Continuous Attack Surface Management (ASM) and reduction has become a crucial function for every organization to gain visibility of their perimeter security. Having the right tools and processes in place is vital to detecting new vulnerabilities before attackers do. In this blog post, we will outline the basic steps for discovering the attack surface with Sn1per Professional v9.0.
0:35 – Basic single domain recon with Sn1per Professional v8.0 + Command Execution Add-on 3:27 – Analyzing scan results via split screen Sn1per Professional host reports 5:45 – Discovering hidden content via Sn1per Professional Fuzzer add-on (unreleased) 7:23 – Sn1per Professional workspace navigator search/filter 7:31 – Sn1per Professionla ‘recon’ mode to discover sub-domains 9:00 – Sn1per ‘flyover’ mode of discovered domains from the command line 13:50 – Sn1per Professional ‘web’ mode visual recon 15:00 – Sn1per Professional ‘web’ mode scan 17:30 – Analyzing scan results and browsing discovered URL’s 20:00 – Using Sn1per Professional’s recon links to perform recon on TLD 32:30 – Sn1per Professional workspace report filtering for live web hosts 33:45 – Utilizing Sn1per Professional’s quick links to view websites 38:18 – Digging deeper manually into interesting hosts 40:00 – Leveraging Burpsuite Professional with Collaborator to catch emails and analyze HTTP requests 42:26 – Running URL Fuzzer Add-on to fuzz dynamic URL’s for open redirects and CRLF vulnerabilities (unreleased) 43:56 – Using Sn1per Professional’s built-in Notepad to keep/store notes in workspace 46:55 – Discovering hidden content via Sn1per Professional Fuzzer add-on (unreleased) 48:14 – Setting up Burpsuite Professional certificate authority to intercept HTTPS traffic 49:32 – Installing and using Burpsuite CO2 plugin to scan for SQL injection 50:38 – Manually fuzzing dynamic URL’s via Burpsuite Intruder 56:24 – Manually analyzing fuzzer results to discover hidden content 1:01:00 – Brute forcing basic authentication with Sn1per Professional’s Brute Force add-on (unreleased) 1:06:36 – Manually fuzzing dynamic URL’s via Burpsuite Intruder 1:14:22 – Using Sn1per Professional’s CSV export to view host table
Sn1per Professional v6.0 is now available from the XeroSecurity website.
This is a BIG release with tons of new features and improvements, including:
100% responsive web UI resizes to fit any resolution or device.
New scan progress bar indicates overall scan status to ensure 100% scan coverage of the entire workspace.
Improved scan dashboard gives high level overview of workspace, including downloadable lists to all domains, scanned targets and unscanned targets. These can be easily referenced and used to scan the entire attack surface using Sn1per.
New reports menu includes links to all Sn1per console reports which can be downloaded and viewed from the main report.
New sidebar shortcuts added to both the main Sn1per report and all detailed host reports to quickly jump to each section of the report.
Slideshow for all gathered screenshots
Improved host table allows searching for scan mode tags, IP/DNS, HTTP titles, status codes, HTTP headers, WAF detection and open ports.
New quick links for both the HTTP and HTTPS versions for each host in the host table.
New scan tags to indicate which hosts has been scanned and which mode (ie. Stealth, Web, Portscan, Bruteforce, etc.) and which are new in the host table section of the report.
New email security section indicates any email spoofing vulnerabilities for the workspace.
New takeovers security section indicates any potential domain takeovers or hijacking vulnerabilities.
New HTML5 notepad saves automatically to the main report elevating the need to save your work (keep in mind, it uses the local browser cache, so switching browsers or clearing your browser cache will remove your notes!).
New detailed host reports are now separate from the main report and include the following features:
34 customized recon links.
26 customized Google dork links.
HTTP/HTTPS quick links.
Reports menu to download the full HTML console reports for each host.
New sidebar links for each detailed host report to quickly jump to each section of the report.
New links to full NMap HTML host reports.
New links to download all discovered URL’s for each host
For all questions regarding payment, licensing, installation or general usage, refer to our online documentation for more info or contact us at [email protected].