Skip to content
Buy Now

Usage

5 min read Updated April 18, 2026 Sn1per Pro 2026
Documentation/Usage

Sn1per Professional 2026 exposes three interfaces: a web UI (primary), a CLI (sniper command), and a JSON API.

Web UI

The web UI is served on HTTPS port 1337. Log in as admin with the password from /usr/share/sniper/pro/data/.admin-password.

Workspace Navigator

The landing page after login. One row per workspace (target). Each row shows:

  • Target hostname or IP
  • Host count and scan mode
  • Finding counts by severity (Critical / High / Medium / Low / Info)
  • Last scan timestamp
  • Quick links to the workspace report and individual host reports

Actions:

  • New Workspace — create an empty workspace for a target
  • Delete Workspace — remove a workspace and its loot
  • Import — import findings from a JSON/CSV report
  • Config Editor — open the scan-config editor drawer (top-right gear icon)

Workspace Report

Per-workspace summary dashboard. Sections:

  • Severity gauges with risk score
  • Host list (click to drill into host report)
  • Findings table (DataTables: sort, filter, export)
  • Scan history with status (running / completed / failed)
  • Screenshots gallery
  • Subdomains / ports / technologies
  • Notes (editable in the Notes drawer — see below)

Host Report

Per-host detail page. Shows:

  • Open ports with service version detection
  • Vulnerability findings parsed from sc0pe output
  • Technology fingerprints
  • Screenshots
  • OSINT and threat-intel data
  • Subdomain takeovers (if present)
  • DNS records

Top-bar drawer

A universal slide-over drawer replaces older modal flows. It’s used for:

  • Notes editor — per-workspace free-form notes (Markdown-flavored). Edit with a live Save/Delete control.
  • Scheduled tasks — view daily/weekly/monthly schedules; click Edit on a schedule row to open the text editor inside the same drawer, so the workspace context is preserved.
  • Config editor — edit sniper.conf or any template under /usr/share/sniper/conf/. Save / Delete buttons persist changes.
  • Scan tasks — running and historical tasks for the current workspace, with a “Kill” action per running task.

All drawer-based editors save via AJAX to the same backend used by the full-page editors; saves are atomic and CSRF-protected.

Quick Commands sidebar

Offcanvas sidebar (right edge of workspace pages) with one-click access to:

  • Scan commands — start new scans in any of the 27 modes
  • Bruteforce — credential-test launcher (FTP, SSH, HTTP, SMB, MySQL, PostgreSQL, RDP, VNC)
  • Fuzzer — URL / parameter / payload fuzzing
  • MassPwn — exploit-module picker for multi-target exploitation
  • OSINT — passive collection modules
  • Credentials — stored credentials browser
  • Notifications — Slack / SMTP alert configuration
  • Refresh — re-read loot from disk without rescanning

Dark / light theme

A moon icon in the navbar toggles themes. The choice persists per-browser in localStorage.

CLI

The sniper command is on $PATH after install. Run as root (or via sudo) for raw-socket scan features.

Scan a single target

sudo sniper -t target.com -m normal
sudo sniper -t 10.0.0.5  -m stealth
sudo sniper -t https://app.target.com -m web

Scan a list

sudo sniper -f targets.txt -m airstrike

27 scan modes

Mode Purpose
normal Full recon + vulnerability scan (default)
stealth Passive, low-noise scan
airstrike Mass scan from -f targets.txt
nuke Aggressive vuln + exploit (authorized targets only)
discover Subnet discovery
port / fullportonly TCP port scan (top ports / full 1-65535)
osscan OS fingerprinting
recon Recon + OSINT, no active vuln scanning
web / webporthttp / webporthttps / webscan Web-focused variants
bruteforce Credential testing
massportscan / massweb / masswebscan / massvulnscan Mass variants
vulnscan Vulnerability scanning only
fly Flyover (quick triage across many hosts)
import / importurls / importdomains Import external target lists
urlscan / massurlscan URL-level scanning
corsscan CORS misconfiguration scan
masspwn Mass exploitation

Run sniper -h for the full flag reference. Common flags:

Flag Purpose
-t TARGET Single target
-f FILE Target list file
-m MODE Scan mode
-w WORKSPACE Named workspace (defaults to target)
-c CONFIG Override sniper.conf
-o Out-of-scope override
-s SLACK Slack channel
--export DIR Export results to a directory

Inside a Docker container

docker exec sn1per-pro sniper -t target.com -m normal
docker exec -it sn1per-pro bash      # interactive shell

JSON API

Sn1per Pro ships a JSON API at /pro/api.php for programmatic access. Authentication is either HTTP Digest (same as web UI) or an X-API-Key header.

Example: list workspaces

curl -k --digest -u admin:PASSWORD 
  https://127.0.0.1:1337/pro/api.php?action=workspaces

Example: query vulnerabilities for a workspace

curl -k -H 'X-API-Key: YOUR_KEY' 
  "https://127.0.0.1:1337/pro/api.php?action=vulns&workspace=target.com"

Supported actions include workspaces, hosts, vulns, scan-status, and cache management. See pro/api.php for the full action catalog.

Scheduled Tasks

Recurring scans are backed by plain bash scripts under /usr/share/sniper/loot/workspace/<target>/scans/scheduled/:

  • daily.sh
  • weekly.sh
  • monthly.sh

Edit them from the web UI (Scheduled Tasks drawer → Edit per schedule) or directly with any text editor. The installer does not configure a cron entry on your behalf — wire these scripts into cron or systemd timers yourself:

# Example: run daily.sh for target.com every day at 03:00
0 3 * * * /usr/share/sniper/loot/workspace/target.com/scans/scheduled/daily.sh

Reporting & Export

From the web UI

Each workspace has an Export dropdown (top-right of the workspace report). Formats:

  • CSV (findings table)
  • Excel (.xlsx)
  • PDF
  • HTML advisory report
  • JSON

From the CLI

sudo sniper --export /tmp/target-export target.com

Import findings into another workspace

sudo sniper -t target.com -m import -f /tmp/target-export/findings.json

Updating

To pull the latest scan engine within your license term:

sudo sniper --update

The update function contacts the Sn1per update server, verifies your license, and downloads the latest scan engine bundle. Pro web UI updates are pulled separately and bundled with your next installation refresh.

Stopping / Starting Apache

sudo systemctl stop apache2     # stop the web UI
sudo systemctl start apache2    # start it again
sudo systemctl restart apache2  # full restart
sudo systemctl reload apache2   # config-only reload (after editing sniper.conf / settings.php)

Inside a Docker container, Apache is PID 1 (or started by the activation script). docker stop sn1per-pro / docker start sn1per-pro is the equivalent.

See Also

  • Docker — container workflow, compose, volumes
  • Configuration — all sniper.conf / settings.php options
  • Architecture — how the scan engine and web UI fit together
  • Installation — license management, deregistration

Something missing, unclear, or out-of-date?

Email the team