Sn1per Professional Documentation
The official Sn1per reference manual.
1) What is Sn1per?
Sn1per Community Edition is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. Sn1per Professional is XeroSecurity’s premium reporting addon for professional penetration testers, bug bounty researchers and Corporate security teams to manage large environments and pentest scopes.
2) I have Sn1per Professional installed. Can I still apply updates from Sn1per Community Edition on GitHub?
Yes, updating Sn1per Community Edition will not effect your Sn1per Professional installation in any way. You can still get all the benefits of the Community Edition with your Professional installation.
3) I received an error XYZ in the Sn1per Community Edition script. Should I contact [email protected] with the error message?
Premium support via [email protected] is only offered to Sn1per Professional licenses and for the pro.sh script (Professional portion) only. For all other Sn1per related issues, please submit an issue ticket at https://github.com/1N3/Sn1per/.
4) Can I run Sn1per on other operating systems other than Kali Linux or Debian?
Sn1per was designed to run in Kali Linux and Debian, and because of its dependencies we only provide support for installations under these operating systems. That said, you can also run a Kali VM on top of a Mac host OS, but that requires VMWare Fusion or VirtualBox.
5) How does the Professional version differ from the Community version?
The short answer… the Professional version requires a paid license that provides you with a professional reporting interface generated from each scan (and top notch customer support). For the long answer, we encourage you to click around the site and learn more about Sn1per Professional.
6) Help! My scanner appears to be stuck when running a scan.
If you are certain your scanner is stuck (keep in mind some scans can take longer than others), it can often mean you are being blocked by the target. In either case, you should be able to bypass this by typing “killall nmap”. Another alternative is in a separate terminal, run sniper –status to get the PIDs of any running sniper processes. Run kill-9 <PID> to kill off the problematic process to allow the scan to continue.
7) When will the next version of Sn1per Professional be released?
We don’t publish a schedule, but if you want to be the first to know make sure you sign up for our newsletter or follow us on Twitter.
8) How is the price of Sn1per Professional determined?
Prices reflect the value the product gives you (such as more features and functionality). Each product is priced per license. If you need more than one user you would need to adjust your cart quantity accordingly.
9) How many people can use Sn1per Professional?
Our licenses are single user, that means it is just for you – one person. If you need to purchase one for you and your friend, you will need to purchase multiple single user licenses.
10) Can I install Sn1per Professional on multiple computers using the same license?
While Sn1per Professional is a single user license, we do limit the number of systems you may install it on to 5 systems per license.
11) How long do you support previous versions of Sn1per Professional?
We maintain usability in previous versions as long as possible and guarantee functionality for up to 1 year from the release date. Support currently on Sn1per Professional v.6 is 6 months and Sn1per Professional v.7 is 12 months.
12) What is the difference between Sn1per Community and Sn1per Professional?
There are two components to Sn1per:
- Sn1per Community Edition which is found on GitHub and makes up the scan engine/terminal application of Sn1per.
- Sn1per Professional is comprised of the web UI/reporting front end to Sn1per and works in conjuction to the scan engine found in the Community Edition.
These two components are independent of each other and function together to provide additional functionality and value as seen below. The versions of both components do not necessarily always match or need to in order to function.
For all issues related to the Community Edition (scan engine), we ask that users open a new GitHub issue here (https://github.com/1N3/Sn1per) for assistance. Premium support at [email protected] is only provided for the web reporting interface (Sn1per Professional).
1) I sent my Paypal/credit card payment, but haven’t received a download link yet. What should I do?
A download link will be provided within 24-48 hours upon receipt of payment. If you still have not received a download link after 48 hours, please contact [email protected]
2) Is there a monthly fee to use Sn1per Professional?
There are no monthly fees to use Sn1per Professional. Once you buy a Sn1per Professional license, your license will remain forever for the version purchased (ie. v 6.0); however we can only guarantee functionality for up to 1 year from the release date.
3) How do I upgrade/get new features of a Sn1per Professional version? Is there a discount to upgrade from an older version?
You will need to purchase the new version of Sn1per Professional when it is released. Currently there is no discount for upgrading from an older version.
4) Do you offer product promotions?
The best way to keep up to date on promotions, updates, new product offerings, etc. is to join our mailing list. You will be the first one to know!
5) Do you accept payment in Bitcoin (BTC) or other cryptocurrencies?
Unfortunately we do not accept payments via BTC or cryptocurrencies at this time.
6) Do you offer refunds?
Due to the nature of software we cannot provide refunds on digital products.
7) Do you offer free trials or demo’s for Sn1per Professional?
We don’t currently offer demos for Sn1per Professional. However, we have created several demo videos of Sn1per Professional here https://www.youtube.com/watch?v=K-8QHDafhcA&list=PL40Vp978dDP9KX2V3VLnNzgJuf4nJrRo9&index=2&t=0s which give a good overview of the product and features.
Sn1per Professional requires the following to run correctly:
- A Debian Linux based operating system (Kali Linux is preferred).
- “root” user access to the host OS.
- Firefox/Edge/IE web browser (Chrome brower is not currently supported).
- The latest Sn1per Community Edition from https://github.com/1N3/Sn1per installed to /usr/share/sniper/
- An active internet connection.
