Sn1per Professional Documentation
The official Sn1per reference manual.
1) What is Sn1per?
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is XeroSecurity’s premium reporting addon for professional penetration testers, bug bounty researchers and Corporate security teams to manage large environments and pentest scopes.
2) I have Sn1per Professional installed. Can I still apply updates from Sn1per Community Edition on GitHub?
Yes, updating Sn1per Community Edition will not effect your Sn1per Professional installation in any way. You can still get all the benefits of the Community Edition with your Professional installation.
3) I received an error XYZ in the Sn1per Community Edition script. Should I contact [email protected] with the error message?
Premium support via [email protected] is only offered to Sn1per Professional licenses and for the pro.sh script (Professional portion) only. For all other Sn1per related issues, please submit an issue ticket at https://github.com/1N3/Sn1per/.
4) Can I run Sn1per on other operating systems other than Kali Linux or Debian?
Sn1per was designed to run in Kali Linux and Debian, and because of its dependencies we only provide support for installations under these operating systems. That said, you can also run a Kali VM on top of a Mac host OS, but that requires VMWare Fusion or VirtualBox.
5) How does the Professional version differ from the Community version?
The short answer… the Professional version requires a paid license that provides you with a professional reporting interface generated from each scan (and top notch customer support). For the long answer, we encourage you to click around the site and learn more about Sn1per Professional.
6) Help! My scanner appears to be stuck when running a scan.
If you are certain your scanner is stuck (keep in mind some scans can take longer than others), it can often mean you are being blocked by the target. In either case, you should be able to bypass this by typing “killall nmap”. Another alternative is in a separate terminal, run sniper –status to get the PIDs of any running sniper processes. Run kill-9 <PID> to kill off the problematic process to allow the scan to continue.
7) When will the next version of Sn1per Professional be released?
We don’t publish a schedule, but if you want to be the first to know make sure you sign up for our newsletter or follow us on Twitter.
8) How is the price of Sn1per Professional determined?
Prices reflect the value the product gives you (such as more features and functionality). Each product is priced per license. If you need more than one user you would need to adjust your cart quantity accordingly.
9) How many people can use Sn1per Professional?
Our licenses are single user, that means it is just for you – one person. If you need to purchase one for you and your friend, you will need to purchase multiple single user licenses.
10) Can I install Sn1per Professional on multiple computers using the same license?
While Sn1per Professional is a single user license, we do limit the number of systems you may install it on to 5 systems per license.
11) How long do you support previous versions of Sn1per Professional?
We maintain usability in previous versions as long as possible and guarantee functionality for up to 1 year from the release date. Support currently on Sn1per Professional v.6 is 6 months and Sn1per Professional v.7 is 12 months.
12) What is the difference between Sn1per Community and Sn1per Professional?
There are two components to Sn1per:
- Sn1per Community Edition which is found on GitHub and makes up the scan engine/terminal application of Sn1per.
- Sn1per Professional is comprised of the web UI/reporting front end to Sn1per and works in conjuction to the scan engine found in the Community Edition.
These two components are independent of each other and function together to provide additional functionality and value as seen below. The versions of both components do not necessarily always match or need to in order to function.
For all issues related to the Community Edition (scan engine), we ask that users open a new GitHub issue here (https://github.com/1N3/Sn1per) for assistance. Premium support at [email protected] is only provided for the web reporting interface (Sn1per Professional).
1) I sent my Paypal/credit card payment, but haven’t received a download link yet. What should I do?
A download link will be provided within 24-48 hours upon receipt of payment. If you still have not received a download link after 48 hours, please contact [email protected]
2) Is there a monthly fee to use Sn1per Professional?
There are no monthly fees to use Sn1per Professional. Once you buy a Sn1per Professional license, your license will remain forever for the version purchased (ie. v 6.0); however we can only guarantee functionality for up to 1 year from the release date.
3) How do I upgrade/get new features of a Sn1per Professional version? Is there a discount to upgrade from an older version?
You will need to purchase the new version of Sn1per Professional when it is released. Currently there is no discount for upgrading from an older version.
4) Do you offer product promotions?
