Sn1per-logo1

Sn1per Community Edition v8.4 Released!

In case you missed it, Sn1per v8.4 was released today 6/8/2020 and features a slew of new improvements and fixes which will further enhance the speed and functionality of Sn1per.

Introducing Project “Sc0pe”

To start with, Sn1per v8.4 features a completely new active and passive vulnerability scanner called “Sc0pe” which will serve as the backbone of Sn1per’s new vulnerability scan engine. The new framework will make it quick and easy to scan for the latest CVE’s and web vulnerabilities as well as open up a slew of possibilities for users to create and share their own exploits and scanners (Submit your PR’s!). For a full list of scan templates, check here.

Sc0pe Templates

Sn1per Sc0pe Templates

For anyone interested in writing or porting existing exploits over to Sc0pe, the process is super simple. First, you will need to create a new template.sh file under /usr/share/sniper/templates/active/ for active scanners and /usr/share/sniper/templates/passive/ for passive scanners. You can now copy an existing template to rename or create a new file with the following format:

AUTHOR='@xer0dayz'
VULN_NAME='Apache Solr Detected'
URI='/'
METHOD='GET'
MATCH='Solr Admin'
SEVERITY='P5 - INFO'
CURL_OPTS="--user-agent '' -s -L --insecure"
SECONDARY_COMMANDS=''
GREP_OPTIONS='-i'

Passive scanners use grep regex matching of any local file to determine vulnerability detection and use the following format:

AUTHOR='@xer0dayz'
VULN_NAME='CORS Policy - Allow-Credentials Enabled'
FILENAME="$LOOT_DIR/web/headers-htt*-$TARGET.txt"
MATCH='Access-Control-Allow-Credentials: true'
SEVERITY='P4 - LOW'
GREP_OPTIONS='-i'
SEARCH='positive'
SECONDARY_COMMANDS=''

One thing to note is that when saving template.sh file you created, be sure to not use spaces in the files (ie. CORS Policy – Allow-Credentials Enabled.sh). Instead, use underscores like “CORS_Policy_-_Allow-Credentials_Enabled.sh”.

Once your new template is created, all you need to do is run a scan. For active checks, you can choose from ‘normal’, ‘web’, ‘vulnscan’, ‘webporthttp’ and ‘webporthttps’ as well as any of the mass scan modes (ie. massweb, etc.). All other modes will only use passive scan modules to detect vulnerabilities.

Sn1per Sc0pe vulnerability report

OWASP ZAP Integration

Another major improvement added in v8.4 is the integration with OWASP ZAP. For this to work properly, you will need to have OWASP ZAP running on the same host as Sn1per and listening on port 8081/tcp.

OWASP ZAP Proxy Configuration

In addition, you will need to enable the ZAP API service and disable the API key.

OWASP ZAP API Service

The last step is to update your /root/.sniper.conf file and enable the following setting:

ZAP_SCAN="1"

After, you can run the ‘webscan’ mode (ie. sniper -t 127.0.0.1 -m webscan -w 127.0.0.1). After the scan completes, all HTML reports will be saved to /usr/share/sniper/loot/workspace/<workspace>/web/zap-report-$TARGET-$DATE.html.

Sn1per Configuration Templates

Sn1per Configuration Templates

Another major addition to Sn1per v8.4 is eight new configuration templates which can be referenced and loaded dynamically to fine tune each Sn1per scan. In the following example, we can quickly run all Metasploit web exploits against the target and skip most of the default modules to quickly scan for web vulnerabilities.

Usage: sniper -t 127.0.0.1 -m web -c /usr/share/sniper/conf/webpwn_only -w 127.0.0.1

The possibilities are endless, but you can save and reference your own custom configuration templates or use the default options and templates as a reference. Check here for some examples and feel free to submit your PR’s with your own unique templates.

Changelog

  • v8.4 – Added project “Sc0pe” active/passive vulnerability scanner
  • v8.4 – Added 68 new active sc0pe templates
  • v8.4 – Added 14 new passive sc0pe templates
  • v8.4 – Added OWASP ZAP API integration
  • v8.4 – Added 8 new Sn1per configuration templates (see /usr/share/sniper/conf/)
  • v8.4 – Added Gau (https://github.com/lc/gau)
  • v8.4 – Added rapiddns subdomain retrieval
  • v8.4 – Updated web content wordlists
  • v8.4 – Improved efficiency of ‘web’ and ‘recon’ mode scans
  • v8.4 – Disabled legacy Metasploit web exploits (check Sn1per conf to re-enable)
  • v8.4 – Fixed issue with dirsearch asterisk being used incorrectly
  • v8.4 – Fixed issue with airstrike mode not updated Sn1per Professional v8.0 host list
  • v8.4 – Fixed issue with webtech re.error: invalid group reference 1 at position 130

Updating

To apply the update, run ‘sniper -u’ if Sn1per is already installed to automatically download the latest release. For new users, run: ‘git clone https://github.com/1N3/Sn1per’ and run the install.sh file.

Sn1per Professional 8.0 Upgrade Special!

Sn1per Professional v8.0 Upgrade Special
Sn1per Professional 8.0 Upgrade Special!

You asked. We listened and are offering to include the new “Command Execution Add-on” for any previous customers who upgrade to Sn1per Professional v8.0 before January 31st, 2020 (a savings of $49!).

