Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Locked Sn1per v8.8 - Automated Pentest Recon Scanner


itsMe

Recommended Posts

This is the hidden content, please

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.

FEATURES:

    Automatically collects basic recon (ie. whois, ping, DNS, etc.)
    Automatically launches Google hacking queries against a target domain
    Automatically enumerates open ports via Nmap port scanning
    Automatically brute forces sub-domains gathers DNS info and checks for zone transfers
    Automatically checks for sub-domain hijacking
    Automatically runs targeted Nmap scripts against open ports
    Automatically runs targeted Metasploit scan and exploit modules
    Automatically scans all web applications for common vulnerabilities
    Automatically brute forces ALL open services
    Automatically test for anonymous FTP access
    Automatically runs WPScan, Arachni and Nikto for all web services
    Automatically enumerates NFS shares
    Automatically test for anonymous LDAP access
    Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities
    Automatically enumerate SNMP community strings, services and users
    Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
    Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
    Automatically tests for open X11 servers
    Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
    Performs high-level enumeration of multiple hosts and subnets
    Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
    Automatically gathers screenshots of all websites
    Create individual workspaces to store all scan output

Changelog

    v8.8 – Added automatic ‘flyover’ scans of all discovered domains for ‘recon’ mode
    v8.8 – Added static grep searching rules of all URL’s and sub-domains (see sniper.conf for details)
    v8.8 – Added verbose status logging to flyover mode showing HTTP status/redirect/title, etc.
    v8.8 – Added integration for Port Scanner Add-on for Sn1per Professional
    v8.8 – Added enhanced scanning of all unique dynamic URL’s via InjectX fuzzer
    v8.8 – Added CVE-2020-25213 – WP File Manager File Upload sc0pe template
    v8.8 – Added cPanel Login Found sc0pe template
    v8.8 – Added WordPress WP-File-Manager Version Detected sc0pe template
    v8.8 – Added VMware vCenter Unauthenticated Arbitrary File Read sc0pe template
    v8.8 – Added PHP Composer Disclosure sc0pe template
    v8.8 – Added Git Config Disclosure sc0pe template
    v8.8 – Added updated NMap vulscan DB files
    v8.8 – Added CVE-2020-9047 – exacqVision Web Service Remote Code Execution sc0pe template
    v8.8 – Removed UDP port scan settings/options and combined with full portscan ports
    v8.8 – Added CVE-2019-8442 – Jira Webroot Directory Traversal sc0pe template
    v8.8 – Added CVE-2020-2034 – PAN-OS GlobalProtect OS Command Injection sc0pe template
    v8.8 – Added CVE-2020-2551 – Unauthenticated Oracle WebLogic Server Remote Code Execution sc0pe template
    v8.8 – Added CVE-2020-14181 – User Enumeration Via Insecure Jira Endpoint sc0pe template
    v8.8 – Added Smuggler HTTP request smuggling detection
    v8.8 – Added CVE-2020-0618 – Remote Code Execution SQL Server Reporting Services sc0pe template
    v8.8 – Added CVE-2020-5412 – Full-read SSRF in Spring Cloud Netflix sc0pe template
    v8.8 – Added Jaspersoft Detected sc0pe template
    v8.8 – Added improved dirsearch exclude options to all web file/dir searches
    v8.8 – Fixed naming conflict for theharvester
    v8.8 – Created backups of all NMap HTML reports for fullportonly scans
    v8.8 – Added line limit to GUA URL’s displayed in console


This is the hidden content, please

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.