The best way to keep up to date on promotions, updates, new product offerings, etc. is to join our mailing list. You will be the first one to know!
5) Do you accept payment in Bitcoin (BTC) or other cryptocurrencies?
Unfortunately we do not accept payments via BTC or cryptocurrencies at this time.
6) Do you offer refunds?
We want you to be happy with your purchase and if you are running into problems that we haven’t answered in our documentation, we encourage you to reach out to our support team to help you get the product working. Our refund policy is a full refund within 7 days of delivery of your download link/license, anything beyond this is up to our discretion.
Sn1per Professional requires the following to run correctly:
- A Debian Linux based operating system (Kali Linux 2.x is preferred).
- “root” user access to the host OS.
- Access to the host X windows GUI environment (ie. KDE/Gnome/Blackbox, etc.).
- The latest Sn1per Community Edition from https://github.com/1N3/Sn1per installed to /usr/share/sniper/
- An active internet connection is required.
1. Download and install the latest Sn1per Community edition.
git clone https://github.com/1N3/Sn1per cd Sn1per chmod +x install.sh ./install.sh
2. Follow the installation instructions in your Sn1per Professional product e-mail.
3. The general installation instructions are as follows:
cd /usr/share/sniper/ wget https://xerosecurity.com/pro/6.0/[YOURCUSTOMLICENSEKEYHERE]/pro.sh -O pro.sh
Sn1per Professional Features
Sn1per Professional Dashboard
Provides quick access to all Sn1per reports, online tools, configuration files, target lists, and XeroSecurity links.
Top menu features:
1. Sn1per Professional v6.0 – a quick link to XeroSecurity website
2. Home – a quick link to the main dashboard
3. Quick Links – one click access to Sn1per documentation, Sn1per GitHub, XeroSecurity support, etc.
4. Online Tools – one click access to pentesting methodologies and testing checklists, as well as essential hacking utilities
5. Files – quick access to the Sn1per configuration files, as well as the scanned and unscanned targets list and total domain list
6. Reports – contains links to all Sn1per Community Edition HTML reports
Side bar features:
7. “Top” icon – returns to the top of the page
8. “Slideshow” icon – jumps to the slideshow widget
9. “Host List” icon – jumps to the host list widget
10. “Email” icon – jumps to email container
11. “Takeovers” icon – jumps to the takeovers container
12. “Notepad” icon – jumps to the notepad widget
13. Shortcut to XeroSecurity Twitter
14. Shortcut to the XeroSecurity website
15. Shortcut to the workspace directory
16. Displays total domains, scanned targets, and unscanned targets with quick links to each
17. Scan progress bar displays percentage of scanned vs unscanned hosts in the workspace
Flip through all collected screenshots to find interesting hosts and view the corresponding host report by clicking on the screenshot.
Search and sort all subdomains, open ports, DNS info, and more. Displays searchable scan tags for each host scanned by Sn1per Professional. The search bar allows multiple types of searches including: hostnames, IP addresses, scan mode tags, HTTP titles, server headers, port numbers, etc.
Email and Takeovers
Quickly check if any hosts in your workspace are vulnerable to email spoofing or domain hijacking/takeover.
Store your notes for each workspace directly on the report, which will save a local copy automatically every few seconds. No need to re-import or save manually!
Detailed Host View
Gain high level insight into each host in your workspace to dig deeper into the target environment.
NMap HTML Reports
Get detailed NMap HTML report for all hosts within your workspace.
Launch over 20+ online pentest tools and 15+ Google hacking queries against each target host with the click of a mouse.
Scan Mode Reference
Below you will find charts and diagrams you can use as a quick reference to help you get the most out of Sn1per Professional.
