Aftermath2020 #001 with @xer0dayz – Live Bug Bounty Recon with Sn1per Professional

Highlights:

0:35 – Basic single domain recon with Sn1per Professional v8.0 + Command Execution Add-on
3:27 – Analyzing scan results via split screen Sn1per Professional host reports
5:45 – Discovering hidden content via Sn1per Professional Fuzzer add-on (unreleased)
7:23 – Sn1per Professional workspace navigator search/filter
7:31 – Sn1per Professionla ‘recon’ mode to discover sub-domains
9:00 – Sn1per ‘flyover’ mode of discovered domains from the command line
13:50 – Sn1per Professional ‘web’ mode visual recon
15:00 – Sn1per Professional ‘web’ mode scan
17:30 – Analyzing scan results and browsing discovered URL’s
20:00 – Using Sn1per Professional’s recon links to perform recon on TLD
32:30 – Sn1per Professional workspace report filtering for live web hosts
33:45 – Utilizing Sn1per Professional’s quick links to view websites
38:18 – Digging deeper manually into interesting hosts
40:00 – Leveraging Burpsuite Professional with Collaborator to catch emails and analyze HTTP requests
42:26 – Running URL Fuzzer Add-on to fuzz dynamic URL’s for open redirects and CRLF vulnerabilities (unreleased)
43:56 – Using Sn1per Professional’s built-in Notepad to keep/store notes in workspace
46:55 – Discovering hidden content via Sn1per Professional Fuzzer add-on (unreleased)
48:14 – Setting up Burpsuite Professional certificate authority to intercept HTTPS traffic
49:32 – Installing and using Burpsuite CO2 plugin to scan for SQL injection
50:38 – Manually fuzzing dynamic URL’s via Burpsuite Intruder
56:24 – Manually analyzing fuzzer results to discover hidden content
1:01:00 – Brute forcing basic authentication with Sn1per Professional’s Brute Force add-on (unreleased)
1:06:36 – Manually fuzzing dynamic URL’s via Burpsuite Intruder
1:14:22 – Using Sn1per Professional’s CSV export to view host table

Sn1per Professional v8.0 Brute Force Add-on Released!

Sn1per Professional v8.0 Brute Force Add-on

XeroSecurity is proud to announce the release of our Brute Force Add-on for Sn1per Professional v8.0! This will further enhance Sn1per’s ability to scan for weak or default credentials across your workspace. The new add-on comes with a host of options that can be easily configured from the Sn1per web UI and launched via the Command Execution Add-on. The result is a powerful combination of dynamic scanning options combined with professional reporting to help you quickly and easily find vulnerabilities in your environment.

Features

  • Check for default and weak credentials in a target environment.
  • Single & built-in multi target selections.
  • Scan laterally across built-in host lists in your workspace.
  • Customized wordlist selections for usernames and passwords.
  • Automatic brute forcing of all services via BruteX.
  • Reporting of all output via the Command Execution Add-on.

Screenshots

Sn1per Professional v8.0 Brute Force Add-on
Sn1per Professional v8.0 Brute Force Add-on Scan
Sn1per Professional v8.0 Brute Force Add-on Report

Demo

Buy now!

As always, feel free to reach out to us at [email protected] with any questions!

Sn1per Professional v8.0 – What’s New?

Sn1per Professional v8.0 Box
Sn1per Professional v8.0

If you’re a new or returning customer, you might be wondering what’s new in Sn1per Professional v8.0. In this post, I’ve highlighted the key features and differences compared to Sn1per Professional v7.0 and below.

Secure Web UI & Dynamic Reporting

One of the biggest changes you’ll notice is a complete transition from static client-side HTML reports to dynamic server side PHP code. This has several advantages:

  • Improved reporting performance (no need to regenerate reports after each scan).
  • View multiple remote and local Sn1per instances from a secure HTTPS enabled web UI with built-in authentication. This includes utilizing Sn1per on remote VPS instances where you might only have SSH and web access with no X windows GUI environment.
Sn1per Professional v8.0 Secure Web UI
Sn1per Professional v8.0 Secure Web UI
  • Compatibility with Docker on any OS (ie. Mac/Linux/Windows, etc). Simply map port 1337/tcp on your Docker instance to your local IP (ie. docker run -p 1337:1337 -it sn1per /bin/bash) and navigate to the web UI (ie. https://127.0.0.1:1337).
Sn1per Professional v8.0 Docker VPS
Sn1per Professional v8.0 Docker VPS

Modular Design & Add-ons

Another big improvement in v8.0 is a new modular design which allows importing of additional features and add-ons without modifying the core code (ie. Sn1per Professional Command Execution Add-on).

