Sn1per v8.7 releases: Automated Pentest Recon Scanner
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com.
- Automatically collects basic recon (ie. whois, ping, DNS, etc.)
- Automatically launches Google hacking queries against a target domain
- Automatically enumerates open ports via Nmap port scanning
- Automatically brute forces sub-domains gathers DNS info and checks for zone transfers
- Automatically checks for sub-domain hijacking
- Automatically runs targeted Nmap scripts against open ports
- Automatically runs targeted Metasploit scan and exploit modules
- Automatically scans all web applications for common vulnerabilities
- Automatically brute forces ALL open services
- Automatically test for anonymous FTP access
- Automatically runs WPScan, Arachni and Nikto for all web services
- Automatically enumerates NFS shares
- Automatically test for anonymous LDAP access
- Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities
- Automatically enumerate SNMP community strings, services and users
- Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
- Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
- Automatically tests for open X11 servers
- Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
- Performs high-level enumeration of multiple hosts and subnets
- Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
- Automatically gathers screenshots of all websites
- Create individual workspaces to store all scan output
- v8.7 – Updated web file bruteforce lists
- v8.7 – Added updated Slack API integration/notifications
- v8.7 – Added Arachni, Nikto, Nessus, NMap + 20 passive sc0pe vulnerability parsers
- v8.7 – Added CVE-2020-15129 – Open Redirect In Traefik sc0pe template
- v8.7 – Added MobileIron Login sc0pe template
- v8.7 – Added Revive Adserver XSS sc0pe template
- v8.7 – Added IceWarp Webmail XSS sc0pe template
- v8.7 – Added Mara CMS v7.5 XSS sc0pe template
- v8.7 – Added Administrative Privilege Escalation in SAP NetWeaver sc0pe template
- v8.7 – Added Magento 2.3.0 SQL Injection sc0pe template
- v8.7 – Added CVE-2020-15920 – Unauthenticated RCE at Mida eFramework sc0pe template
- v8.7 – Added CVE-2019-7192 – QNAP Pre-Auth Root RCE sc0pe template
- v8.7 – Added CVE-2020-10204 – Sonatype Nexus Repository RCE sc0pe template
- v8.7 – Added CVE-2020-13167 – Netsweeper WebAdmin unixlogin.php Python Code Injection sc0pe template
- v8.7 – Added CVE-2020-2140 – Jenkin AuditTrailPlugin XSS sc0pe template
- v8.7 – Added CVE-2020-7209 – LinuxKI Toolset 6.01 Remote Command Execution sc0pe template
- v8.7 – Added CVE-2019-16662 – rConfig 3.9.2 Remote Code Execution sc0pe template
- v8.7 – Added Sitemap.xml Detected sc0pe template
- v8.7 – Added Robots.txt Detected sc0pe template
- v8.7 – Added AWS S3 Public Bucket Listing sc0pe template
- v8.7 – Fixed logic error in stealth mode recon scans not running
- v8.7 – Added CVE-2020-7048 – WP Database Reset 3.15 Unauthenticated Database Reset sc0pe template
- v8.7 – Fixed F- detection in WordPress Sc0pe templates
- v8.7 – Added CVE-2020-11530 – WordPress Chop Slider 3 Plugin SQL Injection sc0pe template
- v8.7 – Added CVE-2019-11580 – Atlassian Crowd Data Center Unauthenticated RCE sc0pe template
- v8.7 – Added CVE-2019-16759 – vBulletin 5.x 0-Day Pre-Auth Remote Command Execution Bypass sc0pe template
git clone https://github.com/1N3/Sn1per.git
- REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append ‘report’ to any sniper mode or command.
- STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
- DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
- PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
- FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
- WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
- NOBRUTE: Launches a full scan against a target host/domain without brute-forcing services.
- AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP’s that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
- NUKE: Launch full audit of multiple hosts specified in the text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
- LOOT: Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type ‘sniper loot’.
Copyright (C) 1N3@CrowdShield, @xer0dayz and @XeroSecurity