Sn1per Professional Documentation

The official Sn1per reference manual.

Product FAQ

1) What is Sn1per?
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is XeroSecurity’s premium reporting addon for professional penetration testers, bug bounty researchers and Corporate security teams to manage large environments and pentest scopes.

2) I have Sn1per Professional installed. Can I still apply updates from Sn1per Community Edition on GitHub?
Yes, updating Sn1per Community Edition will not effect your Sn1per Professional installation in any way. You can still get all the benefits of the Community Edition with your Professional installation.

3) I received an error XYZ in the Sn1per Community Edition script. Should I contact [email protected] with the error message?
Premium support via [email protected] is only offered to Sn1per Professional licenses and for the pro.sh script (Professional portion) only. For all other Sn1per related issues, please submit an issue ticket at https://github.com/1N3/Sn1per/.

4) Can I run Sn1per on other operating systems other than Kali Linux or Debian?
Sn1per was designed to run in Kali Linux and Debian, and because of its dependencies we only provide support for installations under these operating systems. That said, you can also run a Kali VM on top of a Mac host OS, but that requires VMWare Fusion or VirtualBox.

5) How does the Professional version differ from the Community version?
The short answer… the Professional version requires a paid license that provides you with a professional reporting interface generated from each scan (and top notch customer support). For the long answer, we encourage you to click around the site and learn more about Sn1per Professional.

6) Help! My scanner appears to be stuck when running a scan.
If you are certain your scanner is stuck (keep in mind some scans can take longer than others), it can often mean you are being blocked by the target. In either case, you should be able to bypass this by typing “killall nmap”. Another alternative is in a separate terminal, run sniper –status to get the PIDs of any running sniper processes. Run kill-9 <PID> to kill off the problematic process to allow the scan to continue.

7) When will the next version of Sn1per Professional be released?
We don’t publish a schedule, but if you want to be the first to know make sure you sign up for our newsletter. We do try to announce upcoming versions a month or so ahead so that if you want the older version you can grab it quick before it’s gone (or wait for the latest and greatest). There is no better way to be the first to know about new versions, promotions and other products XeroSecurity releases.

8) How is the price of Sn1per Professional determined?
Prices reflect the value the product gives you (such as more features and functionality). Multiple user licenses and also corporate licenses will reflect a higher purchase price than a single user license.

9) How many people can use Sn1per Professional?
Most of our licenses are single user, that means it is just for you – one person. If you need to purchase one for you and your friend, you will need to purchase multiple single user licenses. If you need to purchase licenses for a corporate setting you will need to purchase one of our enterprise license plans.

10) Can I install Sn1per Professional on multiple computers using the same license?
While Sn1per Professional is a single user license, we do limit the number of systems you may install it on to 5 systems per license.

11) How long do you support previous versions of Sn1per Professional?
We maintain usability in previous versions as long as possible and guarantee support and functionality for up to 1 year from the release date.


Payment FAQ

1) I sent my Paypal/credit card payment, but haven’t received a download link yet. What should I do?
A download link will be provided within 24-48 hours upon receipt of payment. If you still have not received a download link after 48 hours, please contact [email protected]

2) Is there a monthly fee to use Sn1per Professional?
There are no monthly fees to use Sn1per Professional. Once you buy a Sn1per Professional license, your license will remain forever for the version purchased (ie. v 5.0).

3) How do I upgrade/get new features of a Sn1per Professional version? Is there a discount to upgrade from an older version?
You will need to purchase the new version of Sn1per Professional when it is released. Currently there is no discount for upgrading from an older version.

4) Do you offer product promotions?
The best way to keep up to date on promotions, updates, new product offerings, etc. is to join our mailing list. You will be the first one to know!

5) Do you accept payment in Bitcoin (BTC) or other cryptocurrencies?
Unfortunately we do not accept payments via BTC or cryptocurrencies at this time.

6) Do you offer refunds?
We want you to be happy with your purchase and if you are running into problems that we haven’t answered in our documentation, we encourage you to reach out to our support team to help you get the product working. Our refund policy is a full refund within 7 days of delivery of your download link/license, anything beyond this is up to our discretion.


System Requirements

Sn1per Professional runs on Linux based operating systems only. A Debian OS (Kali Linux 2.0) with “root” user access along with the latest Sn1per Community Edition installed and an active internet connection is required.


Getting Started

1. Download and install the latest Sn1per Community edition.

git clone https://github.com/1N3/Sn1per
cd Sn1per
chmod +x install.sh
./install.sh

2. Follow the installation instructions in your Sn1per Professional product e-mail.

3. The general installation instructions are as follows:

cd /usr/share/sniper/
wget https://xerosecurity.com/pro/6.0/[YOURCUSTOMLICENSEKEYHERE]/pro.sh -O pro.sh

Sn1per Professional Features

Sn1per Professional Dashboard

Provides quick access to all Sn1per reports, online tools, configuration files, target lists, and XeroSecurity links.

