SN1PER – A Detailed Explanation of Most Advanced Automated Information Gathering & Penetration Testing Tool

Sn1per is an automatic scanner that can automate the process of collecting information for the exploration and penetration screening.

In their work sn1per includes such well-known tools like: amap, arachni, amap, cisco-torch, dnsenum, enum4linux, golismero, hydra, metasploit-framework, nbtscan, nmap smtp-user-enum, sqlmap, sslscan, theharvester, w3af, wapiti, whatweb, whois, nikto, wpscan.d during a penetration test to identify and scan for vulnerabilities.


Here you will get some information about the finger print of specfic Target.


PORT: Scans a particular port for vulnerabilities. Reporting is not presently available in this mode.

LOOT: Automatically displays and organizes loot folder in your web browser and opens Metasploit Pro and Zenmap GUI with all port scan outcomes. To run, type sniper loot.

Action 3:.

Running Nikto yourself is not overly tough. you will be able to start your web server testing with among the most popular website/ server testing tools. This the same tool we use on our online nikto scanner page.



Install sn1per utilizing this command.


Advanced search in search engines, makes it possible for analysis offered to exploit GET/ POST catching emails & & urls, with an internal custom validation junction for each target/ url found.

The key difference is that WAFs deal with Layer 7– Application Layer of the OSI Model. Basically all WAFs secure versus different HTTP attacks & & inquiries like SQLi & & XSS

Likewise Read:.

After Successfully Open the Sn1per, Start Gathering the info from the Target.

While dealing with a network security evaluation (internal, external, redteam gigs and so on), we often stumble upon vulnerable 3rd-party web applications or web front-ends that permit us to jeopardize the remote server by exploiting openly known vulnerabilities.




the “XS” in XST evokes similarity to XSS (Cross-Site Scripting) which has the effect of leading individuals to error XST as a method for injecting JavaScript.

STEALTH: Quickly mention single targets using mainly non-intrusive scans to prevent WAF/IPS blocking.

MassBleed is a SSL Vulnerability Scanner.main works with the ability to proxy all connections:.


Action 1:.

AIRSTRIKE: Quickly identifies open ports/services on several hosts and carries out basic fingerprinting. To utilize, define the full place of the file which contains all hosts, IPs that require to be scanned and run./ sn1per/ full/path/to/ targets.txt airstrike to begin scanning.


WEB: Adds complete automated web application scans to the outcomes (port 80/tcp & & 443/tcp only). Perfect for web applications but might increase scan time significantly.

NUKE: Launch complete audit of numerous hosts specified in text file of option./ sniper/ pentest/loot/targets.

Install the sn1per utilizing the file in sn1per folder.


. Wafw00f is merely a python tool which automates a set of treatments used in finding a WAF. Wafw00f simply queries a web server with a set of HTTP requests & & approaches. It analyses the reactions from them & & detects the firewall software in place.

Download the Sniper clone Repository from Github. Extract it Zip file in Desktop.

This tool is intended to assist Penetration testers in the early phases of the penetration test in order to understand the client footprint on the Internet. It is likewise useful for anybody that needs to know what an enemy can see about their company.

To mass scan any CIDR variety for OpenSSL vulnerabilities via port 443/tcp (https) (example: sh 16).
To scan any CIDR range for OpenSSL vulnerabilities via any customized port defined (example: sh 16 port 8443).
To private scan every port (1-10000) on a single system for susceptible variations of OpenSSL (example: sh single).
To scan every open port on every host in a single class C subnet for OpenSSL vulnerabilities (example: sh 192.168.0. subnet).

DISCOVER: Parses all hosts on a subnet/CIDR (ie. 16) and starts a sniper scan against each host. Helpful for internal network scans.

Step 2:.

Automatically brute force all services working on a target.

so collection of innovative information gathering and scanning tools are playing their role with Sn1per and Distribute the Exact information and scanning result from specific target.

After successfully installed sn1per open the tool.

sniper << target> <> < report>> sniper << target> > stealth << report>> sniper << CIDR> > discoversniper << target> > port << portnum>> sniper << target> > fullportonly << portnum>> sniper << target> > web << report>> sniper << target> > nobrute << report>> sniper << targets.txt> > airstrike << report>> sniper << targets.txt> > nuke << report>> sniper loot.

It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting. Sublist3r specifies subdomains using lots of search engines such as Google, Yahoo, Bing, Baidu, and Ask.

Web Application firewalls are normally firewalls working on the application layer which keeps track of & & modifies HTTP requests.

A few of the typical & & favorite applications are Apache Tomcat administrative user interface, JBoss jmx-console, Hudson Jenkins and so on.

Yasuo is a ruby script that scans for vulnerable 3rd-party web applications.

#chmod +x

REPORT: Outputs all results to text in the loot directory for later referral. To allow reporting, append report to any sniper mode or command.

NOBRUTE: Launches a complete scan versus a target host/domain without brute forcing services.

#git clone

Domain lookup service “who is details” to search the whois database for domain name registration details.

FULLPORTONLY: Performs a complete comprehensive port scan and saves results to XML.

Open ports.
DNS domains.


Here you will get some details about the DNS Information of specfic Target.



The objective of this program is to collect emails, subdomains, hosts, worker names, open ports and banners from different public sources like search engines, PGP crucial servers and SHODAN computer database.

In-depth Demonstration– sn1per.

Immediately collects basic recon (ie. whois, ping, DNS, etc.).
Automatically releases Google hacking questions against a target domain.
Instantly identifies open ports.
Instantly strengths sub-domains and DNS information.
Instantly checks for sub-domain hijacking.
Automatically runs targeted NMap scripts versus open ports.
Instantly runs targeted Metasploit scan and exploit modules.
Instantly scans all web applications for typical vulnerabilities.
Immediately strengths all open services.
Automatically make use of remote hosts to get remote shell access.
Performs high level enumeration of multiple hosts.
Auto-pwn included for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds.
Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting.
Develop individual work areas to save all scan output.


Step 4:. 16) and initiates a sniper scan against each host. Useful for internal network scans.

To use, define the complete location of the file which contains all hosts, IPs that require to be scanned and run./ sniper/ pentest/loot/targets. It helps penetration testers and bug hunters gather and gather subdomains for the domain they are targeting.