security teams Features (Community) – Sn1per automatically: collects basic recon (ie. whois, ping, DNS, etc.) launches Google hacking queries against a target domain enumerates open ports via NMap port scanning brute forces sub-domains, gathers DNS info and checks for zone transfers checks for sub-domain hijacking runs targeted NMap scripts against open ports runs targeted Metasploit scan and exploit modules scans all web applications for common vulnerabilities brute forces ALL open services tests for anonymous FTP access runs WPScan, Arachni and Nikto for all web services enumerates NFS shares tests for anonymous LDAP access enumerate SSL/TLS ciphers, protocols and vulnerabilities enumerates SNMP community strings, services and users lists SMB users and shares, check for NULL sessions and exploit MS08-067 exploits vulnerable JBoss, Java RMI and Tomcat servers tests for open X11 servers auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds performs high level enumeration of multiple hosts and subnets integrates with Metasploit Pro, MSFConsole and Zenmap for reporting gathers screenshots of all web sites creates individual workspaces to store all scan output CHANGELOG: v8.4 – Added project “Sc0pe” active/passive vulnerability scanner v8.4 – Added 68 new active sc0pe templates v8.4 – Added 14 new passive sc0pe templates v8.4 – Added OWASP ZAP API integration v8.4 – Added 8 new Sn1per configuration templates (see /usr/share/sniper/conf/) v8.4 – Added Gau ([Hidden Content]) v8.4 – Added rapiddns subdomain retrieval v8.4 – Updated web content wordlists v8.4 – Improved efficiency of ‘web’ and ‘recon’ mode scans v8.4 – Disabled legacy Metasploit web exploits (check Sn1per conf to re-enable) v8.4 – Fixed issue with dirsearch asterisk being used incorrectly v8.4 – Fixed issue with airstrike mode not updated Sn1per Professional v8.0 host list v8.4 – Fixed issue with webtech re.error: invalid group reference 1 at position 130 [HIDE][Hidden Content]]
  9. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.3 – Added Github subdomain retrieval (requires API key/conf options enabled) v8.3 – Added NMAP_OPTIONS setting to sniper.conf to configure optional NMap scan settings v8.3 – Added option to specify custom Sn1per configuration via (-c) switch v8.3 – Created several custom config files to select from, including: bug_bounty_quick, bug_bounty_max_javascript, super_stealth_mode, webpwn_only + more v8.3 – Added workspace –export option to backup/export a workspace v8.3 – Added flyover mode tuning options to sniper.conf v8.3 – Added GitGraber automated Github leak search ([Hidden Content]) v8.3 – Added static Javascript parsing for sub-domains, URL’s, path relative links and comments v8.3 – Added js-beautifier v8.3 – Added LinkFinder Javascript link finder ([Hidden Content]) v8.3 – Added fprobe HTTP probe checker ([Hidden Content]) v8.3 – Added Cisco RV320 and RV325 Unauthenticated Remote Code Execution CVE-2019-1653 MSF exploit v8.3 – Improved performance of ‘stealth’ and ‘recon’ modes v8.3 – Updated default port lists v8.3 – Improved performance of all port scans v8.3 – Removed all pip v2 commands from installer v8.3 – Added fix for missing Amass package v8.3 – Added sniper.conf options for OPENVAS_HOST and OPENVAS_PORT selection for remote instances v8.3 – Improved ‘vulnscan’ mode via OpenVAS to scan the same asset multiple times with improved error handling [HIDE][Hidden Content]]
  10. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.1 – Added Citrix Gateway Arbitary Code Execution CVE-2019-19781 vulnerability detection v8.1 – Added Pulse Secure VPN Arbitrary File Disclosure CVE-2019-11510 exploit v8.1 – Added –data-length=50 for NMap IPS evasion v8.1 – Removed NMap vulscan script due to F+ results v8.1 – Fixed issue with CRT.SH sub-domain retrieval v8.1 – Updated Kali Linux keyring package v8.1 – Fixed “[: ==: unary operator expected” in all code v8.1 – Updated Sn1per Professional autoload settings v8.1 – Updated web brute force wordlists v8.1 – Removed null and debug errors from passive spider API output v8.1 – Updated Commoncrawl index repo v8.1 – Updated DockerFile repository v8.1 – Fixed issue with -dh flag to delete host with Sn1per Pro v8.0 v8.1 – Fixed issue with subfinder missing v8.1 – Fixed issue with 7zip missing v8.1 – Added check for Ubuntu to install.sh automatically [HIDE][Hidden Content]]
  11. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v8.0 – Added ASnip tool to retrieve ASN’s via ‘recon’ mode v8.0 – Added Shodan sub-domain lookup v8.0 – Added script timeout flag for NMap scripts v8.0 – Fixed issue with dnsenum getting stuck on gathering dns info stage v8.0 – Added option to force upgrade/install.sh without user prompt (ie. ./install.sh force) v8.0 – Fixed issue with theHarvester package on Ubuntu systems v8.0 – Fixed error “[: ==: unary operator expected” in all modes v8.0 – Added net-tools package for Ubuntu OS deps [HIDE][Hidden Content]]