Top menu features:

1. Sn1per Professional v6.0 – a quick link to XeroSecurity website
2. Home – a quick link to the main dashboard
3. Quick Links – one click access to Sn1per documentation, Sn1per GitHub, XeroSecurity support, etc.
4. Online Tools – one click access to pentesting methodologies and testing checklists, as well as essential hacking utilities
5. Files – quick access to the Sn1per configuration files, as well as the scanned and unscanned targets list and total domain list
6. Reports – contains links to all Sn1per Community Edition HTML reports

Side bar features:

7.  “Top” icon – returns to the top of the page
8.  “Slideshow” icon – jumps to the slideshow widget
9.  “Host List” icon – jumps to the host list widget
10. “Email” icon – jumps to email container
11. “Takeovers” icon – jumps to the takeovers container
12. “Notepad” icon – jumps to the notepad widget

Dashboard

13. Shortcut to XeroSecurity Twitter
14. Shortcut to the XeroSecurity website
15. Shortcut to the workspace directory
16. Displays total domains, scanned targets, and unscanned targets with quick links to each
17. Scan progress bar displays percentage of scanned vs unscanned hosts in the workspace

Slideshow

Flip through all collected screenshots to find interesting hosts and view the corresponding host report by clicking on the screenshot.

Enumeration

Search and sort all subdomains, open ports, DNS info, and more. Displays searchable scan tags for each host scanned by Sn1per Professional. The search bar allows multiple types of searches including: hostnames, IP addresses, scan mode tags, HTTP titles, server headers, port numbers, etc.

Email and Takeovers

Quickly check if any hosts in your workspace are vulnerable to email spoofing or domain hijacking/takeover.

HTML5 Notepad

Store your notes for each workspace directly on the report, which will save a local copy automatically every few seconds. No need to re-import or save manually!

Detailed Host View

Gain high level insight into each host in your workspace to dig deeper into the target environment.

NMap HTML Reports

Get detailed NMap HTML report for all hosts within your workspace.

Quick Links



Launch over 20+ online pentest tools and 15+ Google hacking queries against each target host with the click of a mouse.

 


Scan Mode Reference

Below you will find charts and diagrams you can use as a quick reference to help you get the most out of Sn1per Professional.

Some scan modes are compatible with secondary/auxiliary scan modes, below you can see which work with which:

Scanning is a balance of priorities, some are quicker and some some also more intrusive. This is a breakdown to help you choose why type of scan mode meets your needs:


Command Line Usage

(See glossary below for further explanation of what each command does.)

NORMAL MODE
sniper -t|–target <TARGET>

NORMAL MODE + OSINT + RECON + FULL PORT SCAN + BRUTE FORCE
sniper -t|–target <TARGET> -o|–osint -re|–recon -fp|–fullportonly -b|–bruteforce

STEALTH MODE + OSINT + RECON
sniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon

DISCOVER MODE
sniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>

FLYOVER MODE
sniper -t|–target <TARGET> -m|–mode flyover -w|–workspace <WORKSPACE_ALIAS>

AIRSTRIKE MODE
sniper -f|–file /full/path/to/targets.txt -m|–mode airstrike

NUKE MODE WITH TARGET LIST, BRUTE FORCE ENABLED, FULL PORT SCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE ENABLED
sniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>

SCAN ONLY SPECIFIC PORT
sniper -t|–target <TARGET> -m port -p|–port <portnum>

FULL PORT ONLY SCAN MODE
sniper -t|–target <TARGET> -fp|–fullportonly

PORT SCAN MODE
sniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>

WEB MODE – PORT 80 + 443 ONLY!
sniper -t|–target <TARGET> -m|–mode web

HTTP WEB PORT HTTP MODE
sniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>

HTTPS WEB PORT HTTPS MODE
sniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>

