Sn1per Professional Documentation

The official Sn1per reference manual.


Product FAQ

1) What is Sn1per?
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is XeroSecurity’s premium reporting addon for professional penetration testers, bug bounty researchers and Corporate security teams to manage large environments and pentest scopes.

2) I have Sn1per Professional installed. Can I still apply updates from Sn1per Community Edition on GitHub?
Yes, updating Sn1per Community Edition will not effect your Sn1per Professional installation in any way. You can still get all the benefits of the Community Edition with your Professional installation.

3) I received an error XYZ in the Sn1per Community Edition script. Should I contact [email protected] with the error message?
Premium support via [email protected] is only offered to Sn1per Professional licenses and for the pro.sh script (Professional portion) only. For all other Sn1per related issues, please submit an issue ticket at https://github.com/1N3/Sn1per/.

4) Can I run Sn1per on other operating systems other than Kali Linux or Debian?
Sn1per was designed to run on the latest Kali Linux image, and because of its dependencies we only provide support for installations under these operating systems. For all other operating systems, we require Sn1per to be installed via Docker.

5) How does the Professional version differ from the Community version?
The short answer… the Professional version requires a paid license that provides you with a professional reporting interface generated from each scan (and top notch customer support). For the long answer, we encourage you to click around the site and learn more about Sn1per Professional.

6) Help! My scanner appears to be stuck when running a scan.
If you are certain your scanner is stuck (keep in mind some scans can take longer than others), it can often mean you are being blocked by the target. In either case, you should be able to bypass this by typing “killall nmap”. Another alternative is in a separate terminal, run sniper –status to get the PIDs of any running sniper processes. Run kill-9 <PID> to kill off the problematic process to allow the scan to continue.

7) When will the next version of Sn1per Professional be released?
We don’t publish a schedule, but if you want to be the first to know make sure you sign up for our newsletter or follow us on Twitter.

8) How is the price of Sn1per Professional determined?
Prices reflect the value the product gives you (such as more features and functionality). Each product is priced per license. If you need more than one user you would need to adjust your cart quantity accordingly.

9) How many people can use Sn1per Professional?
Our licenses are single user, that means it is just for you – one person. If you need to purchase one for you and your friend, you will need to purchase multiple single user licenses.

10) Can I install Sn1per Professional on multiple computers using the same license?
While Sn1per Professional is a single user license, we do limit the number of systems you may install it on to 5 systems per license.

11) How long do you support previous versions of Sn1per Professional?
We maintain usability in previous versions as long as possible and guarantee a minimum functionality for up to 6 months from the purchase date.
Note: Customer service/troubleshooting on our products are only supported for 30 days for Sn1per Professional and 6 months for Sn1per Enterprise customers.

12) What is the difference between Sn1per Community and Sn1per Professional?
There are two components to Sn1per:

  1. Sn1per Community Edition which is found on GitHub and makes up the scan engine/terminal application of Sn1per.
  2. Sn1per Professional is comprised of the web UI/reporting front end to Sn1per and works in conjuction to the scan engine found in the Community Edition.

These two components are independent of each other and function together to provide additional functionality and value as seen below. The versions of both components do not necessarily always match or need to in order to function.

For all issues related to the Community Edition (scan engine), we ask that users open a new GitHub issue here (https://github.com/1N3/Sn1per) for assistance. Premium support at [email protected] is only provided for the web reporting interface (Sn1per Professional).


Payment FAQ

1) I sent my Paypal/credit card payment, but haven’t received a download link yet. What should I do?
A download link will be provided within 24-48 hours upon receipt of payment. If you still have not received a download link after 48 hours, please contact [email protected]

2) Is there a monthly fee to use Sn1per Professional?
There are no monthly fees to use Sn1per Professional. Once you buy a Sn1per Professional license, your license will remain forever for the version purchased (ie. v8.0); however we can only guarantee functionality for up to 6 months from the purchase date.

3) How do I upgrade/get new features of a Sn1per Professional version? Is there a discount to upgrade from an older version?
You will need to purchase the new version of Sn1per Professional when it is released. Currently there is no discount for upgrading from an older version.

4) Do you offer product promotions?
The best way to keep up to date on promotions, updates, new product offerings, etc. is to join our mailing list. You will be the first one to know!

5) Do you accept payment in Bitcoin (BTC) or other cryptocurrencies?
Unfortunately we do not accept payments via BTC or cryptocurrencies at this time.

6) Do you offer refunds?
Due to the nature of software we cannot provide refunds on digital products.

