Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked Sn1per v7.0 by @xer0dayz

itsMe

By MASTERitsMe
in Pentesting

 Share

Recommended Posts

itsMe Master Hacker

MASTERitsMe

Posted
Posted

This is the hidden content, please

This is the hidden content, please


Introduction

Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available:

  •     Community Edition, and
  •     Professional Edition.

Sn1per: Automated Pentest Recon Scanner

Sn1per Community edition is an automated pentest recon scanner that can be used during pentest to enumerate and scan for vulnerabilities. But there is also Sn1per Professional, a Xero Security’s premium reporting addon, available for :

    Professional Penetration Testers
    Bug Bounty Researchers
    Corporate Security teams

Features (Community) – Sn1per automatically:

    collects basic recon (ie. whois, ping, DNS, etc.)
    launches Google hacking queries against a target domain
    enumerates open ports via NMap port scanning
    brute forces sub-domains, gathers DNS info and checks for zone transfers
    checks for sub-domain hijacking
    runs targeted NMap scripts against open ports
    runs targeted Metasploit scan and exploit modules
    scans all web applications for common vulnerabilities
    brute forces ALL open services
    tests for anonymous FTP access
    runs WPScan, Arachni and Nikto for all web services
    enumerates NFS shares
    tests for anonymous LDAP access
    enumerate SSL/TLS ciphers, protocols and vulnerabilities

    enumerates SNMP community strings, services and users
    lists SMB users and shares, check for NULL sessions and exploit MS08-067
    exploits vulnerable JBoss, Java RMI and Tomcat servers
    tests for open X11 servers
    auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
    performs high level enumeration of multiple hosts and subnets
    integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
    gathers screenshots of all web sites
    creates individual workspaces to store all scan output

CHANGELOG:

    v7.0 - Added "webscan" mode for automated Burpsuite 2.x and Arachni web application scans only
    v7.0 - Added Slack API notifications (Disabled by default..check ~/.sniper.conf)
    v7.0 - Added new command switch to add daily, weekly or monthly sniper scheduled scans... check README
    v7.0 - Added scheduled scan tasks command switch (Needs additional configuration to setup... check README)
    v7.0 - Added Axis2 authenticated deployer MSF exploit
    v7.0 - Added Axis2 login brute force module
    v7.0 - Added subjack tool to check for subdomain hijacking
    v7.0 - Added sorted IP lists under $LOOT_DIR/ips/ips-all-sorted.txt
    v7.0 - Added subnet retrieval for all 'recon' mode scans under $LOOT_DIR/nmap/subnets-$TARGET.txt
    v7.0 - Added Webscreenshot.py and disabled cutycapt from default config
    v7.0 - Added Gobuster (Disabled by default..check ~/.sniper.conf)
    v7.0 - Fixed issue with SubOver not working due to bad path
    v7.0 - Fixed issue with flyover mode running 2x

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.