Sn1per Professional v10.1 SE Update Released!

Sn1per Professional v10.1 Scan Engine (SE) update is now available for Sn1per Professional v10.0 customers with a ton of new features and improvements. This update is part of the Sn1per Professional SE development branch which is exclusively available only to Sn1per Professional v10.0 customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v10.0 license to download and receive scan engine updates.

New Vulnerability Templates

Several new vulnerability templates were added in v10.1 to detect the latest CVE’s and vulnerabilities in your environment. We also increased general vulnerability coverage by adding sc0pe templates for Apache Tomcat, Weak SSH Ciphers and SMB related vulnerabilities.

Sn1per Professional Vulnerability Report Viewer

New Features

Sn1per Professional v10.1 also has several new “intelligent” scan features to automatically change scan behavior and options based on a target’s fingerprint. For instance, if Sn1per Professional detects a WAF (Web Application Firewall), it will automatically switch to “stealth” mode in order to avoid being blocked now. If Sn1per detects WordPress, it will automatically run WPScan. If it detects a brute forcable service such as FTP or SSH, it will automatically try to brute force these services. Together, these changes will add a more automated intelligence to Sn1per which will provide more meaningful scan data without direct user intervention.

  • Added intelligent WAF detection (active & passive) with configurable scan profile (default: stealth mode) to avoid scans getting blocked. Must have WAF_CHECK=”1″ in your Sn1per configuration template.
  • Added intelligent “Access Denied – 403” detection & auto-scan via DirDar
  • Added intelligent WordPress detection & auto-scan via WPScan
  • Added intelligent CMS detection & auto-scan via CMSMAP
  • Added intelligent auto-bruteforce & auto-scan via BruteX. Must have AI_BRUTEFORCE=”1″ in your Sn1per configuration template.
  • Added automatic reverse IP lookups for IP addresses

Sn1per Auto-Bruteforce Detection

Improved Static Scans

Another key feature added to v10.1 is the addition of Nuclei static scans. With this, Sn1per will automatically check all JavaScript files for secrets and vulnerabilities (ie. DOM XSS) and will import the results into the Sn1per Professional. This will give a good head start when sifting through JS files for vulnerabilities.

Sn1per Professional Static Vulnerability Scan Report

Fixes

  • Fixed issue with OpenVAS socket permissions
  • Fixed issue with SSLScan missing from Ubuntu 20.04 LTS
  • Fixed issue with Dirsearch installation
  • Fixed issue with Nuclei takeover scans not working
  • Added Redis port 6389/tcp to default ports
  • Added Redis port 1337/tcp to default ports
  • Added Go 1.17+ support for all Go packages

Update Instructions

If you’re a current Sn1per Professional v10.0 customer, you have two options to upgrade:

  1. From a ‘root’ terminal, run the ‘sniper -u‘ command
  2. From the Sn1per Professional Workspace Navigator, click the “Quick Commands” panel and run the “Update” option
Sn1per Professional Update Panel

Sn1per Professional Update Panel

 

 

 

 

Leave a Reply