Sn1per is an automated scanner that can automate the process of collecting data for exploration and penetration testing.
In their work sn1per involves such well-known tools like: amap, arachni, amap, cisco-torch, dnsenum, enum4linux, golismero, hydra, metasploit-framework, nbtscan, nmap smtp-user-enum, sqlmap, sslscan, theharvester, w3af, wapiti, whatweb, whois, nikto, wpscan.d during a penetration test to enumerate and scan for vulnerabilities.
Features
Modes
Detailed Demonstration – sn1per
theHarvester
Sublist3r
wafw00f
XST
Nikto
INURLBR
MassBleed
Yasuo
BruteX
Download the Sniper clone Repository from GitHub. Extract it Zip file in the Desktop
#git clone https://github.com/1N3/Sn1per.gitInstall the sn1per using the install.sh file in sn1per folder .
#chmod +x install.shInstall sn1per using this command.
#./install.shAfter successfully installing sn1per open the tool.
After Successfully Open the Sn1per, Start Gathering the information from the Target
#sniper facebook.comHere you will get some information about the fingerprint of specific Target.
Domain name lookup service “who is information” to search the whois database for domain name registration information.
The objective of this program is to gather emails, subdomains, hosts, employee names, open ports, and banners from different public sources like search engines, PGP key servers, and the SHODAN computer database.
This tool is intended to help Penetration testers in the early stages of the penetration test in order to understand the customer footprint on the Internet. It is also useful for anyone that wants to know what an attacker can see about their organization.
Here you will get some information about the DNS Information specific Target.
Sublist3r is a Python tool that is designed to enumerate subdomains of websites through OSINT.
It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
Sublist3r enumerates subdomains using many search engines such as Google, Yahoo, Bing, Baidu, and Ask.
Sublist3r also enumerates subdomains using Netcraft, Virustotal, ThreatCrowd, DNSdumpster, and ReverseDNS.
Web Application firewalls are typically firewalls working on the application layer which monitors & modifies HTTP requests.
The key difference is that WAFs work on Layer 7 – Application Layer of the OSI Model. Basically, all WAFs protect against different HTTP attacks & queries like SQLi & XSS
Wafw00f is simply a Python tool that automates a set of procedures used in finding a WAF. Wafw00f simply queries a web server with a set of HTTP requests & methods. It analyses the responses from them & detects the firewall in place.
the “XS” in XST evokes similarity to XSS (Cross-Site Scripting) which has the consequence of leading people to mistake XST as a method for injecting JavaScript.
Running Nikto yourself is not overly difficult. you will be able to start your web server testing with one of the most well-known website/server testing tools.
This is the same tool we use on our online Nikto scanner page.
Advanced search in search engines, enables analysis provided to exploit GET / POST capturing emails & urls, with an internal custom validation junction for each target / url found.
MassBleed is an SSL Vulnerability Scanner .main functions with the ability to proxy all connections:
Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.
While working on a network security assessment (internal, external, redteam gigs etc.), we often come across vulnerable 3rd-party web applications or web front-ends that allow us to compromise the remote server by exploiting publicly known vulnerabilities.
Some of the common & favorite applications are Apache Tomcat administrative interface, JBoss jmx-console, Hudson Jenkins, and so on.
Automatically brute force all services running on a target.
so a collection of advanced information gathering and scanning tools are playing their role with Sn1per and Distributing the Exact information and scanning result from a specific target.
You can also learn the complete YouTube videos here for all the Sn1per pen-testing module training.
A critical command injection vulnerability in the popular systeminformation npm package has recently been disclosed, exposing millions…
Researchers discovered a malware campaign targeting the npm ecosystem, distributing the Skuld info stealer through…
An investigation revealed an intrusion in Asia involving the BellaCiao .NET malware, as the initial…
A seemingly benign health app, "BMI CalculationVsn," was found on the Amazon App Store, which…
The Lazarus Group has recently employed a sophisticated attack, dubbed "Operation DreamJob," to target employees…
NodeStealer, initially a JavaScript-based malware, has evolved into a more sophisticated Python-based threat that targets…
View Comments