Sn1per Versions Save

Attack Surface Management Platform

v8.2

4 years ago

CHANGELOG:

  • v8.2 - Added root priv check to sniper script to run
  • v8.2 - Added NMap port change notifications via Slack
  • v8.2 - Fixed issue with firefox not loading on Kali Linux 2020.1
  • v8.2 - Fixed issue with Masswebscan mode not working
  • v8.2 - Added Rails file exposure exploit CVE-2019-5418
  • v8.2 - Updated wordlist selections to fingerprint common vulnerable applications
  • v8.2 - Added h8mail compromised credentials check to OSINT (-o) mode
  • v8.2 - Added Kali start menu app & icon for Sn1per
  • v8.2 - Added check for insecure SSL/TLS connections
  • v8.2 - Added NMAP_OPTIONS setting in ~/.sniper.conf to configure optional NMap settings
  • v8.2 - Fixed issue with ManageEngine MSF exploit payload
  • v8.2 - Added Spyse sub-domain enumeration tool (https://github.com/zeropwn/spyse.py)
  • v8.2 - Fixed issue with Subjack (open /src/github.com/haccer/subjack/fingerprints.json: no such file or directory)

v8.1

4 years ago

CHANGELOG:

  • v8.1 - Added Citrix Gateway Arbitary Code Execution CVE-2019-19781 vulnerability detection
  • v8.1 - Added Pulse Secure VPN Arbitrary File Disclosure CVE-2019-11510 exploit
  • v8.1 - Added --data-length=50 for NMap IPS evasion
  • v8.1 - Removed NMap vulscan script due to F+ results
  • v8.1 - Fixed issue with CRT.SH sub-domain retrieval
  • v8.1 - Updated Kali Linux keyring package
  • v8.1 - Fixed "[: ==: unary operator expected" in all code
  • v8.1 - Updated Sn1per Professional autoload settings
  • v8.1 - Updated web brute force wordlists
  • v8.1 - Removed null and debug errors from passive spider API output
  • v8.1 - Updated Commoncrawl index repo
  • v8.1 - Updated DockerFile repository
  • v8.1 - Fixed issue with -dh flag to delete host with Sn1per Pro v8.0
  • v8.1 - Fixed issue with subfinder missing
  • v8.1 - Fixed issue with 7zip missing
  • v8.1 - Added check for Ubuntu to install.sh automatically

v8.0

4 years ago

CHANGELOG:

  • v8.0 - Added ASnip tool to retrieve ASN's via 'recon' mode
  • v8.0 - Added Shodan sub-domain lookup
  • v8.0 - Added script timeout flag for NMap scripts
  • v8.0 - Fixed issue with dnsenum getting stuck on gathering dns info stage
  • v8.0 - Added option to force upgrade/install.sh without user prompt (ie. ./install.sh force)
  • v8.0 - Fixed issue with theHarvester package on Ubuntu systems
  • v8.0 - Fixed error "[: ==: unary operator expected" in all modes
  • v8.0 - Added net-tools package for Ubuntu OS deps

v7.4

4 years ago

CHANGELOG:

  • v7.4 - Added LDAP anomyous search to port 389/tcp checks (Shoutout @D0rkerDevil)
  • v7.4 - Added Java RMI dump registry scan checks and exploits to port 8001/tcp (Shoutout @D0rkerDevil)
  • v7.4 - Added CheckPoint Firewall-1 SecuRemote Topology Service Hostname Disclosure MSF module
  • v7.4 - Added virtualhost scanning via web mode
  • v7.4 - Added Gobuster
  • v7.4 - Addd URLCrazy DNS alterations check to OSINT mode
  • v7.4 - Added Ultratools Whois Lookups to OSINT mode
  • v7.4 - Added Email-Format.com Email Retreival to OSINT mode
  • v7.4 - Added Metasploit OSINT email retrieval to OSINT mode
  • v7.4 - Added Hackertarget URL API retrieval to web modes
  • v7.4 - Fixed error in massvulnscan mode
  • v7.4 - Fixed issue with webscreenshot.py not running
  • v7.4 - Added reverse whois DNS search via AMass
  • v7.4 - Added MassDNS IP's to master sorted IP list
  • v7.4 - Fixed issue with MassDNS installation
  • v7.4 - Fixed bad path with DNSGen
  • v7.4 - Fixed issue with AMass not running
  • v7.4 - Improved performance of AltDNS/DNSgen/MassDNS retrieval
  • v7.4 - Changed webscreenshot.py setting to use chrome browser and increased timeout
  • v7.4 - Fixed issue with missing xmlstarlet package for OpenVAS scans
  • v7.4 - Improved active web spider URL consolidation

v7.3

4 years ago

CHANGELOG:

  • v7.3 - Added CVE-2019-15107 Webmin <= 1.920 - Unauthenticated RCE MSF exploit
  • v7.3 - Added massdns plugin
  • v7.3 - Added altdns plugin
  • v7.3 - Added dnsgen plugin
  • v7.3 - Updated web file/dir wordlists from public exploits and honeypots
  • v7.3 - Added time stamps to all commands
  • v7.3 - Removed CloudFront from domain hijacking checks
  • v7.3 - Removed snmp-brute.nse script due to scan issues
  • v7.3 - Fixed issue with discover scan workspace names
  • v7.3 - Fixed issue with DockerFile (sed: can't read /usr/bin/msfdb: No such file or directory)
  • v7.3 - Fixed issue with installer on docker not having pip installed
  • v7.3 - Fixed issue with port 161 not being referenced correctly in scans

v7.2

4 years ago

CHANGELOG:

