Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is Xero Security's premium reporting addon for Professional Penetration Testers, Bug Bounty Researchers and Corporate Security teams to manage large environments and pentest scopes.
Demo
Installation:
Step 1: git clone https://github.com/1N3/Sn1per.git
Step 2: cd Sn1per
Step 3: ./install.sh
Step 4: ./Sn1per
Usage:
# ./Sn1per -t (Target.com)
Example: ./Sn1per -t testsite.com
Commands And Usages
[*] SPECIFY CUSTOM CONFIG FILE
sniper -c /full/path/to/sniper.conf -t -m -w
[*] NORMAL MODE + OSINT + RECON
sniper -t -o -re
[*] STEALTH MODE + OSINT + RECON
sniper -t -m stealth -o -re
[*] DISCOVER MODE
sniper -t -m discover -w
[*] SCAN ONLY SPECIFIC PORT
sniper -t -m port -p
[*] FULLPORTONLY SCAN MODE
sniper -t -fp
[*] WEB MODE - PORT 80 + 443 ONLY!
sniper -t -m web
[*] HTTP WEB PORT MODE
sniper -t -m webporthttp -p
[*] HTTPS WEB PORT MODE
sniper -t -m webporthttps -p
[*] HTTP WEBSCAN MODE
sniper -t -m webscan
[*] ENABLE BRUTEFORCE
sniper -t -b
[*] AIRSTRIKE MODE
sniper -f targets.txt -m airstrike
[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED
sniper -f targets.txt -m nuke -w
[*] MASS PORT SCAN MODE
sniper -f targets.txt -m massportscan -w
[*] MASS WEB SCAN MODE
sniper -f targets.txt -m massweb -w
[*] MASS WEBSCAN SCAN MODE
sniper -f targets.txt -m masswebscan -w
[*] MASS VULN SCAN MODE
sniper -f targets.txt -m massvulnscan -w
[*] PORT SCAN MODE
sniper -t -m port -p
[*] LIST WORKSPACES
sniper --list
[*] DELETE WORKSPACE
sniper -w -d
[*] DELETE HOST FROM WORKSPACE
sniper -w -t -dh
[*] GET SNIPER SCAN STATUS
sniper --status
[*] LOOT REIMPORT FUNCTION
sniper -w --reimport
[*] LOOT REIMPORTALL FUNCTION
sniper -w --reimportall
[*] LOOT REIMPORT FUNCTION
sniper -w --reload
[*] LOOT EXPORT FUNCTION
sniper -w --export
[*] SCHEDULED SCANS
sniper -w -s daily|weekly|monthly
[*] USE A CUSTOM CONFIG
sniper -c /path/to/sniper.conf -t -w
[*] UPDATE SNIPER
sniper -u|--update
Sn1per Features
-
Automatically collects basic recon (ie. whois, ping, DNS, etc.)
-
Automatically launches Google hacking queries against a target domain
-
Automatically enumerates open ports via NMap port scanning
-
Automatically exploit common vulnerabilities
-
Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers
-
Automatically checks for sub-domain hijacking
-
Automatically runs targeted NMap scripts against open ports
-
Automatically runs targeted Metasploit scan and exploit modules
-
Automatically scans all web applications for common vulnerabilities
-
Automatically brute forces ALL open services
-
Automatically test for anonymous FTP access
-
Automatically runs WPScan, Arachni and Nikto for all web services
-
Automatically enumerates NFS shares
-
Automatically test for anonymous LDAP access
-
Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities
-
Automatically enumerate SNMP community strings, services and users
-
Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067
-
Automatically tests for open X11 servers
-
Performs high level enumeration of multiple hosts and subnets
-
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
-
Automatically gathers screenshots of all web sites
-
Create individual workspaces to store all scan output
-
Scheduled scans (https://github.com/1N3/Sn1per/wiki/Scheduled-Scans)
-
Slack API integration (https://github.com/1N3/Sn1per/wiki/Slack-API-Integration)
-
Hunter.io API integration (https://github.com/1N3/Sn1per/wiki/Hunter.io-API-Integration)
-
OpenVAS API integration (https://github.com/1N3/Sn1per/wiki/OpenVAS-Integration)
-
Burpsuite Professional 2.x integration (https://github.com/1N3/Sn1per/wiki/Burpsuite-Professional-2.x-Integration)
-
Shodan API integration (https://github.com/1N3/Sn1per/wiki/Shodan-Integration)
-
Censys API integration (https://github.com/1N3/Sn1per/wiki/Censys-API-Integration)
-
Metasploit integration (https://github.com/1N3/Sn1per/wiki/Metasploit-Integration)