Search the Community

Bypass 4xx HTTP response status codes and more. Script uses multithreading and is based on brute forcing, so it might have some false positive results. Script has colored output. Results will be sorted by HTTP response status code ascending, content length descending, and ID ascending. To manually filter out false positive results, for each unique content length, run the provided cURL command and check the response. If it does not result in bypass, just ignore all the results with the same content length. v8.4 Latest Package install. Removed PycURL as it was redundant, Python Requests does the same job. Python tool for brute forcing 4xx response status code [hide][Hidden Content]]

Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. Sn1per: Automated Pentest Recon Scanner Sn1per Community edition is an automated pentest recon scanner that can be used during pentest to enumerate and scan for vulnerabilities. But there is also Sn1per Professional, a Xero Security’s premium reporting addon, available for : Professional Penetration Testers Bug Bounty Researchers Corporate Security teams Features (Community) – Sn1per automatically: collects basic recon (ie. whois, ping, DNS, etc.) launches Google hacking queries against a target domain enumerates open ports via NMap port scanning brute forces sub-domains, gathers DNS info and checks for zone transfers checks for sub-domain hijacking runs targeted NMap scripts against open ports runs targeted Metasploit scan and exploit modules scans all web applications for common vulnerabilities brute forces ALL open services tests for anonymous FTP access runs WPScan, Arachni and Nikto for all web services enumerates NFS shares tests for anonymous LDAP access enumerate SSL/TLS ciphers, protocols and vulnerabilities enumerates SNMP community strings, services and users lists SMB users and shares, check for NULL sessions and exploit MS08-067 exploits vulnerable JBoss, Java RMI and Tomcat servers tests for open X11 servers auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds performs high level enumeration of multiple hosts and subnets integrates with Metasploit Pro, MSFConsole and Zenmap for reporting gathers screenshots of all web sites creates individual workspaces to store all scan output CHANGELOG: v8.4 – Added project “Sc0pe” active/passive vulnerability scanner v8.4 – Added 68 new active sc0pe templates v8.4 – Added 14 new passive sc0pe templates v8.4 – Added OWASP ZAP API integration v8.4 – Added 8 new Sn1per configuration templates (see /usr/share/sniper/conf/) v8.4 – Added Gau ([Hidden Content]) v8.4 – Added rapiddns subdomain retrieval v8.4 – Updated web content wordlists v8.4 – Improved efficiency of ‘web’ and ‘recon’ mode scans v8.4 – Disabled legacy Metasploit web exploits (check Sn1per conf to re-enable) v8.4 – Fixed issue with dirsearch asterisk being used incorrectly v8.4 – Fixed issue with airstrike mode not updated Sn1per Professional v8.0 host list v8.4 – Fixed issue with webtech re.error: invalid group reference 1 at position 130 [HIDE][Hidden Content]]