  • v7.2 - Added experimental OpenVAS API integration
  • v7.2 - Improved Burpsuite 2.x API integration with vuln reporting
  • v7.2 - Added hunter.io API integration to recon mode scans
  • v7.2 - Added Cisco IKE Key Disclosure MSF exploit
  • v7.2 - Added JBoss MSF vuln scanner module
  • v7.2 - Added Apache CouchDB RCE MSF exploit
  • v7.2 - Added IBM Tivoli Endpoint Manager POST Query Buffer Overflow exploit
  • v7.2 - Added Java RMI MSF scanner
  • v7.2 - New scan mode "vulnscan"
  • v7.2 - New scan mode "massportscan"
  • v7.2 - New scan mode "massweb"
  • v7.2 - New scan mode "masswebscan"
  • v7.2 - New scan mode "massvulnscan"
  • v7.2 - Added additional Slack API notification settings
  • v7.2 - Improved NMap port detection and scan modes
  • v7.2 - Fixed issue with Censys API being enabled by default
  • v7.2 - Fixed verbose errors in subjack/subover tools
  • v7.2 - Fixed issue with NMap http scripts not working

v7.1

4 years ago

CHANGELOG:

  • v7.1 - Added KeepBlue CVE-2019-0708 MSF scanner
  • v7.1 - Added automatic workspace generation for single target scans
  • v7.1 - Added new slack.sh API integration script
  • v7.1 - Added differential Slack notifications for new domains, new URL's and various scan outputs
  • v7.1 - Added vulners and vulscan NMap scripts
  • v7.1 - Added installer and support for Debian, Parrot and Ubuntu OS (install_debian.sh) (CC. @imhaxormad)
  • v7.1 - Fixed various issues with the DockerFile
  • v7.1 - Fixed/added Metasploit LHOST/LPORT values to all exploits based on sniper.conf settings
  • v7.1 - Fixed issue with Amass/Golang 1.11 not installing correctly

v7.0

4 years ago

CHANGELOG:

v7.0 - Added "webscan" mode for automated Burpsuite 2.x and Arachni web application scans only
v7.0 - Added Slack API notifications (Disabled by default..check ~/.sniper.conf)
v7.0 - Added new command switch to add daily, weekly or monthly sniper scheduled scans... check README
v7.0 - Added scheduled scan tasks command switch (Needs additional configuration to setup... check README)
v7.0 - Added Axis2 authenticated deployer MSF exploit
v7.0 - Added Axis2 login brute force module
v7.0 - Added subjack tool to check for subdomain hijacking
v7.0 - Added sorted IP lists under $LOOT_DIR/ips/ips-all-sorted.txt
v7.0 - Added subnet retrieval for all 'recon' mode scans under $LOOT_DIR/nmap/subnets-$TARGET.txt
v7.0 - Added Webscreenshot.py and disabled cutycapt from default config
v7.0 - Added Gobuster (Disabled by default..check ~/.sniper.conf)
v7.0 - Fixed issue with SubOver not working due to bad path
v7.0 - Fixed issue with flyover mode running 2x

v6.2

5 years ago

CHANGELOG:

  • v6.2 - Added Glassfish Admin traversal MSF exploit
  • v6.2 - Added ElasticSearch Java Injection MSF RCE exploit
  • v6.2 - Added WebTech web fingerprinting tool
  • v6.2 - Added censys subdomain retrieval and API key config
  • v6.2 - Added project sonar sub-domain retrieval
  • v6.2 - Added command switch to remove workspace (-d)
  • v6.2 - Added command switch to remove host (-dh)
  • v6.2 - Added DockerFile to run Sn1per in Docker (CC. Hariom Vashisth [email protected])
  • v6.2 - Changed option to automatically import all NMap XML's into Metasploit's DB
  • v6.2 - Changed option to automatically load Sn1per Professional's report when scans complete
  • v6.2 - Added config option to enable/disable subdomain hijacking checks in sniper.conf
  • v6.2 - Fixed issue with sniper --list command having invalid reference
  • v6.2 - Fixed issue with theharvester not running

v6.1

5 years ago

CHANGELOG:

  • v6.1 - Added automated web scanning via Burpsuite Pro 2.x API for all 'web' mode scans
  • v6.1 - Added Waybackmachine URL retrieval to all web scans
  • v6.1 - Converted all exploits to Metasploit
  • v6.1 - Added configuration options to set LHOST/LPORT for all Metasploit exploits in sniper.conf
  • v6.1 - Added improved web brute force dictionaries for all modes
  • v6.1 - Added individual logging for all tools under the loot directory
  • v6.1 - Added new sniper.conf options to enabled/disable all plugins and change settings per user
  • v6.1 - Fixed issue with CMSMap install/usage
  • v6.1 - Fixed issue with WPScan gem dependency missing (public_suffix)
  • v6.1 - Fixed timeout setting in cutycapt
  • v6.1 - Fixed issue with theharvester not running correctly
  • v6.1 - Fixed issue with Amass not running due to invalid command line options in latest release
  • v6.1 - Fixed issue with Sn1per Professional notepad.html missing
  • v6.1 - Cleaned up plugins and install dependencies list