ENABLE BRUTE FORCE
sniper -t|–target <TARGET> -b|–bruteforce

LOOT REIMPORT FUNCTION
sniper -w <WORKSPACE_ALIAS> –reimport

SCAN STATUS
sniper –status

UPDATE SNIPER
sniper -u|–update

LIST ALL WORKSPACES
sniper –list

REIMPORT AN EXISTING WORKSPACE
sniper-w workspace_alias –reimport

RELOAD A WORKSPACE
sniper-w workspace_alias –reload


Glossary

AIR STRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting.
BRUTE FORCE: Performs a brute force against all open services on a target.
DISCOVER: Discovers all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and produces a targets.txt file, which can be used in other sniper scan modes. This mode is useful for internal network scans.
FLY OVER: Fast multi-threaded high level scans of multiple targets (useful for collecting high level data on many hosts quickly).
FULL PORT SCAN: Performs a detailed port scan of a target and saves results to XML.
HTTP WEB PORT: Launches a full HTTP web application scan against a specific host and port.
HTTPS WEB PORT: Launches a full HTTPS web application scan against a specific host and port.
LOOT REIMPORT: Regenerates all HTML scan reports for all hosts within the workspace.
NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
NUKE: Launches a full audit (includes brute force, full port scan, recon, OSINT, and web modes) of multiple hosts specified in text file of choice.
OSINT: Performs Open Source Intelligence gathering on remote targets using mostly passive data collection to find e-mails, documents, metadata, etc. This mode also performs several automated Google hacking queries to find various vulnerabilities and interesting hosts and data.
PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
RECON: Performs subdomain enumeration and hijacking, WHOIS, DNS bruteforcing, checks for email spoofing, performs high level scans of all domains and searches for public S3 buckets.
STEALTH: Quickly enumerates single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
TARGETS.TXT: A line delimited file containing multiple targets using either ip addresses, DNS, or host names.

WEB: Performs a normal scan with the addition of a full web application scan (port 80/tcp & 443/tcp only). Ideal for web applications, but may increase scan time significantly.
WORKSPACE: Custom directory, where all command output and files are saved.

 


Sn1per Configuration Options

To change Sn1per’s default settings which are found at /usr/share/sniper/sniper.conf, you can copy the default sniper.conf file to your home directory by running the following command:

cp /usr/share/sniper/sniper.conf ~/.sniper.conf

Once the sniper.conf has been copied to your home directory, you can edit each variable with your own custom values. This includes setting web brute force wordlists, default usernames and passwords wordlists as well as the path locations for each plugin. You can also enable or disable specific scan plugins via custom configuration settings by setting the specific plugin from “1” to “0”.

INSTALL_DIR=”/usr/share/sniper”
SNIPER_PRO=$INSTALL_DIR/pro.sh
PLUGINS_DIR=”$INSTALL_DIR/plugins”

# COLORS
OKBLUE=’\033[94m’
OKRED=’\033[91m’
OKGREEN=’\033[92m’
OKORANGE=’\033[93m’
RESET=’\e[0m’
REGEX=’^[0-9]+$’

# DEFAULT SETTINGS
VERBOSE=”0″
AUTOBRUTE=”0″
FULLNMAPSCAN=”0″
OSINT=”0″
ENABLE_AUTO_UPDATES=”1″
ONLINE=”1″
REPORT=”1″
LOOT=”1″
METASPLOIT_IMPORT=”0″
SNIPER_PRO_CONSOLE_OUTPUT=”0″

# DEFAULT BROWSER
BROWSER=”firefox”

# BURP 2.0 SCANNER CONFIG
BURP_HOST=”127.0.0.1″
BURP_PORT=”1337″

# METASPLOIT SCANNER CONFIG
MSF_LHOST=”127.0.0.1″
MSF_LPORT=”4444″

# WEB BRUTE FORCE WORDLISTS
WEB_BRUTE_STEALTH=”$INSTALL_DIR/wordlists/web-brute-stealth.txt”
WEB_BRUTE_FULL=”$INSTALL_DIR/wordlists/web-brute-full.txt”
WEB_BRUTE_EXPLOITS=”$INSTALL_DIR/wordlists/web-brute-exploits.txt”

# DOMAIN WORDLISTS
DOMAINS_QUICK=”$INSTALL_DIR/wordlists/domains-quick.txt”
DOMAINS_DEFAULT=”$INSTALL_DIR/wordlists/domains-default.txt”
DOMAINS_FULL=”$INSTALL_DIR/wordlists/domains-all.txt”

# DEFAULT USER/PASS WORDLISTS
USER_FILE=”/usr/share/brutex/wordlists/simple-users.txt”
PASS_FILE=”/usr/share/brutex/wordlists/password.lst”
DNS_FILE=”/usr/share/brutex/wordlists/namelist.txt”