Command Execution Add-on

With the Command Execution Add-on, you can now easily manage multiple Sn1per Professional instances from the web interface without ever touching the command line.

  • Initiate Sn1per scans from the web UI.
    • Single & multi target selections.
    • Mode selection.
    • Auxiliary mode selection.
    • Scheduled/recurring scan selection.
  • Manage workspaces from the web UI.
    • Create workspaces.
    • Add hosts.
    • Delete hosts.
    • Delete workspaces.
  • View scan status and command output.
  • Check for Sn1per updates.
Sn1per-v8.0-command-exec-addon1
Sn1per Professional v8.0 Command Execution Add-on
Sn1per Professional v8.0 Command Execution Add-on Task Manager
Sn1per Professional v8.0 Command Execution Add-on Task Manager

New Viewing Options

New split screen or single pane views were added for easy navigation and viewing of workspaces, host reports and command status. This allows you to simultaneously view the workspace report in one panel while you browse each individual host report in the other panel. Alternatively, you can also choose 100% responsive single panel for full screen width viewing.

Sn1per-Professional-v8.0-command-execution-addon2
Sn1per Professional v8.0 Command Execution Add-on

CSV Exporting

Another big change in v8.0 was the addition of CSV reporting and exports of all inventory (ie. domain, IP, server headers, HTTP status codes & open ports) via the workspace host list. This allows full text searching, sorting and advanced filtering options of all inventory.

Sn1per Professional v8.0 CSV Report
Sn1per Professional v8.0 CSV Report

Host Filters

New host filters and views were added to show “All Hosts”, “Open Ports” and “Web Hosts”. This makes finding interesting hosts much easier when browsing the host table and improved performance dramatically.

Sn1per Professional v8.0 Host List
Sn1per Professional v8.0 Host List

Host Table Sorting

Improved host table allows filtering and sorting for domain/IP, DNS, HTTP headers, HTTP status codes and open ports. Use the filter input to further narrow the search.

Sn1per Professional v8.0 Web Hosts View
Sn1per Professional v8.0 Web Hosts View

Host Jump

The new host jump input field allows you to enter the hostname or IP address of the target to view the detailed host report. This is handy when you need to view the exact targets report immediately. No need to search, sort or filter!

Sn1per Professional v8.0 Host Jump
Sn1per Professional v8.0 Host Jump

NMap Vulnerability Reporting

NMap CVE vulnerability reporting was also added to the “Vulnerabilities” section using the “Vulners” CVE scripting engine to report open CVE’s based on service banners detected.

Sn1per Professional v8.0 NMap Vulnerabilities
Sn1per Professional v8.0 NMap Vulnerabilities

Updates Panel

A new “Updates” panel was added to the workspace navigator to view all add-on modules and updates for Sn1per. This allows seamless notifications and updates for all Sn1per updates and new modules as they get released. This will become increasingly useful as we add more modules or release more updates in the future.

Sn1per-v8.0-updates-panel1
Sn1per Professional v8.0 Updates Panel

Web Links

Prior to version 8.0, the “Web Files” and “Web URL’s” section of the report contained text based output of all links detected. Now in version 8.0, we changed to links to actual web links to easily view all hosted content from the detailed host reports. This makes viewing discovered content extremely easy and fluid.

Sn1per Professional v8.0 Web File Links
Sn1per Professional v8.0 Web File Links

Additional Features

In this post, we’ve outlined the major changes of Sn1per Professional version 8.0, but it’s important to note that we have kept all the existing features and functionality from version 7.0 and below as well. If you are not familiar with all of these features, feel free to check our blog post for more details here.

Buy now!

As always, feel free to reach out to us at [email protected] with any questions!

Recent Comments