Kali LinuxPenetration Testing

Sn1per-The Most Advanced Automated Pentest Recon Scanner

What is Sn1per ?

Sn1per is available in two different versions i.e Sn1per Professional & Community edition. Sn1per Community Edition is an automated scanner which is used during a penetration test to enumerate and scan for vulnerabilities in a web applications. Sniper is integrated with many tools such as nmap, hydra, metasploit-framework, nbtscan, w3af, whois, nikto, wpscan etc.

Sn1per automatically collects basic recon, launches google hacking queries against target, enumerate open ports, scans all web applications for vulnerabilities, brute force all open services etc.

Sn1per works in different modes i.e normal mode, stealth mode, flyover mode, air0strike mode. In Normal mode, it performs basic scan of targets and open ports using both active and passive checks for optimal performance. In stealth mode, it quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking. In flyover mode, it fast multi-threaded high level scans of multiple targets (useful for collecting high level data on many hosts quickly)

How to Install

You can easily get the clone from github – 

git clone https://github.com/1N3/Sn1per

After downloading the tool, get into the directory

cd Sn1per

Change the permission of the “installer.sh” script

chmod +x install.sh 

Execute the “installer.sh” script


Sn1per-The Most Advanced Automated Pentest Recon Scanner

Features os Sn1per

Automatically collects basic recon, enumerates open ports via NMap tool, brute forces sub-domains, gathers DNS info and checks for zone transfers, checks for sub-domain hijacking, runs targeted NMap scripts against open ports, runs targeted Metasploit scan and exploit modules, automatically scans all web applications for common vulnerabilities, brute forces ALL open services, test for anonymous FTP access, runs WPScan, Arachni and Nikto for all web services, enumerates NFS shares, test for anonymous LDAP access, enumerates SSL/TLS ciphers, protocols and vulnerabilities, enumerates SNMP community strings, services and users, lists SMB users and shares, check for NULL sessions and exploit MS08-067, exploits vulnerable JBoss, Java RMI and Tomcat servers, tests for open X11 servers, auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds, performs advanced level enumeration of multiple hosts and subnets, automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting, gathers screenshots of all web sites, create individual workspaces to store all scan output.

AUTO-PWN: (Automated Exploits)
  • Apache Struts CVE-2018-11776 RCE exploit
  • Android Insecure ADB RCE auto exploit
  • Apache Tomcat CVE-2017-12617 RCE exploit
  • Oracle WebLogic WLS-WSAT Component Deserialisation RCE CVE-2017-10271 exploit
  • Drupal Drupalgedon2 RCE CVE-2018-7600
  • GPON Router RCE CVE-2018-10561
  • Apache Struts 2 RCE CVE-2017-5638, CVE-2017-9805, Apache Jakarta RCE CVE-2017-5638
  • Shellshock GNU Bash RCE CVE-2014-6271
  • HeartBleed OpenSSL Detection CVE-2014-0160
  • Default Apache Tomcat Creds CVE-2009-3843
  • MS Windows SMB RCE MS08-067
  • Webmin File Disclosure CVE-2006-3392
  • Anonymous FTP Access
  • PHPMyAdmin Backdoor RCE
  • PHPMyAdmin Auth Bypass
  • JBoss Java De-Serialization RCE’s
Available MODES:
  • NORMAL: This mode performs a basic scan of targets and finds open ports using both active and passive scans.
          sniper -t|--target <TARGET>
         sniper -t|--target <TARGET> -o|--osint -re|--recon -fp|--fullportonly -b|--bruteforce
  • STEALTH: Finds single targets using non-intrusive scans to avoid WAF/IPS blocking.
          sniper -t|--target <TARGET> -m|--mode stealth -o|--osint -re|--recon
  • FLYOVER: Fast multi-threaded high level scans of multiple targets.
          sniper -t|--target <TARGET> -m|--mode flyover -w|--workspace <WORKSPACE_ALIAS>
  • AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting.
           sniper -f|--file /full/path/to/targets.txt -m|--mode airstrike
  • NUKE: Launchs full audit of multiple hosts specified in text file of choice.
           sniper -f--file /full/path/to/targets.txt -m|--mode nuke -w|--workspace <WORKSPACE_ALIAS>
  • DISCOVER: Parses all hosts on a subnet and initiates a sniper scan against each host. It is useful for internal network scans.
            sniper -t|--target <CIDR> -m|--mode discover -w|--workspace <WORSPACE_ALIAS>
  • PORT: This mode scans a specific port for vulnerabilities.
            sniper -t|--target <TARGET> -m port -p|--port <portnum>
  • FULL PORT ONLY: It performs a full detailed port scan and gives a option to save the results in XML file.
            sniper -t|--target <TARGET> -fp|--fullportonly
  • WEB:  Adds full automatic web application scans to the results. This scan is Ideal for web applications.
            sniper -t|--target <TARGET> -m|--mode web
  • WEB PORT HTTP: This mode launches a full HTTP web application scan against a specific host and port.
             sniper -t|--target <TARGET> -m|--mode webporthttp -p|--port <port>
  • WEB PORT HTTPS: This mode launches a full HTTPS web application scan against a specific host and port.
             sniper -t|--target <TARGET> -m|--mode webporthttps -p|--port <port>

Do you want to write for TheHackerStuff ? If you have an interesting and intelligent topic you think we would like to publish, send it to thehackerstuff@gmail.com


This article is only for an Educational purpose. Any actions and or activities related to the material contained within this Website is solely your responsibility.The misuse of the information in this website can result in criminal charges brought against the persons in question. The authors and www.thehackerstuff.com  will not be held responsible in the event any criminal charges be brought against any individuals misusing the information in this website to break the law.


Akshay Sharma

Inner Cosmos

One thought on “Sn1per-The Most Advanced Automated Pentest Recon Scanner

Leave a Reply