  12. Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. Sn1per: Automated Pentest Recon Scanner Sn1per Community edition is an automated pentest recon scanner that can be used during pentest to enumerate and scan for vulnerabilities. But there is also Sn1per Professional, a Xero Security’s premium reporting addon, available for : Professional Penetration Testers Bug Bounty Researchers Corporate Security teams Features (Community) – Sn1per automatically: collects basic recon (ie. whois, ping, DNS, etc.) launches Google hacking queries against a target domain enumerates open ports via NMap port scanning brute forces sub-domains, gathers DNS info and checks for zone transfers checks for sub-domain hijacking runs targeted NMap scripts against open ports runs targeted Metasploit scan and exploit modules scans all web applications for common vulnerabilities brute forces ALL open services tests for anonymous FTP access runs WPScan, Arachni and Nikto for all web services enumerates NFS shares tests for anonymous LDAP access enumerate SSL/TLS ciphers, protocols and vulnerabilities enumerates SNMP community strings, services and users lists SMB users and shares, check for NULL sessions and exploit MS08-067 exploits vulnerable JBoss, Java RMI and Tomcat servers tests for open X11 servers auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds performs high level enumeration of multiple hosts and subnets integrates with Metasploit Pro, MSFConsole and Zenmap for reporting gathers screenshots of all web sites creates individual workspaces to store all scan output CHANGELOG: v7.4 – Added LDAP anomyous search to port 389/tcp checks (Shoutout @D0rkerDevil) v7.4 – Added Java RMI dump registry scan checks and exploits to port 8001/tcp (Shoutout @D0rkerDevil) v7.4 – Added CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure MSF module v7.4 – Added virtualhost scanning via web mode v7.4 – Added Gobuster v7.4 – Addd URLCrazy DNS alterations check to OSINT mode v7.4 – Added Ultratools Whois Lookups to OSINT mode v7.4 – Added Email-Format.com Email Retreival to OSINT mode v7.4 – Added Metasploit OSINT email retrieval to OSINT mode v7.4 – Added Hackertarget URL API retrieval to web modes v7.4 – Fixed error in massvulnscan mode v7.4 – Fixed issue with webscreenshot.py not running v7.4 – Added reverse whois DNS search via AMass v7.4 – Added MassDNS IP’s to master sorted IP list v7.4 – Fixed issue with MassDNS installation v7.4 – Fixed bad path with DNSGen v7.4 – Fixed issue with AMass not running v7.4 – Improved performance of AltDNS/DNSgen/MassDNS retrieval v7.4 – Changed webscreenshot.py setting to use chrome browser and increased timeout v7.4 – Fixed issue with missing xmlstarlet package for OpenVAS scans v7.4 – Improved active web spider URL consolidation [HIDE][Hidden Content]]
  13. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to [Hidden Content]. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.3 – Added CVE-2019-15107 Webmin <= 1.920 – Unauthenticated RCE MSF exploit v7.3 – Added massdns plugin v7.3 – Added altdns plugin v7.3 – Added dnsgen plugin v7.3 – Updated web file/dir wordlists from public exploits and honeypots v7.3 – Added time stamps to all commands v7.3 – Removed CloudFront from domain hijacking checks v7.3 – Removed snmp-brute.nse script due to scan issues v7.3 – Fixed issue with discover scan workspace names v7.3 – Fixed issue with DockerFile (sed: can’t read /usr/bin/msfdb: No such file or directory) v7.3 – Fixed issue with installer on docker not having pip installed v7.3 – Fixed issue with port 161 not being referenced correctly in scans [HIDE][Hidden Content]]
  14. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.2 – Added experimental OpenVAS API integration v7.2 – Improved Burpsuite 2.x API integration with vuln reporting v7.2 – Added hunter.io API integration to recon mode scans v7.2 – Added Cisco IKE Key Disclosure MSF exploit v7.2 – Added JBoss MSF vuln scanner module v7.2 – Added Apache CouchDB RCE MSF exploit v7.2 – Added IBM Tivoli Endpoint Manager POST Query Buffer Overflow exploit v7.2 – Added Java RMI MSF scanner v7.2 – New scan mode “vulnscan” v7.2 – New scan mode “massportscan” v7.2 – New scan mode “massweb” v7.2 – New scan mode “masswebscan” v7.2 – New scan mode “massvulnscan” v7.2 – Added additional Slack API notification settings v7.2 – Improved NMap port detection and scan modes v7.2 – Fixed issue with Censys API being enabled by default v7.2 – Fixed verbose errors in subjack/subover tools v7.2 – Fixed issue with NMap http scripts not working [HIDE][Hidden Content]]
  15. Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional. FEATURES: Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via Nmap port scanning Automatically brute forces sub-domains gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted Nmap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high-level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all websites Create individual workspaces to store all scan output Changelog v7.1 – Added KeepBlue CVE-2019-0708 MSF scanner v7.1 – Added automatic workspace generation for single target scans v7.1 – Added new slack.sh API integration script v7.1 – Added differential Slack notifications for new domains, new URL’s and various scan outputs v7.1 – Added vulners and vulscan NMap scripts v7.1 – Added installer and support for Debian, Parrot and Ubuntu OS (install_debian.sh) (CC. @imhaxormad) v7.1 – Fixed various issues with the DockerFile v7.1 – Fixed/added Metasploit LHOST/LPORT values to all exploits based on sniper.conf settings v7.1 – Fixed issue with Amass/Golang 1.11 not installing correctly [HIDE][Hidden Content]]