7) Do you offer free trials or demo’s for Sn1per Professional?
We don’t currently offer demos for Sn1per Professional. However, we have created several demo videos of Sn1per Professional here https://www.youtube.com/watch?v=K-8QHDafhcA&list=PL40Vp978dDP9KX2V3VLnNzgJuf4nJrRo9&index=2&t=0s which give a good overview of the product and features.


System Requirements

Sn1per Professional requires the following to run correctly:

  1. The latest Kali Linux operating system image (ie. Kali 2020.4 or newer) or the official Sn1per Docker image (https://hub.docker.com/r/xerosecurity/sn1per).
    Note: Only the specified Kali Linux and Docker installations/troubleshooting are supported under our customer service agreement.
  2. “root” user access to the host OS & sudo access to Apache.
  3. Minimum resolution: 1280 x 720 / Recommended resolution: 1920 x 1080 or larger
  4. Firefox/Edge/IE web browser (Chrome brower is not currently supported).
  5. The latest Sn1per Community Edition from https://github.com/1N3/Sn1per installed to /usr/share/sniper/
  6. An active internet connection.

Getting Started

Install Using Docker

To install Sn1per Professional using Docker, run the following commands from a docker terminal:

docker pull xerosecurity/sn1per
docker run -p 1337:1337 -it xerosecurity/sn1per /bin/bash

This will give you a root prompt within the container.

From here, run the activation.sh script/command you received with your order to install Sn1per Professional.

curl https://xerosecurity.com/pro/8.0/<YOUR_LICENSE_KEY_HERE>/activation.sh | sudo bash

After, you can access the web UI by going to https://<DOCKER_IP_HERE>:1337

Install Using Kali Linux

To install Sn1per Professional version 8.0 on Kali Linux, run the following command as ‘root’ from a terminal and follow the instructions.

curl https://xerosecurity.com/pro/8.0/<YOUR_LICENSE_KEY_HERE>/activation.sh | sudo bash

NOTE: You will need to replace the LICENSE_KEY portion with the license key you received via email after purchasing Sn1per.

Setting A Password

The activation script will prompt you to enter a password for the ‘admin’ user. It is recommended to select a complex password since the web service will be exposed publicly.

After the password is set, open a new web browser and go to https://127.0.0.1:1337 or https://your.ip.address.here:1337 and login with the username ‘admin’ and the password you setup when installing Sn1per.

Forgot Password

If you forget your password or simply want to change or reset the ‘admin’ user password, run the following command:

htdigest -c /etc/htdigest/.htdigest restricted admin

Workspace Navigator

Easily browse, search and sort all Sn1per workspaces through your web browser.

Sn1per-Professional-v8.0-workspace-navigator1

Sn1per Professional v8.0 Workspace Navigator

Sidebar

Click the sidebar icons to jump to a specific feature within the Workspace Navigator (ie. Quick Commands section).

Single or Split View

From the sidebar, select from either single pane or split pane views (for widescreen monitors).

Quick Commands

Quickly launch single and multiple target scans via Sn1per direct from the web UI. Enter the target IP or filename to use, select the scan mode, port, scan schedule (daily, weekly or monthly) and specify the workspace to save to.

Workspace functions are also included to help manage your workspace. These include:

  • Reimport All – Allows you to re-import and parse all Sn1per scan data into your workspace and consolidate the results (ie. remove duplicate scans and data).
  • Delete Workspace – Lets you instantly delete your workspace from Sn1per.
  • Update – Allows you to check for Sn1per updates.
  • Status – Shows a console status report of all running Sn1per processes and connections.
Sn1per-v8.0-command-exec-addon1

Sn1per Professional v8.0 Command Execution Add-on

Updates Panel

Check for updates directly from the Updates panel to view the latest versions of all Sn1per components.

Sn1per-v8.0-updates-panel1


Workspace Report

Dashboard

Get a high level view of your workspace with an overall scan status bar and stats (ie. total targets, scanned targets, un-scanned targets, etc.).

Top Menu Links

Use the top menu links to view key web links such as the Sn1per documentation, wiki, YouTube, Github and XeroSecurity website, etc. It also allows easy viewing of key Sn1per lists such as domain lists, live web hosts, all IP’s, etc.

Sidebar

Quickly jump to a specific section in the Workspace Report by clicking the icons in the sidebar.

Slideshow

Perform visual recon from the Slideshow feature in the ‘webhosts’ view to view all web screenshots collected from Sn1per.

Host Table

Search, sort, filter and jump to specific hosts with the Host Table. There are 3 main views that can be selected:

All Hosts

Displays all hosts within your workspace, including domain, IP, ports, and HTTP web status.