Some scan modes are compatible with secondary/auxiliary scan modes, below you can see which work with which:
Scanning is a balance of priorities, some are quicker and some some also more intrusive. This is a breakdown to help you choose why type of scan mode meets your needs:
Command Line Usage
(See glossary below for further explanation of what each command does.)
sniper -t|–target <TARGET>
NORMAL MODE + OSINT + RECON + FULL PORT SCAN + BRUTE FORCE
sniper -t|–target <TARGET> -o|–osint -re|–recon -fp|–fullportonly -b|–bruteforce
STEALTH MODE + OSINT + RECON
sniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon
sniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>
sniper -t|–target <TARGET> -m|–mode flyover -w|–workspace <WORKSPACE_ALIAS>
sniper -f|–file /full/path/to/targets.txt -m|–mode airstrike
NUKE MODE WITH TARGET LIST, BRUTE FORCE ENABLED, FULL PORT SCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE ENABLED
sniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>
SCAN ONLY SPECIFIC PORT
sniper -t|–target <TARGET> -m port -p|–port <portnum>
FULL PORT ONLY SCAN MODE
sniper -t|–target <TARGET> -fp|–fullportonly
PORT SCAN MODE
sniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>
WEB MODE – PORT 80 + 443 ONLY!
sniper -t|–target <TARGET> -m|–mode web
HTTP WEB PORT HTTP MODE
sniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>
HTTPS WEB PORT HTTPS MODE
sniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>
ENABLE BRUTE FORCE
sniper -t|–target <TARGET> -b|–bruteforce
LOOT REIMPORT FUNCTION
sniper -w <WORKSPACE_ALIAS> –reimport
LIST ALL WORKSPACES
REIMPORT AN EXISTING WORKSPACE
sniper-w workspace_alias –reimport
RELOAD A WORKSPACE
sniper-w workspace_alias –reload
AIR STRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting.
BRUTE FORCE: Performs a brute force against all open services on a target.
DISCOVER: Discovers all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and produces a targets.txt file, which can be used in other sniper scan modes. This mode is useful for internal network scans.
FLY OVER: Fast multi-threaded high level scans of multiple targets (useful for collecting high level data on many hosts quickly).
FULL PORT SCAN: Performs a detailed port scan of a target and saves results to XML.
HTTP WEB PORT: Launches a full HTTP web application scan against a specific host and port.
HTTPS WEB PORT: Launches a full HTTPS web application scan against a specific host and port.
LOOT REIMPORT: Regenerates all HTML scan reports for all hosts within the workspace.
NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
NUKE: Launches a full audit (includes brute force, full port scan, recon, OSINT, and web modes) of multiple hosts specified in text file of choice.
OSINT: Performs Open Source Intelligence gathering on remote targets using mostly passive data collection to find e-mails, documents, metadata, etc. This mode also performs several automated Google hacking queries to find various vulnerabilities and interesting hosts and data.
PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
RECON: Performs subdomain enumeration and hijacking, WHOIS, DNS bruteforcing, checks for email spoofing, performs high level scans of all domains and searches for public S3 buckets.
STEALTH: Quickly enumerates single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
TARGETS.TXT: A line delimited file containing multiple targets using either ip addresses, DNS, or host names.
WEB: Performs a normal scan with the addition of a full web application scan (port 80/tcp & 443/tcp only). Ideal for web applications, but may increase scan time significantly.
WORKSPACE: Custom directory, where all command output and files are saved.
Sn1per Configuration Options
To change Sn1per’s default settings which are found at /usr/share/sniper/sniper.conf, you can copy the default sniper.conf file to your home directory by running the following command:
cp /usr/share/sniper/sniper.conf ~/.sniper.conf
Once the sniper.conf has been copied to your home directory, you can edit each variable with your own custom values. This includes setting web brute force wordlists, default usernames and passwords wordlists as well as the path locations for each plugin. You can also enable or disable specific scan plugins via custom configuration settings by setting the specific plugin from “1” to “0”.
# DEFAULT SETTINGS
# DEFAULT BROWSER
# BURP 2.0 SCANNER CONFIG
# METASPLOIT SCANNER CONFIG
# WEB BRUTE FORCE WORDLISTS
# DOMAIN WORDLISTS
# DEFAULT USER/PASS WORDLISTS
# TOOL DIRECTORIES
# PORT SCAN CONFIGURATIONS
# NETWORK PLUGINS
# OSINT PLUGINS
# ACTIVE WEB PLUGINS
# ACTIVE WEB BRUTE FORCE STAGES
# PASSIVE WEB PLUGINS
# EMAIL PLUGINS
# RECON PLUGINS