Please contact us at [email protected] with your previous license key/order number after purchasing Sn1per Professional v8.0 to receive the Command Execution Add-on download link! Offer only applies to verified previous customers.

Sn1per Professional v7.0 Released!

Sn1per Professional v7.0

Sn1per Professional v7.0 is now available from the XeroSecurity website!

Buy Now

Features

  • New workspace navigator with sortable/searchable tables and usage stats
Sn1per Professional v7.0 Workspace Navigator

Sn1per Professional v7.0 Workspace Navigator

  • Added quick links to view scan tasks, unique IP’s, live hosts, like web hosts, subnets and discovered IP’s to top menu
Sn1per Professional v7.0 Workspace Dashboard

Sn1per Professional v7.0 Workspace Dashboard

  • New sortable/searchable Bootstrap 4 host list table with pagination, screenshots and full web and network meta data
Sn1per Professional v7.0 Host Table

Sn1per Professional v7.0 Host Table

  • New scan tags added for “Vulnerable”, “Takeover”, “New”, “Shelled”, “Cracked”, “Updated”, “Live”
  • Added collapsible functional sections to main report for more streamlined viewing (ie. Quick Commands, Scan Tasks, Scheduled Scans, OSINT, Takeovers, etc.)
Sn1per Professional v7.0 Accordion1

Sn1per Professional v7.0 Accordion

  • New “Quick Commands” section for quick copy/paste Sn1per commands
Sn1per Professional v7.0 Quick Commands

Sn1per Professional v7.0 Quick Commands

  • New “Scan Tasks” section to view all Sn1per scan times/dates
Sn1per Professional v7.0 Scan Tasks

Sn1per Professional v7.0 Scan Tasks

  • New “Scheduled Tasks” section to view all Sn1per scheduled scan tasks
Sn1per Professional v7.0 Scheduled Tasks

Sn1per Professional v7.0 Scheduled Tasks

  • New “OSINT” section to view OSINT data for the workspace
Sn1per Professional v7.0 OSINT1

Sn1per Professional v7.0 OSINT

  • New “Credentials” section to view all successful brute force credentials
Sn1per Professional v7.0 Credentials1

Sn1per Professional v7.0 Credentials

  • New “Vulnerabilities” section to view all vulnerabilities from various tools for the entire workspace
Sn1per Professional v7.0 Vulnerabilities1

Sn1per Professional v7.0 Vulnerabilities

  • Improved wide-screen visibility of reports
  • Added quick links to view loot folders and files
  • Added command to regenerate all detailed host reports in a workspace ‘sniper –reimportall’ command
  • Improved report generation performance via ‘sniper –reimport’ command for differential report generation
  • 100% responsive web UI resizes to fit any resolution or device.
  • Scan progress bar indicates overall scan status to ensure 100% scan coverage of the entire workspace.
  • Scan dashboard gives high level overview of workspace, including downloadable lists to all domains, scanned targets and unscanned targets. These can be easily referenced and used to scan the entire attack surface using Sn1per.
  • Reports menu includes links to all Sn1per console reports which can be downloaded and viewed from the main report.
  • Sidebar shortcuts added to both the main Sn1per report and all detailed host reports to quickly jump to each section of the report.
  • Slideshow for all gathered screenshots
  • Improved host table allows searching for scan mode tags, IP/DNS, HTTP titles, status codes, HTTP headers, WAF detection and open ports.
  • Quick links for both the HTTP and HTTPS versions for each host in the host table.
  • Scan tags to indicate which hosts has been scanned and which mode (ie. Stealth, Web, Portscan, Bruteforce, etc.) and which are new in the host table section of the report.
  • Email security section indicates any email spoofing vulnerabilities for the workspace.
  • Improved takeovers security section indicates any potential domain takeovers or hijacking vulnerabilities.
Sn1per Professional v7.0 Email Takeovers1

Sn1per Professional v7.0 Email Takeovers

  • HTML5 notepad saves automatically to the main report elevating the need to save your work (keep in mind, it uses the local browser cache, so switching browsers or clearing your browser cache will remove your notes!).
  • Detailed host reports are now separate from the main report and include the following features:
    • Updated recon and google dork links
    • 34 customized recon links.
    • 26 customized Google dork links.
    • HTTP/HTTPS quick links.
    • Reports menu to download the full HTML console reports for each host.
    • Added Arachni HTML report imports for all “webscan” mode scans
    • Sn1per Professional v7.0 Arachni Report1

      Sn1per Professional v7.0 Arachni Report

    • Sidebar quick links to jump to each section of the report.
    • HTTP/HTTPS screenshots
    • DNS
    • Sub-domains
    • Open ports
      • Links to full NMap HTML host reports.
      • Sn1per Professional v7.0 NMap HTML Report1

        Sn1per Professional v7.0 NMap HTML Report

    • Fingerprint info
    • HTTP headers
    • Web files
      • Links to download all discovered web files for each host
    • Web URL’s
      • Links to download all discovered URL’s for each host
    • SSL/TLS info
    • New Web Application Scans
    • Sn1per Professional v7.0 Web Application Scans1

      Sn1per Professional v7.0 Web Application Scans

    • New Credentials
    • New Vulnerabilities
  • Single user license
  • Professional technical support

Documentation

https://xerosecurity.com/wordpress/documentation/

Legal Agreement and Disclaimer

By purchasing and/or using Sn1per, you are agreeing to the following end user license agreement referenced here:

https://xerosecurity.com/wordpress/legal/

Recent Comments