# TOOL DIRECTORIES
SAMRDUMP=”$INSTALL_DIR/bin/samrdump.py”
INURLBR=”$INSTALL_DIR/bin/inurlbr.php”

# PORT SCAN CONFIGURATIONS
QUICK_PORTS=”21,22,23,25,53,80,110,137,138,139,161,162,443,445,512,513,514,1433,3306,4444,5555,5432,5555,5900,5901,6667,7001,8080,8888,8000,10000″
DEFAULT_PORTS=”1,7,9,13,19,21-23,25,37,42,49,53,67,68,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535,U:53,U:67,U:68,U:69,U:88,U:161,U:162,U:137,U:138,U:139,U:389,U:520,U:2049″
DEFAULT_TCP_PORTS=”1,7,9,13,19,21-23,25,37,42,49,53,69,79-81,85,88,105,109-111,113,123,135,137-139,143,161,162,179,222,264,384,389,402,407,443-446,465,500,502,512-515,523-524,540,548,554,587,617,623,631,655,689,705,771,783,831,873,888,902,910,912,921,993,995,998-1000,1024,1030,1035,1090,1098-1103,1128-1129,1158,1199,1211,1220,1234,1241,1300,1311,1352,1433-1435,1440,1471,1494,1521,1530,1533,1581-1582,1604,1720,1723,1755,1811,1900,2000-2001,2049,2067,2100,2103,2121,2199,2207,2222,2323,2362,2380-2381,2525,2533,2598,2638,2809,2947,2967,3000,3037,3050,3057,3128,3200,3217,3273,3299,3306,3310,3333,3389,3460,3465,3500,3628,3632,3690,3780,3790,3817,3900,4000,4322,4433,4444-4445,4659,4672,4679,4800,4848,5000,5009,5038,5040,5051,5060-5061,5093,5168,5227,5247,5250,5351,5353,5355,5400,5405,5432-5433,5466,5498,5520-5521,5554-5555,5560,5580,5631-5632,5666,5800,5814,5900-5910,5920,5984-5986,5999-6000,6050,6060,6070,6080,6082,6101,6106,6112,6161,6262,6379,6405,6502-6504,6542,6660-6661,6667,6789,6905,6988,6996,7000-7001,7021,7071,7080,7144,7181,7210,7272,7414,7426,7443,7510,7547,7579-7580,7700,7770,7777-7778,7787,7800-7801,7878-7879,7890,7902,8000-8001,8008,8014,8020,8023,8028,8030,8050-8051,8080-8082,8085-8088,8090-8091,8095,8101,8161,8180,8205,8222,8300,8303,8333,8400,8443-8445,8503,8642,8686,8701,8787,8800,8812,8834,8880,8888-8890,8899,8901-8903,8980,8999-9005,9010,9050,9080-9081,9084,9090,9099-9100,9111,9152,9200,9256,9300,9390-9391,9495,9500,9711,9788,9809-9815,9855,9875,9910,9991,9999-10001,10008,10050-10051,10080,10098-10099,10162,10202-10203,10443,10616,10628,11000-11001,11099,11211,11234,11333,11460,12000,12174,12203,12221,12345,12397,12401,13013,13364,13500,13838,14000,14330,15000-15001,15200,16000,16102,16992,17185,17200,18881,18980,19300,19810,20000,20010,20031,20034,20101,20111,20171,20222,22222,23423,23472,23791,23943,25000,25025,26000,26122,26256,27000,27015,27017,27888,27960,28222,28784,30000,30718,31001,31099,32022,32764,32913,33000,34205,34443,37718,37777,38080,38292,40007,41025,41080,41523-41524,44334,44818,45230,46823-46824,47001-47002,48080,48899,49152,50000-50004,50013,50050,50500-50504,52302,52869,53413,55553,57772,62078,62514,65535″
DEFAULT_UDP_PORTS=”53,67,68,69,88,123,161,162,137,138,139,389,520,2049″
FULL_PORTSCAN_PORTS=”1-65535″

THREADS=”30″

# NETWORK PLUGINS
NMAP_SCRIPTS=”1″
METASPLOIT_EXPLOIT=”1″
SSH_AUDIT=”1″
SSH_ENUM=”1″
LIBSSH_BYPASS=”1″
SMTP_USER_ENUM=”1″
FINGER_TOOL=”1″
SHOW_MOUNT=”1″
RPC_INFO=”1″
SMB_ENUM=”1″
AMAP=”1″
YASUO=”1″

# OSINT PLUGINS
WHOIS=”1″
GOOHAK=”1″
INURLBR=”1″
THEHARVESTER=”1″
METAGOOFIL=”1″

# ACTIVE WEB PLUGINS
BURP_SCAN=”1″
NIKTO=”1″
BLACKWIDOW=”1″
CLUSTERD=”1″
WPSCAN=”1″
CMSMAP=”1″
WAFWOOF=”1″
WHATWEB=”1″
WIG=”1″
SHOCKER=”1″
JEXBOSS=”1″

# ACTIVE WEB BRUTE FORCE STAGES
WEB_BRUTE_STEALTHSCAN=”1″
WEB_BRUTE_FULLSCAN=”1″
WEB_BRUTE_EXPLOITSCAN=”1″

# PASSIVE WEB PLUGINS
WAYBACKMACHINE=”1″
SSL=”1″
PASSIVE_SPIDER=”1″
CUTYCAPT=”1″

# EMAIL PLUGINS
SPOOF_CHECK=”1″

# RECON PLUGINS
SUBHIJACK_CHECK=”1″
SLURP=”1″
SUBLIST3R=”1″
AMASS=”1″
SUBFINDER=”1″
DNSCAN=”1″
CRTSH=”1″
SUBOVER=”1″