- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.
FEATURES:
Automatically collects basic recon (ie. whois, ping, DNS, etc.)
Automatically launches Google hacking queries against a target domain
Automatically enumerates open ports via Nmap port scanning
Automatically brute forces sub-domains gathers DNS info and checks for zone transfers
Automatically checks for sub-domain hijacking
Automatically runs targeted Nmap scripts against open ports
Automatically runs targeted Metasploit scan and exploit modules
Automatically scans all web applications for common vulnerabilities
Automatically brute forces ALL open services
Automatically test for anonymous FTP access
Automatically runs WPScan, Arachni and Nikto for all web services
Automatically enumerates NFS shares
Automatically test for anonymous LDAP access
Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities
Automatically enumerate SNMP community strings, services and users
Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
Automatically tests for open X11 servers
Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
Performs high-level enumeration of multiple hosts and subnets
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
Automatically gathers screenshots of all websites
Create individual workspaces to store all scan output
Changelog
v8.7 – Updated web file bruteforce lists
v8.7 – Added updated Slack API integration/notifications
v8.7 – Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers
v8.7 – Added CVE-2020-15129 – Open Redirect In Traefik sc0pe template
v8.7 – Added MobileIron Login sc0pe template
v8.7 – Added Revive Adserver XSS sc0pe template
v8.7 – Added IceWarp Webmail XSS sc0pe template
v8.7 – Added Mara CMS v7.5 XSS sc0pe template
v8.7 – Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template
v8.7 – Added Magento 2.3.0 SQL Injection sc0pe template
v8.7 – Added CVE-2020-15920 – Unauthenticated RCE at Mida eFramework sc0pe template
v8.7 – Added CVE-2019-7192 – QNAP Pre-Auth Root RCE sc0pe template
v8.7 – Added CVE-2020-10204 – Sonatype Nexus Repository RCE sc0pe template
v8.7 – Added CVE-2020-13167 – Netsweeper WebAdmin unixlogin.php Python Code Injection sc0pe template
v8.7 – Added CVE-2020-2140 – Jenkin AuditTrailPlugin XSS sc0pe template
v8.7 – Added CVE-2020-7209 – LinuxKI Toolset 6.01 Remote Command Execution sc0pe template
v8.7 – Added CVE-2019-16662 – rConfig 3.9.2 Remote Code Execution sc0pe template
v8.7 – Added Sitemap.xml Detected sc0pe template
v8.7 – Added Robots.txt Detected sc0pe template
v8.7 – Added AWS S3 Public Bucket Listing sc0pe template
v8.7 – Fixed logic error in stealth mode recon scans not running
v8.7 – Added CVE-2020-7048 – WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template
v8.7 – Fixed F- detection in WordPress Sc0pe templates
v8.7 – Added CVE-2020-11530 – WordPress Chop Slider 3 Plugin SQL Injection sc0pe template
v8.7 – Added CVE-2019-11580 – Atlassian Crowd Data Center Unauthenticated RCE sc0pe template
v8.7 – Added CVE-2019-16759 – vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template