Automated penetration scanning tool

Automated penetration scanning tool , It integrates many open source tools for information collection , It is included in the API.

Tool features ：

Attack surface discovery

Easily find the attack surface （IP、 domain name 、 Open ports 、HTTP Header, etc ）.

Penetration test

Use the latest hackers and open source security tools to automatically discover vulnerabilities and ethical exploitation

Visual reconnaissance

Use slide widgets and thumbnails to perform visual reconnaissance on all hosts in the workspace

IT Asset inventory

Search for 、 Sort and filter the entire attack surface list DNS、IP、 title 、 state 、 Server header 、WAF And open TCP/UDP port .

The red team

Strengthen the understanding of Automated Penetration Testing Technology “ Blue team ” Response and detection capabilities

Notepad

Store and access multiple notes in one location , To help manage your data and keep things in order

Vulnerability management

Use the latest commercial and open source vulnerability scanners to quickly scan for the latest vulnerabilities and CVE.

Web Application scanning

adopt Burpsuite Professional 2.x、Arachni and Nikto start-up Web Application scanning

The report

Export the entire attack surface host list and vulnerability report as CSV、XLS or PDF Format , To filter 、 Sort and view all attack surface data

Open source intelligence gathering

Automatically collect online documents 、 Metadata 、 Email address and contact information .

Continuous scan coverage

Every day 、 Schedule scans weekly or monthly , To continuously overwrite changes

Vulnerability discovery

Automatically discover the attack surface and easily scan the latest vulnerabilities and CVE.

Notification and changes

Receive information about scanning and host status changes 、URL And notification of domain changes and new vulnerabilities found

Domain name takeover

List all that are vulnerable to domain hijacking and takeover DNS Record .

Integrate ：

Github API Integrate （ https://github.com/1N3/Sn1per/wiki/Github-API-Integration ）

Burpsuite Professional 2.x

Integrate （ https://github.com/1N3/Sn1per/wiki/Burpsuite-Professional-2.x-Integration ）

OWASP ZAP Integrate ( https://github.com/1N3/Sn1per/wiki/OWASP-ZAP-Integration )

Shodan API Integrate （ https://github.com/1N3/Sn1per/wiki/Shodan-Integration ）

Censys API Integrate （ https://github.com/1N3/Sn1per/wiki/Censys-API-Integration ）

Hunter.io API Integrate （ https://github.com/1N3/Sn1per/wiki/Hunter.io-API-Integration ）

Metasploit Integrate （ https://github.com/1N3/Sn1per/wiki/Metasploit-Integration ）

Nessus Integrate （ https://github.com/1N3/Sn1per/wiki/Nessus-Integration ）

OpenVAS API Integrate （ https://github.com/1N3/Sn1per/wiki/OpenVAS-Integration ）

Slack API Integrate （ https://github.com/1N3/Sn1per/wiki/Slack-API-Integration ）

WPScan API Integrate （ https://github.com/1N3/Sn1per/wiki/WPScan-API-Integration ）

The optional modes are as follows

NORMAL： Perform basic scans of targets and open ports using active and passive checks for optimal performance .

STEALTH： It mainly uses non-invasive scanning to quickly enumerate single targets , To avoid WAF/IPS Blocking .

FLYOVER： Fast multi-threaded advanced scanning of multiple targets （ Used to quickly collect advanced data on many hosts ）.

AIRSTRIKE： Quickly enumerate the open ports on multiple hosts / Service and perform basic fingerprint recognition . To use , Please specify to include all hosts 、 Need to be scanned IP The complete location of the file , And then run ./sn1per /full/path/to/targets.txt airstrike Start scanning .

NUKE： Start a comprehensive audit of multiple hosts specified in the selected text file . Usage examples ：./sniper /pentest/loot/targets.txt A nuclear bomb .

DISCOVER： Resolve subnet /CIDR（ namely 192.168.0.0/16） All hosts on , And start sniper scanning for each host . For internal network scanning .

PORT： Scan for vulnerabilities on specific ports . Currently, the reporting function is not available in this mode .

FULLPORTONLY： Perform a full and detailed port scan and save the results to XML.

MASSPORTSCAN： Yes “-f” Switch specifies multiple targets to run “fullportonly” scanning .

