- Joined
- Jan 8, 2019
- Messages
- 56,623
- Solutions
- 2
- Reputation
- 32
- Reaction score
- 100,455
- Points
- 2,313
- Credits
- 32,750
6 Years of Service
76%
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com.
FEATURES:
Automatically collects basic recon (ie. whois, ping, DNS, etc.)
Automatically launches Google hacking queries against a target domain
Automatically enumerates open ports via Nmap port scanning
Automatically brute forces sub-domains gathers DNS info and checks for zone transfers
Automatically checks for sub-domain hijacking
Automatically runs targeted Nmap scripts against open ports
Automatically runs targeted Metasploit scan and exploit modules
Automatically scans all web applications for common vulnerabilities
Automatically brute forces ALL open services
Automatically test for anonymous FTP access
Automatically runs WPScan, Arachni and Nikto for all web services
Automatically enumerates NFS shares
Automatically test for anonymous LDAP access
Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities
Automatically enumerate SNMP community strings, services and users
Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
Automatically tests for open X11 servers
Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
Performs high-level enumeration of multiple hosts and subnets
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
Automatically gathers screenshots of all websites
Create individual workspaces to store all scan output
Changelog
v9.1 – Fixed issue with dirsearch installation/command syntax update
v9.1 – Updated Nuclei sc0pe templates
v9.1 – Fixed issue with Nuclei sc0pe parsers not working
v9.1 – Fixed issue with GAU installer/commmand not working
v9.1 – Fixed issue with passive URL fetching
v9.1 – Fixed issue with nuclei not being installed
v9.1 – Removed error in hackertarget URL fetching
v9.1 – Added dnsutils to installer to fix missing deps
v9.1 – Fixed issue with gau in webscan modes not running
v9.1 – Updated subfinder to latest version
v9.1 – Added new email spoofing security checks to OSINT mode (-o)
v9.1 – Removed spoofcheck.py
v9.1 – Updated timeout settings for curl which was causing sockets/scans to hang
v9.1 – Fixed issue with Nuclei symlink missing in installer
v9.1 – Fixed issue with Nuclei sc0pe parser not parsing results correctly
v9.1 – Fixed issue with Dirsearch not running due to invalid command settings
v9.1 – Fixed issue with Nuclei templates not being installed
v9.1 – Fixed issue with enum4linux command not being installed
v9.1 – Fixed HackerTarget API integration
v9.1 – Fixed issue with ping command not being installed
v9.1 – Fixed issue with carriage returns in conf
v9.1 – Fixed issue with DNS resolution in ‘discover’ mode scans causing duplicate hosts
v9.1 – Fixed issue with bruteforce running automatically due to changes in conf file
v9.1 – Added verbose scan notifications for disabled conf options
v9.1 – Updated default aux mode options in default sniper.conf