Search the Community

Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. Sn1per: Automated Pentest Recon Scanner Sn1per Community edition is an automated pentest recon scanner that can be used during pentest to enumerate and scan for vulnerabilities. But there is also Sn1per Professional, a Xero Security’s premium reporting addon, available for : Professional Penetration Testers Bug Bounty Researchers Corporate Security teams Features (Community) – Sn1per automatically: collects basic recon (ie. whois, ping, DNS, etc.) launches Google hacking queries against a target domain enumerates open ports via NMap port scanning brute forces sub-domains, gathers DNS info and checks for zone transfers checks for sub-domain hijacking runs targeted NMap scripts against open ports runs targeted Metasploit scan and exploit modules scans all web applications for common vulnerabilities brute forces ALL open services tests for anonymous FTP access runs WPScan, Arachni and Nikto for all web services enumerates NFS shares tests for anonymous LDAP access enumerate SSL/TLS ciphers, protocols and vulnerabilities enumerates SNMP community strings, services and users lists SMB users and shares, check for NULL sessions and exploit MS08-067 exploits vulnerable JBoss, Java RMI and Tomcat servers tests for open X11 servers auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds performs high level enumeration of multiple hosts and subnets integrates with Metasploit Pro, MSFConsole and Zenmap for reporting gathers screenshots of all web sites creates individual workspaces to store all scan output CHANGELOG: v7.4 – Added LDAP anomyous search to port 389/tcp checks (Shoutout @D0rkerDevil) v7.4 – Added Java RMI dump registry scan checks and exploits to port 8001/tcp (Shoutout @D0rkerDevil) v7.4 – Added CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure MSF module v7.4 – Added virtualhost scanning via web mode v7.4 – Added Gobuster v7.4 – Addd URLCrazy DNS alterations check to OSINT mode v7.4 – Added Ultratools Whois Lookups to OSINT mode v7.4 – Added Email-Format.com Email Retreival to OSINT mode v7.4 – Added Metasploit OSINT email retrieval to OSINT mode v7.4 – Added Hackertarget URL API retrieval to web modes v7.4 – Fixed error in massvulnscan mode v7.4 – Fixed issue with webscreenshot.py not running v7.4 – Added reverse whois DNS search via AMass v7.4 – Added MassDNS IP’s to master sorted IP list v7.4 – Fixed issue with MassDNS installation v7.4 – Fixed bad path with DNSGen v7.4 – Fixed issue with AMass not running v7.4 – Improved performance of AltDNS/DNSgen/MassDNS retrieval v7.4 – Changed webscreenshot.py setting to use chrome browser and increased timeout v7.4 – Fixed issue with missing xmlstarlet package for OpenVAS scans v7.4 – Improved active web spider URL consolidation [HIDE][Hidden Content]]