Sn1per Professional v8.0 – What’s New?
If you’re a new or returning customer, you might be wondering what’s new in Sn1per Professional v8.0. In this post, I’ve highlighted the key features and differences compared to Sn1per Professional v7.0 and below.
Secure Web UI & Dynamic Reporting
One of the biggest changes you’ll notice is a complete transition from static client-side HTML reports to dynamic server side PHP code. This has several advantages:
- Improved reporting performance (no need to regenerate reports after each scan).
- View multiple remote and local Sn1per instances from a secure HTTPS enabled web UI with built-in authentication. This includes utilizing Sn1per on remote VPS instances where you might only have SSH and web access with no X windows GUI environment.
- Compatibility with Docker on any OS (ie. Mac/Linux/Windows, etc). Simply map port 1337/tcp on your Docker instance to your local IP (ie. docker run -p 1337:1337 -it sn1per /bin/bash) and navigate to the web UI (ie. https://127.0.0.1:1337).
Modular Design & Add-ons
Another big improvement in v8.0 is a new modular design which allows importing of additional features and add-ons without modifying the core code (ie. Sn1per Professional Command Execution Add-on).
Command Execution Add-on
With the Command Execution Add-on, you can now easily manage multiple Sn1per Professional instances from the web interface without ever touching the command line.
- Initiate Sn1per scans from the web UI.
- Single & multi target selections.
- Mode selection.
- Auxiliary mode selection.
- Scheduled/recurring scan selection.
- Manage workspaces from the web UI.
- Create workspaces.
- Add hosts.
- Delete hosts.
- Delete workspaces.
- View scan status and command output.
- Check for Sn1per updates.
New Viewing Options
New split screen or single pane views were added for easy navigation and viewing of workspaces, host reports and command status. This allows you to simultaneously view the workspace report in one panel while you browse each individual host report in the other panel. Alternatively, you can also choose 100% responsive single panel for full screen width viewing.
Another big change in v8.0 was the addition of CSV reporting and exports of all inventory (ie. domain, IP, server headers, HTTP status codes & open ports) via the workspace host list. This allows full text searching, sorting and advanced filtering options of all inventory.
New host filters and views were added to show “All Hosts”, “Open Ports” and “Web Hosts”. This makes finding interesting hosts much easier when browsing the host table and improved performance dramatically.
Host Table Sorting
Improved host table allows filtering and sorting for domain/IP, DNS, HTTP headers, HTTP status codes and open ports. Use the filter input to further narrow the search.
The new host jump input field allows you to enter the hostname or IP address of the target to view the detailed host report. This is handy when you need to view the exact targets report immediately. No need to search, sort or filter!
NMap Vulnerability Reporting
NMap CVE vulnerability reporting was also added to the “Vulnerabilities” section using the “Vulners” CVE scripting engine to report open CVE’s based on service banners detected.
A new “Updates” panel was added to the workspace navigator to view all add-on modules and updates for Sn1per. This allows seamless notifications and updates for all Sn1per updates and new modules as they get released. This will become increasingly useful as we add more modules or release more updates in the future.
Prior to version 8.0, the “Web Files” and “Web URL’s” section of the report contained text based output of all links detected. Now in version 8.0, we changed to links to actual web links to easily view all hosted content from the detailed host reports. This makes viewing discovered content extremely easy and fluid.
In this post, we’ve outlined the major changes of Sn1per Professional version 8.0, but it’s important to note that we have kept all the existing features and functionality from version 7.0 and below as well. If you are not familiar with all of these features, feel free to check our blog post for more details here.
As always, feel free to reach out to us at [email protected] with any questions!