Open Ports

Displays only hosts with open ports to easily filter un-reachable hosts from the table.

Web Hosts

Only displays web hosts which are active over HTTP and HTTPS to easy filter web servers from network based targets. This view includes web based screenshots for each host along with extra web meta data found on web servers and applications (ie. title, server headers, security headers, redirects, web fingerprints, etc.).

Sn1per Professional v8.0 Web Hosts View

CSV Reports

Generate a CSV exported report of all hosts in your workspace to easily search, sort and filter through to find interesting hosts.

Command Execution Add-on

Quickly launch single and multiple target scans via Sn1per direct from the web UI. Enter the target IP or filename to use, select the scan mode, port, scan schedule (daily, weekly or monthly) and specify the workspace to save to.

Workspace Management

Workspace functions are also included to help manage your workspace. These include:

  • Reimport All – Allows you to re-import and parse all Sn1per scan data into your workspace and consolidate the results (ie. remove duplicate scans and data).
  • Delete Workspace – Lets you instantly delete your workspace from Sn1per.
  • Update – Allows you to check for Sn1per updates.
  • Status – Shows a console status report of all running Sn1per processes and connections.

Brute Force Add-on

Easily brute force all services running in your workspace. Supports single and multi-target selections with a range of options to specifically brute force any service running in your environment. Import your own wordlists to fine tune your results.

Sn1per Professional v8.0 Brute Force Add-on

Fuzzer Add-on

Easily discover hidden web content or fuzz for OWASP Top 10 vulnerabilities direct from the web UI. Import your own wordlists, set the speed, URL or URL’s lists, extensions and status to fine tune your results.

Currently integrates the following tools:

  • BlackWidow web spider
  • InjectX fuzzer
  • Arachni web application scanner
  • SQLMap SQL injection scanner
  • Gobuster web fuzzer
  • FFuf web fuzzer
  • Dirsearch web fuzzer

Scan Tasks

View all scan tasks direct from the web UI and jump directly to each host report by clicking on the “Target” fields for each scan.

Scheduled Scans

View all scheduled scans for your workspace directly.

OSINT

View all collected OSINT data from your workspace.

Email & Takeovers

Easily check for email spoofing and domain hijacking vulnerabilities.

Credentials

See all “cracked” credentials in your workspace from previous brute force attacks.

Sn1per Professional v7.0 Credentials1

Sn1per Professional v7.0 Credentials1

Vulnerabilities

View a combined list of vulnerabilities from all Sn1per tools, including Metasploit, NMap, Nikto, etc.

Sn1per Professional v7.0 Vulnerabilities1

Sn1per Professional v7.0 Vulnerabilities1

Notes

Store and keep your notes directly from within your workspace as you test.

Host Report

View a detailed report for each host in your workspace to get more details.

Recon Links

Choose from several recon links to dig deeper into a specific target and gather valuable intel from online sources.

Google Dorks

Perform Google hacking easily by select any of the curated links to help identify interesting vulnerabilities.

Quick Links

Access the quick links to view the HTTP or HTTPS version of any website.

Reports Link

Quickly access, download and view detailed Sn1per HTML reports from all previous scans.

Quick Commands

Run scans instantly of a specific host using the Command Execution Add-on.

Host Report Sections

The Host Report is separated into sections as follows:

  • Whois – Displays Whois data.
  • DNS – Displays DNS info.
  • Subdomains – Displays subdomains
  • Open Ports – Displays open ports and NMap script output
Sn1per Professional v7.0 NMap HTML Report1

Sn1per Professional v7.0 NMap HTML Report1

  • SSL/TLS – Displays SSL/TLS data.
  • Fingerprint – Displays web application fingerprint data.
  • WAF – Displays WAF fingerprint.
  • Headers – Displays HTTP header info.
  • Web Files

Imports all discovered URL’s into clickable hyperlinks to quickly view in your web browser.

Sn1per Professional v8.0 Web File Links

  • Web Application Scans

View aggregated web application scan results from various tools, including Nikto, Arachni, CMSMap, WPScan and more.

Sn1per Professional v7.0 Web Application Scans1

Sn1per Professional v7.0 Web Application Scans1


Sn1per Professional v7.0 Arachni Report1

Sn1per Professional v7.0 Arachni Report1

  • Credentials

See all “cracked” credentials for a specific host from successful brute force attacks.

Sn1per Professional v7.0 Credentials1

  • Vulnerabilities

View a list of vulnerabilities from all Sn1per tools for a specific host, including Metasploit, NMap, Nikto, etc.

Sn1per Professional v7.0 Vulnerabilities1

Demo Videos