itsMe Posted May 9, 2019 Share Posted May 9, 2019 This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Introduction Sn1per is an automated scanner that you can use during a penetration testing to perform vulnerability scanning. There are two Sn1per versions available: Community Edition, and Professional Edition. Sn1per: Automated Pentest Recon Scanner Sn1per Community edition is an automated pentest recon scanner that can be used during pentest to enumerate and scan for vulnerabilities. But there is also Sn1per Professional, a Xero Security’s premium reporting addon, available for : Professional Penetration Testers Bug Bounty Researchers Corporate Security teams Features (Community) – Sn1per automatically: collects basic recon (ie. whois, ping, DNS, etc.) launches Google hacking queries against a target domain enumerates open ports via NMap port scanning brute forces sub-domains, gathers DNS info and checks for zone transfers checks for sub-domain hijacking runs targeted NMap scripts against open ports runs targeted Metasploit scan and exploit modules scans all web applications for common vulnerabilities brute forces ALL open services tests for anonymous FTP access runs WPScan, Arachni and Nikto for all web services enumerates NFS shares tests for anonymous LDAP access enumerate SSL/TLS ciphers, protocols and vulnerabilities enumerates SNMP community strings, services and users lists SMB users and shares, check for NULL sessions and exploit MS08-067 exploits vulnerable JBoss, Java RMI and Tomcat servers tests for open X11 servers auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds performs high level enumeration of multiple hosts and subnets integrates with Metasploit Pro, MSFConsole and Zenmap for reporting gathers screenshots of all web sites creates individual workspaces to store all scan output CHANGELOG: v7.0 - Added "webscan" mode for automated Burpsuite 2.x and Arachni web application scans only v7.0 - Added Slack API notifications (Disabled by default..check ~/.sniper.conf) v7.0 - Added new command switch to add daily, weekly or monthly sniper scheduled scans... check README v7.0 - Added scheduled scan tasks command switch (Needs additional configuration to setup... check README) v7.0 - Added Axis2 authenticated deployer MSF exploit v7.0 - Added Axis2 login brute force module v7.0 - Added subjack tool to check for subdomain hijacking v7.0 - Added sorted IP lists under $LOOT_DIR/ips/ips-all-sorted.txt v7.0 - Added subnet retrieval for all 'recon' mode scans under $LOOT_DIR/nmap/subnets-$TARGET.txt v7.0 - Added Webscreenshot.py and disabled cutycapt from default config v7.0 - Added Gobuster (Disabled by default..check ~/.sniper.conf) v7.0 - Fixed issue with SubOver not working due to bad path v7.0 - Fixed issue with flyover mode running 2x Link to comment Share on other sites More sharing options...
Recommended Posts