  16. [HIDE][Hidden Content]] Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. Sn1per: Automated Pentest Recon Scanner Sn1per Community edition is an automated pentest recon scanner that can be used during pentest to enumerate and scan for vulnerabilities. But there is also Sn1per Professional, a Xero Security’s premium reporting addon, available for : Professional Penetration Testers Bug Bounty Researchers Corporate Security teams Features (Community) – Sn1per automatically: collects basic recon (ie. whois, ping, DNS, etc.) launches Google hacking queries against a target domain enumerates open ports via NMap port scanning brute forces sub-domains, gathers DNS info and checks for zone transfers checks for sub-domain hijacking runs targeted NMap scripts against open ports runs targeted Metasploit scan and exploit modules scans all web applications for common vulnerabilities brute forces ALL open services tests for anonymous FTP access runs WPScan, Arachni and Nikto for all web services enumerates NFS shares tests for anonymous LDAP access enumerate SSL/TLS ciphers, protocols and vulnerabilities enumerates SNMP community strings, services and users lists SMB users and shares, check for NULL sessions and exploit MS08-067 exploits vulnerable JBoss, Java RMI and Tomcat servers tests for open X11 servers auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds performs high level enumeration of multiple hosts and subnets integrates with Metasploit Pro, MSFConsole and Zenmap for reporting gathers screenshots of all web sites creates individual workspaces to store all scan output CHANGELOG: v7.0 - Added "webscan" mode for automated Burpsuite 2.x and Arachni web application scans only v7.0 - Added Slack API notifications (Disabled by default..check ~/.sniper.conf) v7.0 - Added new command switch to add daily, weekly or monthly sniper scheduled scans... check README v7.0 - Added scheduled scan tasks command switch (Needs additional configuration to setup... check README) v7.0 - Added Axis2 authenticated deployer MSF exploit v7.0 - Added Axis2 login brute force module v7.0 - Added subjack tool to check for subdomain hijacking v7.0 - Added sorted IP lists under $LOOT_DIR/ips/ips-all-sorted.txt v7.0 - Added subnet retrieval for all 'recon' mode scans under $LOOT_DIR/nmap/subnets-$TARGET.txt v7.0 - Added Webscreenshot.py and disabled cutycapt from default config v7.0 - Added Gobuster (Disabled by default..check ~/.sniper.conf) v7.0 - Fixed issue with SubOver not working due to bad path v7.0 - Fixed issue with flyover mode running 2x
  17. SN1PER WEB VULNERABILITY SCANNING TOOL Sn1per is a vulnerability scanner that is ideal for penetration testing when scanning for vulnerabilities. The team behind the software, which is easily loaded into Kali Linux, have a free (community version) and a paid plan as well. Steps For Installation (LINUX ON TERMINAL) 1. git clone [hide][Hidden Content]] 2. cd Sn1per 3. chmod +x install.sh 4. ./install.sh
  18. Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. CHANGELOG: v6.2 – Added Glassfish Admin traversal MSF exploit v6.2 – Added ElasticSearch Java Injection MSF RCE exploit v6.2 – Added WebTech web fingerprinting tool v6.2 – Added censys subdomain retrieval and API key config v6.2 – Added project sonar sub-domain retrieval v6.2 – Added command switch to remove workspace (-d) v6.2 – Added command switch to remove host (-dh) v6.2 – Added DockerFile to run Sn1per in Docker (CC. Hariom Vashisth [email protected]) v6.2 – Changed option to automatically import all NMap XML’s into Metasploit’s DB v6.2 – Changed option to automatically load Sn1per Professional’s report when scans complete v6.2 – Added config option to enable/disable subdomain hijacking checks in sniper.conf v6.2 – Fixed issue with sniper –list command having invalid reference v6.2 – Fixed issue with theharvester not running [HIDE][Hidden Content]]
  19. Automated pentest framework for offensive security experts [HIDE][Hidden Content]] Sn1per v6.1 – New Features & Fixes Added automated web scanning via Burpsuite Pro 2.x API for all ‘web’ mode scans Added Waybackmachine URL retrieval to all web scans Converted all exploits to Metasploit Added configuration options to set LHOST/LPORT for all Metasploit exploits in sniper.conf Added improved web brute force dictionaries for all modes Added individual logging for all tools under the loot directory Added new sniper.conf options to enabled/disable all plugins and change settings per user Fixed issue with CMSMap install/usage Fixed issue with WPScan gem dependency missing (public_suffix) Fixed timeout setting in cutycapt Fixed issue with theharvester not running correctly Fixed issue with Amass not running due to invalid command line options in latest release Fixed issue with Sn1per Professional notepad.html missing Cleaned up plugins and install dependencies list
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.