To install Sn1per Professional version 8.0, run the following command as ‘root’ from a terminal and follow the instructions.
curl https://xerosecurity.com/pro/8.0/LICENSE_KEY/activation.sh | sudo bash
NOTE: You will need to replace the LICENSE_KEY portion with the license key you received via email after purchasing Sn1per.
The activation script will prompt you to enter a password for the ‘admin’ user. It is recommended to select a complex password since the web service will be exposed publicly.
After the password is set, open a new web browser and go to https://127.0.0.1:1337 or https://your.ip.address.here:1337 and login with the username ‘admin’ and the password you setup when installing Sn1per.
If you forget your password or simply want to change or reset the ‘admin’ user password, run the following command:
htdigest -c /etc/htdigest/.htdigest restricted admin
Scan Mode Reference
Below you will find charts and diagrams you can use as a quick reference to help you get the most out of Sn1per Professional.
Some scan modes are compatible with secondary/auxiliary scan modes, below you can see which work with which:
Scanning is a balance of priorities, some are quicker and some some also more intrusive. This is a breakdown to help you choose why type of scan mode meets your needs:
Command Line Usage
(See glossary below for further explanation of what each command does.)
sniper -t|–target <TARGET>
NORMAL MODE + OSINT + RECON + FULL PORT SCAN + BRUTE FORCE
sniper -t|–target <TARGET> -o|–osint -re|–recon -fp|–fullportonly -b|–bruteforce
STEALTH MODE + OSINT + RECON
sniper -t|–target <TARGET> -m|–mode stealth -o|–osint -re|–recon
sniper -t|–target <CIDR> -m|–mode discover -w|–workspace <WORSPACE_ALIAS>
sniper -t|–target <TARGET> -m|–mode flyover -w|–workspace <WORKSPACE_ALIAS>
sniper -f|–file /full/path/to/targets.txt -m|–mode airstrike
NUKE MODE WITH TARGET LIST, BRUTE FORCE ENABLED, FULL PORT SCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE ENABLED
sniper -f–file /full/path/to/targets.txt -m|–mode nuke -w|–workspace <WORKSPACE_ALIAS>
SCAN ONLY SPECIFIC PORT
sniper -t|–target <TARGET> -m port -p|–port <portnum>
FULL PORT ONLY SCAN MODE
sniper -t|–target <TARGET> -fp|–fullportonly
PORT SCAN MODE
sniper -t|–target <TARGET> -m|–mode port -p|–port <PORT_NUM>
WEB MODE – PORT 80 + 443 ONLY!
sniper -t|–target <TARGET> -m|–mode web
HTTP WEB PORT HTTP MODE
sniper -t|–target <TARGET> -m|–mode webporthttp -p|–port <port>
HTTPS WEB PORT HTTPS MODE
sniper -t|–target <TARGET> -m|–mode webporthttps -p|–port <port>
ENABLE BRUTE FORCE
sniper -t|–target <TARGET> -b|–bruteforce
LOOT REIMPORT FUNCTION
sniper -w <WORKSPACE_ALIAS> –reimport
LIST ALL WORKSPACES
REIMPORT AN EXISTING WORKSPACE
sniper-w workspace_alias –reimport
RELOAD A WORKSPACE
sniper-w workspace_alias –reload
AIR STRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting.
BRUTE FORCE: Performs a brute force against all open services on a target.
DISCOVER: Discovers all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and produces a targets.txt file, which can be used in other sniper scan modes. This mode is useful for internal network scans.
FLY OVER: Fast multi-threaded high level scans of multiple targets (useful for collecting high level data on many hosts quickly).
FULL PORT SCAN: Performs a detailed port scan of a target and saves results to XML.
HTTP WEB PORT: Launches a full HTTP web application scan against a specific host and port.
HTTPS WEB PORT: Launches a full HTTPS web application scan against a specific host and port.
LOOT REIMPORT: Regenerates all HTML scan reports for all hosts within the workspace.
NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
NUKE: Launches a full audit (includes brute force, full port scan, recon, OSINT, and web modes) of multiple hosts specified in text file of choice.
OSINT: Performs Open Source Intelligence gathering on remote targets using mostly passive data collection to find e-mails, documents, metadata, etc. This mode also performs several automated Google hacking queries to find various vulnerabilities and interesting hosts and data.
PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
RECON: Performs subdomain enumeration and hijacking, WHOIS, DNS bruteforcing, checks for email spoofing, performs high level scans of all domains and searches for public S3 buckets.
STEALTH: Quickly enumerates single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
TARGETS.TXT: A line delimited file containing multiple targets using either ip addresses, DNS, or host names.
WEB: Performs a normal scan with the addition of a full web application scan (port 80/tcp & 443/tcp only). Ideal for web applications, but may increase scan time significantly.
WORKSPACE: Custom directory, where all command output and files are saved.
Sn1per Configuration Options
To change Sn1per’s default settings which are found at /usr/share/sniper/sniper.conf, you can copy the default sniper.conf file to your home directory by running the following command:
cp /usr/share/sniper/sniper.conf ~/.sniper.conf
Once the sniper.conf has been copied to your home directory, you can edit each variable with your own custom values. This includes setting web brute force wordlists, default usernames and passwords wordlists as well as the path locations for each plugin. You can also enable or disable specific scan plugins via custom configuration settings by setting the specific plugin from “1” to “0”.