Continuous Attack Surface Management (ASM) and reduction has become a crucial function for every organization to gain visibility of their perimeter security. Having the right tools and processes in place is vital to detecting new vulnerabilities before attackers do. In this blog post, we will outline the basic steps for discovering the attack surface with Sn1per Professional v9.0.
Leverage the full power of NMap with the new “Port Scanner Add-on” for Sn1per Professional. Easily customize each NMap scan to meet your needs! Select from over 40+ hand picked scan profiles or select and run any NMap script from the drop-down menu easily. Select the multi-target list selection to scan all hosts in your workspace with a single click. Each scan produces a high quality HTML report for easy viewing and organization of all data. You can also update your Sn1per Professional port and NMap host data by selecting the “Update” checkbox. Getting the most out of NMap has never been easier or more powerful!
Scan for the latest vulnerabilities easily using Nessus and import vulnerability data with detailed HTML/CSV reports directly into Sn1per Professional! The Nessus Add-on is a must have for serious security professionals, bug bounty researchers and penetration testers alike!
Features
Initiate Nessus vulnerability scans from Sn1per
Import vulnerability data from Nessus into Sn1per Professional
Download Nessus vulnerability reports in HTML and CSV format
Sn1per Professional v6.0 is now available from the XeroSecurity website.
This is a BIG release with tons of new features and improvements, including:
100% responsive web UI resizes to fit any resolution or device.
New scan progress bar indicates overall scan status to ensure 100% scan coverage of the entire workspace.
Improved scan dashboard gives high level overview of workspace, including downloadable lists to all domains, scanned targets and unscanned targets. These can be easily referenced and used to scan the entire attack surface using Sn1per.
New reports menu includes links to all Sn1per console reports which can be downloaded and viewed from the main report.
New sidebar shortcuts added to both the main Sn1per report and all detailed host reports to quickly jump to each section of the report.
Slideshow for all gathered screenshots
Improved host table allows searching for scan mode tags, IP/DNS, HTTP titles, status codes, HTTP headers, WAF detection and open ports.
New quick links for both the HTTP and HTTPS versions for each host in the host table.
New scan tags to indicate which hosts has been scanned and which mode (ie. Stealth, Web, Portscan, Bruteforce, etc.) and which are new in the host table section of the report.
New email security section indicates any email spoofing vulnerabilities for the workspace.
New takeovers security section indicates any potential domain takeovers or hijacking vulnerabilities.
New HTML5 notepad saves automatically to the main report elevating the need to save your work (keep in mind, it uses the local browser cache, so switching browsers or clearing your browser cache will remove your notes!).
New detailed host reports are now separate from the main report and include the following features:
34 customized recon links.
26 customized Google dork links.
HTTP/HTTPS quick links.
Reports menu to download the full HTML console reports for each host.
New sidebar links for each detailed host report to quickly jump to each section of the report.
HTTP/HTTPS screenshots
DNS
Sub-domains
Open ports
New links to full NMap HTML host reports.
Fingerprint info
HTTP headers
Web files
Web URL’s
New links to download all discovered URL’s for each host
SSL/TLS info
Documentation
For all questions regarding payment, licensing, installation or general usage, refer to our online documentation for more info or contact us at [email protected].
Date: 1-31-2017 Software Link: https://www.ipswitch.com/moveit Affected Version: 8.1-9.4 (only confirmed on 8.1 but other versions prior to 9.5 may also be vulnerable) Exploit Author:[email protected] Contact: https://twitter.com/crowdshield Vendor Homepage: https://www.ipswitch.com Category: Webapps Attack Type: Remote Impact: Data/Cookie Theft
Description
IPSwitch MoveIt v8.1 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. Attackers can leverage this vulnerability to send malicious messages to other users in order to steal session cookies and launch client-side attacks.
Proof of Concept
The vulnerability lies in the Send Message -> Body Text Area input field.
1/30/2017 – Disclosed details of vulnerability to IPSwitch.
1/31/2017 – IPSwitch confirmed the vulnerability and verified the fix as of version 9.5 and approved public disclosure of the vulnerability.