- Joined
- Jan 8, 2019
- Messages
- 56,612
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,454
- Points
- 2,313
- Credits
- 32,640
6 Years of Service
76%
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.
FEATURES:
Automatically collects basic recon (ie. whois, ping, DNS, etc.)
Automatically launches Google hacking queries against a target domain
Automatically enumerates open ports via Nmap port scanning
Automatically brute forces sub-domains gathers DNS info and checks for zone transfers
Automatically checks for sub-domain hijacking
Automatically runs targeted Nmap scripts against open ports
Automatically runs targeted Metasploit scan and exploit modules
Automatically scans all web applications for common vulnerabilities
Automatically brute forces ALL open services
Automatically test for anonymous FTP access
Automatically runs WPScan, Arachni and Nikto for all web services
Automatically enumerates NFS shares
Automatically test for anonymous LDAP access
Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities
Automatically enumerate SNMP community strings, services and users
Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
Automatically tests for open X11 servers
Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
Performs high-level enumeration of multiple hosts and subnets
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
Automatically gathers screenshots of all websites
Create individual workspaces to store all scan output
Changelog
v8.6 – Added new Sn1per configuration flow that allows persistent user configurations and API key transfer
v8.6 – Updated port lists to remove duplicate ports error and slim down list
v8.6 – Updated PHP to 7.4
v8.6 – Added CVE-2020-12720 – vBulletin Unauthenticaed SQLi
v8.6 – Added CVE-2020-9757 – SEOmatic < 3.3.0 Server-Side Template Injection
v8.6 – Added CVE-2020-1147 – Remote Code Execution in Microsoft SharePoint Server
v8.6 – Added CVE-2020-3187 – Citrix Unauthenticated File Deletion
v8.6 – Added CVE-2020-8193 – Citrix Unauthenticated LFI
v8.6 – Added CVE-2020-8194 – Citrix ADC & NetScaler Gateway Reflected Code Injection
v8.6 – Added CVE-2020-8982 – Citrix ShareFile StorageZones Unauthenticated Arbitrary File Read
v8.6 – Added CVE-2020-9484 – Apache Tomcat RCE by deserialization
v8.6 – Added Cisco VPN scanner template
v8.6 – Added Tiki Wiki CMS scanner template
v8.6 – Added Palo Alto PAN OS Portal scanner template
v8.6 – Added SAP NetWeaver AS JAVA LM Configuration Wizard Detection
v8.6 – Added delete task workspace function to remove running tasks
v8.6 – Added CVE-2020-3452 – Cisco ASA/FTD Arbitrary File Reading Vulnerability Sc0pe template
v8.6 – Updated theharvester command to exclude github-code search
v8.6 – Updated theharvester installer to v3.1
v8.6 – Added urlscan.io API to OSINT mode (-o)
v8.6 – Added OpenVAS package to install.sh
v8.6 – Added Palo Alto GlobalProtect PAN-OS Portal Sc0pe template
v8.6 – Fixed issue with Javascript downloader downloading localhost files instead of target
v8.6 – Added CVE-2020-5902 F5 BIG-IP RCE sc0pe template
v8.6 – Added CVE-2020-5902 F5 BIG-IP XSS sc0pe template
v8.6 – Added F5 BIG-IP detection sc0pe template
v8.6 – Added interesting ports sc0pe template
v8.6 – Added components with known vulnerabilities sc0pe template
v8.6 – Added server header disclosure sc0pe template
v8.6 – Added SMBv1 enabled sc0pe template
v8.6 – Removed verbose comment from stealth scan