Your Perfect Cybersecurity Partner

Stay Connected:

SN1PER Tool-Web App Vulnerability Scanner

Image

Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.

Demo

Installation:

Step 1: git clone https://github.com/1N3/Sn1per.git

Step 2: cd Sn1per

Step 3: ./install.sh

Step 4: ./Sn1per

Usage:

# ./Sn1per -t (Target.com)

Example:  ./Sn1per -t testsite.com

Commands And Usages

 [*] SPECIFY CUSTOM CONFIG FILE

 sniper -c /full/path/to/sniper.conf -t -m -w

 [*] NORMAL MODE + OSINT + RECON

 sniper -t -o -re

 [*] STEALTH MODE + OSINT + RECON

 sniper -t -m stealth -o -re

 [*] DISCOVER MODE

 sniper -t -m discover -w

 [*] SCAN ONLY SPECIFIC PORT

 sniper -t -m port -p

 [*] FULLPORTONLY SCAN MODE

 sniper -t -fp

 [*] WEB MODE - PORT 80 + 443 ONLY!

 sniper -t -m web

 [*] HTTP WEB PORT MODE

 sniper -t -m webporthttp -p

 [*] HTTPS WEB PORT MODE

 sniper -t -m webporthttps -p

 [*] HTTP WEBSCAN MODE

 sniper -t -m webscan

 [*] ENABLE BRUTEFORCE

 sniper -t -b

 [*] AIRSTRIKE MODE

 sniper -f targets.txt -m airstrike

 [*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED

 sniper -f targets.txt -m nuke -w

 [*] MASS PORT SCAN MODE

 sniper -f targets.txt -m massportscan -w

 [*] MASS WEB SCAN MODE

 sniper -f targets.txt -m massweb -w

 [*] MASS WEBSCAN SCAN MODE

 sniper -f targets.txt -m masswebscan -w

 [*] MASS VULN SCAN MODE

 sniper -f targets.txt -m massvulnscan -w

 [*] PORT SCAN MODE

 sniper -t -m port -p

 [*] LIST WORKSPACES

 sniper --list

 [*] DELETE WORKSPACE

 sniper -w -d

 [*] DELETE HOST FROM WORKSPACE

 sniper -w -t -dh

 [*] GET SNIPER SCAN STATUS

 sniper --status

 [*] LOOT REIMPORT FUNCTION

 sniper -w --reimport

 [*] LOOT REIMPORTALL FUNCTION

 sniper -w --reimportall

 [*] LOOT REIMPORT FUNCTION

 sniper -w --reload

 [*] LOOT EXPORT FUNCTION

 sniper -w --export

 [*] SCHEDULED SCANS

 sniper -w -s daily|weekly|monthly

 [*] USE A CUSTOM CONFIG

 sniper -c /path/to/sniper.conf -t -w

 [*] UPDATE SNIPER

 sniper -u|--update

Sn1per Features

  • Automatically collects basic recon (ie. whois, ping, DNS, etc.)

  •  Automatically launches Google hacking queries against a target domain

  •  Automatically enumerates open ports via NMap port scanning

  •  Automatically exploit common vulnerabilities

  •  Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers

  •  Automatically checks for sub-domain hijacking

  •  Automatically runs targeted NMap scripts against open ports

  •  Automatically runs targeted Metasploit scan and exploit modules

  •  Automatically scans all web applications for common vulnerabilities

  •  Automatically brute forces ALL open services

  •  Automatically test for anonymous FTP access

  •  Automatically runs WPScan, Arachni and Nikto for all web services

  •  Automatically enumerates NFS shares

  •  Automatically test for anonymous LDAP access

  •  Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities

  •  Automatically enumerate SNMP community strings, services and users

  •  Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067

  •  Automatically tests for open X11 servers

  •  Performs high level enumeration of multiple hosts and subnets

  •  Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting

  •  Automatically gathers screenshots of all web sites

  •  Create individual workspaces to store all scan output

  •  Scheduled scans (https://github.com/1N3/Sn1per/wiki/Scheduled-Scans)

  •  Slack API integration (https://github.com/1N3/Sn1per/wiki/Slack-API-Integration)

  •  Hunter.io API integration (https://github.com/1N3/Sn1per/wiki/Hunter.io-API-Integration)

  •  OpenVAS API integration (https://github.com/1N3/Sn1per/wiki/OpenVAS-Integration)

  •  Burpsuite Professional 2.x integration (https://github.com/1N3/Sn1per/wiki/Burpsuite-Professional-2.x-Integration)

  •  Shodan API integration (https://github.com/1N3/Sn1per/wiki/Shodan-Integration)

  •  Censys API integration (https://github.com/1N3/Sn1per/wiki/Censys-API-Integration)

  •  Metasploit integration (https://github.com/1N3/Sn1per/wiki/Metasploit-Integration)