WEB： Add fully automatic... To the results Web Application scanning （ Port only 80/tcp and 443/tcp）. Very suitable Web Applications , But it may significantly increase the scanning time .

MASSWEB： Through “-f” Switch to run on multiple targets “web” Mode scan .

WEBPORTHTTP： Start a complete... For a specific host and port HTTP Web Application scanning .

WEBPORTHTTPS： Start a complete... For a specific host and port HTTPS Web Application scanning .

WEBSCAN： adopt Burpsuite and Arachni Start the full HTTP and HTTPS Web Application scanning .

MASSWEBSCAN： Yes “-f” Switch specifies multiple targets to run “webscan” Mode scan .

VULNSCAN： start-up OpenVAS Vulnerability scanning .

MASSVULNSCAN： Through “-f” Start on multiple targets specified by the switch “vulnscan” Mode scan .

Usage method ：

[*] NORMAL MODE

sniper -t <TARGET>

[*] NORMAL MODE + OSINT + RECON

sniper -t <TARGET> -o -re

[*] STEALTH MODE + OSINT + RECON

sniper -t <TARGET> -m stealth -o -re

[*] DISCOVER MODE

sniper -t <CIDR> -m discover -w <WORSPACE_ALIAS>

[*] SCAN ONLY SPECIFIC PORT

sniper -t <TARGET> -m port -p <portnum>

[*] FULLPORTONLY SCAN MODE

sniper -t <TARGET> -fp

[*] WEB MODE - PORT 80 + 443 ONLY!

sniper -t <TARGET> -m web

[*] HTTP WEB PORT MODE

sniper -t <TARGET> -m webporthttp -p <port>

[*] HTTPS WEB PORT MODE

sniper -t <TARGET> -m webporthttps -p <port>

[*] HTTP WEBSCAN MODE

sniper -t <TARGET> -m webscan 

[*] ENABLE BRUTEFORCE

sniper -t <TARGET> -b

[*] AIRSTRIKE MODE

sniper -f targets.txt -m airstrike

[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED

sniper -f targets.txt -m nuke -w <WORKSPACE_ALIAS>

[*] MASS PORT SCAN MODE

sniper -f targets.txt -m massportscan

[*] MASS WEB SCAN MODE

sniper -f targets.txt -m massweb

[*] MASS WEBSCAN SCAN MODE

sniper -f targets.txt -m masswebscan

[*] MASS VULN SCAN MODE

sniper -f targets.txt -m massvulnscan

[*] PORT SCAN MODE

sniper -t <TARGET> -m port -p <PORT_NUM>

[*] LIST WORKSPACES

sniper --list

[*] DELETE WORKSPACE

sniper -w <WORKSPACE_ALIAS> -d

[*] DELETE HOST FROM WORKSPACE

sniper -w <WORKSPACE_ALIAS> -t <TARGET> -dh

[*] GET SNIPER SCAN STATUS

sniper --status

[*] LOOT REIMPORT FUNCTION

sniper -w <WORKSPACE_ALIAS> --reimport

[*] LOOT REIMPORTALL FUNCTION

sniper -w <WORKSPACE_ALIAS> --reimportall

[*] LOOT REIMPORT FUNCTION

sniper -w <WORKSPACE_ALIAS> --reload

[*] LOOT EXPORT FUNCTION

sniper -w <WORKSPACE_ALIAS> --export

[*] SCHEDULED SCANS

sniper -w <WORKSPACE_ALIAS> -s daily|weekly|monthly

[*] USE A CUSTOM CONFIG

sniper -c /path/to/sniper.conf -t <TARGET> -w <WORKSPACE_ALIAS>

[*] UPDATE SNIPER

sniper -u|--update

Installation guide ：

kali

git clone https://github.com/1N3/Sn1per

cd Sn1per

bash install.sh

docker 

Download https://raw.githubusercontent.com/1N3/Sn1per/master/Dockerfile

docker build -t sn1per . 

docker run -it sn1per /bin/bash

or 

docker pull xerosecurity/sn1per

docker run -it xerosecurity/sn1per /bin/bash

Install pit points ：

The first way to install , Will jam , Because there are no resources to accelerate , You can do some science , But I use Alibaba cloud accelerated docker, from docker This tool used inside , You can watch the running process of the whole program , There should be many modules .