Sn1per Professional v10.1 SE Update Released!
New Vulnerability Templates
Several new vulnerability templates were added in v10.1 to detect the latest CVE’s and vulnerabilities in your environment. We also increased general vulnerability coverage by adding sc0pe templates for Apache Tomcat, Weak SSH Ciphers and SMB related vulnerabilities.
- Added VMware Workspace ONE Access freemarker SSTI (CVE-2022-22954) sc0pe template
- Added Apache Tomcat Spring4Shell compromised host detection sc0pe template
- Added Apache Tomcat Spring4Shell Remote Code Execution (CVE-2022-22965) sc0pe template
- Added nginx 0.6.x < 1.20.1 1-Byte Memory Overwrite RCE sc0pe template
- Updated Apache Tomcat detection sc0pe template
- Added Weak SSH Ciphers sc0pe template
- Added Anonymous SMB Login sc0pe template
- Added SMB readable, writable shares & user enumeration sc0pe templates
- Added Joomla Pre-Installation Check sc0pe template
- Added Login Form Found sc0pe template
Sn1per Professional v10.1 also has several new “intelligent” scan features to automatically change scan behavior and options based on a target’s fingerprint. For instance, if Sn1per Professional detects a WAF (Web Application Firewall), it will automatically switch to “stealth” mode in order to avoid being blocked now. If Sn1per detects WordPress, it will automatically run WPScan. If it detects a brute forcable service such as FTP or SSH, it will automatically try to brute force these services. Together, these changes will add a more automated intelligence to Sn1per which will provide more meaningful scan data without direct user intervention.
- Added intelligent WAF detection (active & passive) with configurable scan profile (default: stealth mode) to avoid scans getting blocked. Must have WAF_CHECK=”1″ in your Sn1per configuration template.
- Added intelligent “Access Denied – 403” detection & auto-scan via DirDar
- Added intelligent WordPress detection & auto-scan via WPScan
- Added intelligent CMS detection & auto-scan via CMSMAP
- Added intelligent auto-bruteforce & auto-scan via BruteX. Must have AI_BRUTEFORCE=”1″ in your Sn1per configuration template.
- Added automatic reverse IP lookups for IP addresses
Improved Static Scans
- Fixed issue with OpenVAS socket permissions
- Fixed issue with SSLScan missing from Ubuntu 20.04 LTS
- Fixed issue with Dirsearch installation
- Fixed issue with Nuclei takeover scans not working
- Added Redis port 6389/tcp to default ports
- Added Redis port 1337/tcp to default ports
- Added Go 1.17+ support for all Go packages
If you’re a current Sn1per Professional v10.0 customer, you have two options to upgrade:
- From a ‘root’ terminal, run the ‘sniper -u‘ command
- From the Sn1per Professional Workspace Navigator, click the “Quick Commands” panel and run the “Update” option