XeroSecurity is proud to announce the release of our Brute Force Add-on for Sn1per Professional v8.0! This will further enhance Sn1per’s ability to scan for weak or default credentials across your workspace. The new add-on comes with a host of options that can be easily configured from the Sn1per web UI and launched via the Command Execution Add-on. The result is a powerful combination of dynamic scanning options combined with professional reporting to help you quickly and easily find vulnerabilities in your environment.
Check for default and weak credentials in a target environment.
Single & built-in multi target selections.
Scan laterally across built-in host lists in your workspace.
Customized wordlist selections for usernames and passwords.
Automatic brute forcing of all services via BruteX.
One of the biggest changes you’ll notice is a complete transition from static client-side HTML reports to dynamic server side PHP code. This has several advantages:
Improved reporting performance (no need to regenerate reports after each scan).
View multiple remote and local Sn1per instances from a secure HTTPS enabled web UI with built-in authentication. This includes utilizing Sn1per on remote VPS instances where you might only have SSH and web access with no X windows GUI environment.
Compatibility with Docker on any OS (ie. Mac/Linux/Windows, etc). Simply map port 1337/tcp on your Docker instance to your local IP (ie. docker run -p 1337:1337 -it sn1per /bin/bash) and navigate to the web UI (ie. https://127.0.0.1:1337).
With the Command Execution Add-on, you can now easily manage multiple Sn1per Professional instances from the web interface without ever touching the command line.
Initiate Sn1per scans from the web UI.
Single & multi target selections.
Auxiliary mode selection.
Scheduled/recurring scan selection.
Manage workspaces from the web UI.
View scan status and command output.
Check for Sn1per updates.
New Viewing Options
New split screen or single pane views were added for easy navigation and viewing of workspaces, host reports and command status. This allows you to simultaneously view the workspace report in one panel while you browse each individual host report in the other panel. Alternatively, you can also choose 100% responsive single panel for full screen width viewing.
Another big change in v8.0 was the addition of CSV reporting and exports of all inventory (ie. domain, IP, server headers, HTTP status codes & open ports) via the workspace host list. This allows full text searching, sorting and advanced filtering options of all inventory.
New host filters and views were added to show “All Hosts”, “Open Ports” and “Web Hosts”. This makes finding interesting hosts much easier when browsing the host table and improved performance dramatically.
Host Table Sorting
Improved host table allows filtering and sorting for domain/IP, DNS, HTTP headers, HTTP status codes and open ports. Use the filter input to further narrow the search.
The new host jump input field allows you to enter the hostname or IP address of the target to view the detailed host report. This is handy when you need to view the exact targets report immediately. No need to search, sort or filter!
NMap Vulnerability Reporting
NMap CVE vulnerability reporting was also added to the “Vulnerabilities” section using the “Vulners” CVE scripting engine to report open CVE’s based on service banners detected.
A new “Updates” panel was added to the workspace navigator to view all add-on modules and updates for Sn1per. This allows seamless notifications and updates for all Sn1per updates and new modules as they get released. This will become increasingly useful as we add more modules or release more updates in the future.
Prior to version 8.0, the “Web Files” and “Web URL’s” section of the report contained text based output of all links detected. Now in version 8.0, we changed to links to actual web links to easily view all hosted content from the detailed host reports. This makes viewing discovered content extremely easy and fluid.
In this post, we’ve outlined the major changes of Sn1per Professional version 8.0, but it’s important to note that we have kept all the existing features and functionality from version 7.0 and below as well. If you are not familiar with all of these features, feel free to check our blog post for more details here.
You asked. We listened and are offering to include the new “Command Execution Add-on” for any previous customers who upgrade to Sn1per Professional v8.0 before January 31st, 2020 (a savings of $49!).
Please contact us at [email protected] with your previous license key/order number after purchasing Sn1per Professional v8.0 to receive the Command Execution Add-on download link! Offer only applies to verified previous customers.