Search the Community

Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. Sn1per: Automated Pentest Recon Scanner Sn1per Community edition is an automated pentest recon scanner that can be used during pentest to enumerate and scan for vulnerabilities. But there is also Sn1per Professional, a Xero Security’s premium reporting addon, available for : Professional Penetration Testers Bug Bounty Researchers Corporate Security teams Features (Community) – Sn1per automatically: collects basic recon (ie. whois, ping, DNS, etc.) launches Google hacking queries against a target domain enumerates open ports via NMap port scanning brute forces sub-domains, gathers DNS info and checks for zone transfers checks for sub-domain hijacking runs targeted NMap scripts against open ports runs targeted Metasploit scan and exploit modules scans all web applications for common vulnerabilities brute forces ALL open services tests for anonymous FTP access runs WPScan, Arachni and Nikto for all web services enumerates NFS shares tests for anonymous LDAP access enumerate SSL/TLS ciphers, protocols and vulnerabilities enumerates SNMP community strings, services and users lists SMB users and shares, check for NULL sessions and exploit MS08-067 exploits vulnerable JBoss, Java RMI and Tomcat servers tests for open X11 servers auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds performs high level enumeration of multiple hosts and subnets integrates with Metasploit Pro, MSFConsole and Zenmap for reporting gathers screenshots of all web sites creates individual workspaces to store all scan output CHANGELOG: v7.4 – Added LDAP anomyous search to port 389/tcp checks (Shoutout @D0rkerDevil) v7.4 – Added Java RMI dump registry scan checks and exploits to port 8001/tcp (Shoutout @D0rkerDevil) v7.4 – Added CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure MSF module v7.4 – Added virtualhost scanning via web mode v7.4 – Added Gobuster v7.4 – Addd URLCrazy DNS alterations check to OSINT mode v7.4 – Added Ultratools Whois Lookups to OSINT mode v7.4 – Added Email-Format.com Email Retreival to OSINT mode v7.4 – Added Metasploit OSINT email retrieval to OSINT mode v7.4 – Added Hackertarget URL API retrieval to web modes v7.4 – Fixed error in massvulnscan mode v7.4 – Fixed issue with webscreenshot.py not running v7.4 – Added reverse whois DNS search via AMass v7.4 – Added MassDNS IP’s to master sorted IP list v7.4 – Fixed issue with MassDNS installation v7.4 – Fixed bad path with DNSGen v7.4 – Fixed issue with AMass not running v7.4 – Improved performance of AltDNS/DNSgen/MassDNS retrieval v7.4 – Changed webscreenshot.py setting to use chrome browser and increased timeout v7.4 – Fixed issue with missing xmlstarlet package for OpenVAS scans v7.4 – Improved active web spider URL consolidation [HIDE][Hidden Content]]

Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. CHANGELOG: v6.2 – Added Glassfish Admin traversal MSF exploit v6.2 – Added ElasticSearch Java Injection MSF RCE exploit v6.2 – Added WebTech web fingerprinting tool v6.2 – Added censys subdomain retrieval and API key config v6.2 – Added project sonar sub-domain retrieval v6.2 – Added command switch to remove workspace (-d) v6.2 – Added command switch to remove host (-dh) v6.2 – Added DockerFile to run Sn1per in Docker (CC. Hariom Vashisth [email protected]) v6.2 – Changed option to automatically import all NMap XML’s into Metasploit’s DB v6.2 – Changed option to automatically load Sn1per Professional’s report when scans complete v6.2 – Added config option to enable/disable subdomain hijacking checks in sniper.conf v6.2 – Fixed issue with sniper –list command having invalid reference v6.2 – Fixed issue with theharvester not running [HIDE][Hidden Content]]

Automated pentest framework for offensive security experts [HIDE][Hidden Content]] Sn1per v6.1 – New Features & Fixes Added automated web scanning via Burpsuite Pro 2.x API for all ‘web’ mode scans Added Waybackmachine URL retrieval to all web scans Converted all exploits to Metasploit Added configuration options to set LHOST/LPORT for all Metasploit exploits in sniper.conf Added improved web brute force dictionaries for all modes Added individual logging for all tools under the loot directory Added new sniper.conf options to enabled/disable all plugins and change settings per user Fixed issue with CMSMap install/usage Fixed issue with WPScan gem dependency missing (public_suffix) Fixed timeout setting in cutycapt Fixed issue with theharvester not running correctly Fixed issue with Amass not running due to invalid command line options in latest release Fixed issue with Sn1per Professional notepad.html missing Cleaned up plugins and install dependencies list