Git Product home page Git Product logo

sn1per's Introduction

Sn1per - Automated Pentest Recon Scanner

alt tag

ABOUT:

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

FEATURES:

  • Automatically collects basic recon (ie. whois, ping, DNS, etc.)
  • Automatically launches Google hacking queries against a target domain
  • Automatically enumerates open ports
  • Automatically brute forces sub-domains and DNS info
  • Automatically runs targeted NMap scripts against open ports
  • Automatically runs targeted Metasploit scan and exploit modules
  • Automatically scans all web applications for common vulnerabilities
  • Automatically brute forces all open services

INSTALL:

./install.sh - Installs all dependencies OR upgrades existing Sn1per installations. Best run from Kali Linux.

USAGE:

./sn1per <target>

SAMPLE REPORT:

https://gist.github.com/1N3/8214ec2da2c91691bcbc

CHANGELOG:

  • v1.5b - Added Squid Proxy checks port 3128/tcp
  • v1.5b - Fixed syntax error with theHarvester in install.sh
  • v1.5a - Fixed syntax error with port 8081 checks
  • v1.5a - Added Arachni integration
  • v1.5a - Added vsftpd, proftpd, mysql, unrealircd auto exploits
  • v1.5 - Added Metasploit scan and auto-exploit modules
  • v1.5 - Added additional port checks
  • v1.5 - Added full TCP/UDP NMap XML output
  • v1.5 - Auto tune scan for either IP or hostname/domain
  • v1.4h - Added auto IP/domain name scan configurations
  • v1.4g - Added finger enumeration scripts
  • v1.4g - Fixed nmap -p 445 target issue
  • v1.4g - Fixed smtp-enum target issue
  • v1.4f - Fixed BruteX directory bug
  • v1.4e - Fixed reported errors install.sh
  • v1.4e - Added auto-upgrade option to install.sh for existing Sn1per installs
  • v1.4d - Fixed missing rake gem install dependency
  • v1.4c - Reordered 3rd party extensions
  • v1.4b - Fixed install.sh executable references
  • v1.4b - Fixed Yasou dependencies in install.sh
  • v1.4b - Fixed minor issues with BruteX loot directory
  • v1.4 - Added Yasou for automatic web form brute forcing
  • v1.4 - Added MassBleed for SSL vulnerability detection
  • v1.4 - Added Breach-Miner for detection of breached accounts
  • v1.4 - Fixed minor errors with nmap
  • v1.4 - Removed debug output from goohak from displaying on console

FUTURE:

  • Add in detection and auto exploitation for Tomcat, JBoss, PHPMyAdmin
  • Add in Juniper backdoor password to password list
  • Add auth bypass string to password list
  • Add in OpenVAS integration
  • Look into HTML reporting or text based output options to save scan data

sn1per's People

Contributors

1n3 avatar jmchia avatar mw3demo avatar iambrosie avatar

Watchers

James Cloos avatar avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.