Sn1per v6.1 releases: Automated Pentest Recon Scanner

Published by Dark on

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security’s premium reporting add-on for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes. For more information regarding Sn1per Professional, go to https://xerosecurity.com.

FEATURES:

  • Automatically collects basic recon (ie. whois, ping, DNS, etc.)
  • Automatically launches Google hacking queries against a target domain
  • Automatically enumerates open ports via Nmap port scanning
  • Automatically brute forces sub-domains gathers DNS info and checks for zone transfers
  • Automatically checks for sub-domain hijacking
  • Automatically runs targeted Nmap scripts against open ports
  • Automatically runs targeted Metasploit scan and exploit modules
  • Automatically scans all web applications for common vulnerabilities
  • Automatically brute forces ALL open services
  • Automatically test for anonymous FTP access
  • Automatically runs WPScan, Arachni and Nikto for all web services
  • Automatically enumerates NFS shares
  • Automatically test for anonymous LDAP access
  • Automatically enumerate SSL/TLS cyphers, protocols and vulnerabilities
  • Automatically enumerate SNMP community strings, services and users
  • Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
  • Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers
  • Automatically tests for open X11 servers
  • Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
  • Performs high-level enumeration of multiple hosts and subnets
  • Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
  • Automatically gathers screenshots of all websites
  • Create individual workspaces to store all scan output

Changelog

  • v6.1 – Added automated web scanning via Burpsuite Pro 2.x API for all ‘web’ mode scans
  • v6.1 – Added Waybackmachine URL retrieval to all web scans
  • v6.1 – Converted all exploits to Metasploit
  • v6.1 – Added configuration options to set LHOST/LPORT for all Metasploit exploits in sniper.conf
  • v6.1 – Added improved web brute force dictionaries for all modes
  • v6.1 – Added individual logging for all tools under the loot directory
  • v6.1 – Added new sniper.conf options to enabled/disable all plugins and change settings per user
  • v6.1 – Fixed issue with CMSMap install/usage
  • v6.1 – Fixed issue with WPScan gem dependency missing (public_suffix)
  • v6.1 – Fixed timeout setting in cutycapt
  • v6.1 – Fixed issue with theharvester not running correctly
  • v6.1 – Fixed issue with Amass not running due to invalid command line options in latest release
  • v6.1 – Fixed issue with Sn1per Professional notepad.html missing
  • v6.1 – Cleaned up plugins and install dependencies list

Installation

git clone https://github.com/1N3/Sn1per.git
cd Sn1per
./install.sh

Usage

sniper <target> <report>
sniper <target> stealth <report>
sniper <CIDR> discover
sniper <target> port <portnum> 
sniper <target> fullportonly <portnum>
sniper <target> web <report>
sniper <target> nobrute <report>
sniper <targets.txt> airstrike <report>
sniper <targets.txt> nuke <report>
sniper loot

MODES:

  • REPORT: Outputs all results to text in the loot directory for later reference. To enable reporting, append ‘report’ to any sniper mode or command.
  • STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking
  • DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
  • PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
  • FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
  • WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
  • NOBRUTE: Launches a full scan against a target host/domain without brute forcing services.
  • AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IP’s that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
  • NUKE: Launch full audit of multiple hosts specified in the text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
  • LOOT: Automatically organizes and displays loot folder in your browser and opens Metasploit Pro and Zenmap GUI with all port scan results. To run, type ‘sniper loot’.

Copyright (C) 1N3@CrowdShield

Source: https://github.com/1N3/

Loading

Categories: Tools
Tags:

Related Posts

Tools Category
Tools

PuTTY 0.71 Released

SSH Client Updated To Fix a Large Number of Security Vulnerabilities The free and open-source SSH client updated with the fix for a number of Security Vulnerabilities including the one in RSA key exchange and Read more…

Tools Category
Tools

MITMsmtp v0.0.2 released

Evil SMTP Server for pentesting SMTP clients MITMsmtp MITMsmtp is an Evil SMTP Server for pentesting SMTP clients to catch login credentials and mails sent over plain or SSL/TLS encrypted connections. The idea is to Read more…

Tools Category
Tools

conjur v1.4.0 releases

Secures secrets used by privileged users and machine identities Conjur provides secrets management and machine identity for modern infrastructure: Machine Authorization Markup Language (“MAML”), a role-based access policy language to define system components & their Read more…