- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,456
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.
FEATURES:
Automatically collects basic recon (ie. whois, ping, DNS, etc.)
Automatically launches Google hacking queries against a target domain
Automatically enumerates open ports via Nmap port scanning
Automatically brute forces sub-domains gathers DNS info and checks for zone transfers
Automatically checks for sub-domain hijacking
Automatically runs targeted Nmap scripts against open ports
Automatically runs targeted Metasploit scan and exploit modules
Automatically scans all web applications for common vulnerabilities
Automatically brute forces ALL open services
Automatically test for anonymous FTP access
Automatically runs WPScan, Arachni and Nikto for all web services
Automatically enumerates NFS shares
Automatically test for anonymous LDAP access
Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities
Automatically enumerate SNMP community strings, services and users
Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
Automatically tests for open X11 servers
Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
Performs high-level enumeration of multiple hosts and subnets
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
Automatically gathers screenshots of all websites
Create individual workspaces to store all scan output
Changelog
v8.8 – Added automatic ‘flyover’ scans of all discovered domains for ‘recon’ mode
v8.8 – Added static grep searching rules of all URL’s and sub-domains (see sniper.conf for details)
v8.8 – Added verbose status logging to flyover mode showing HTTP status/redirect/title, etc.
v8.8 – Added integration for Port Scanner Add-on for Sn1per Professional
v8.8 – Added enhanced scanning of all unique dynamic URL’s via InjectX fuzzer
v8.8 – Added CVE-2020-25213 – WP File Manager File Upload sc0pe template
v8.8 – Added cPanel Login Found sc0pe template
v8.8 – Added WordPress WP-File-Manager Version Detected sc0pe template
v8.8 – Added VMware vCenter Unauthenticated Arbitrary File Read sc0pe template
v8.8 – Added PHP Composer Disclosure sc0pe template
v8.8 – Added Git Config Disclosure sc0pe template
v8.8 – Added updated NMap vulscan DB files
v8.8 – Added CVE-2020-9047 – exacqVision Web Service Remote Code Execution sc0pe template
v8.8 – Removed UDP port scan settings/options and combined with full portscan ports
v8.8 – Added CVE-2019-8442 – Jira Webroot Directory Traversal sc0pe template
v8.8 – Added CVE-2020-2034 – PAN-OS GlobalProtect OS Command Injection sc0pe template
v8.8 – Added CVE-2020-2551 – Unauthenticated Oracle WebLogic Server Remote Code Execution sc0pe template
v8.8 – Added CVE-2020-14181 – User Enumeration Via Insecure Jira Endpoint sc0pe template
v8.8 – Added Smuggler HTTP request smuggling detection
v8.8 – Added CVE-2020-0618 – Remote Code Execution SQL Server Reporting Services sc0pe template
v8.8 – Added CVE-2020-5412 – Full-read SSRF in Spring Cloud Netflix sc0pe template
v8.8 – Added Jaspersoft Detected sc0pe template
v8.8 – Added improved dirsearch exclude options to all web file/dir searches
v8.8 – Fixed naming conflict for theharvester
v8.8 – Created backups of all NMap HTML reports for fullportonly scans
v8.8 – Added line limit to GUA URL’s displayed in console