Sn1perSecurity-Attack-Surface-Management-header2

Sn1per Professional v10.0 Released

After months of hard work and development, we are pleased to announce the release of Sn1per Professional v10.0. This is a major release with many fixes, improvements and new features to help customers get the most value using Sn1per. Starting with v10.0, customers will have have 3 new pricing plans to choose from which will more closely align with their needs while remaining competitive in the market. In this post, we will go into detail for all of these changes and more.

New Integrations

We are pleased to announce that we have added the following major integrations and updates to Sn1per Professional v10.0:

  • OpenVAS/GVM 21.x integration & sc0pe parser
  • Nessus 10.x integration & sc0pe parser
  • OWASP ZAP 2.11.x integration & sc0pe parser

This will add to our growing list of powerful 3rd party software integrations and vulnerability scanning capabilities. For more details on setting up these integrations, please see our documentation page. You can also check our latest video here for a live demo of all Sn1per Professional v10.0 features.

Sn1per-Professional-v10.0-screenshot1

Sn1per-Professional-v10.0-screenshot

Updated OSINT Panel & Tools

A number of new categories have been added to the OSINT panel to detect expired domains and SSL certificates as well as retrieve all metadata for both. We also added new categories to display all DNS, ASN, open ports and services, OS fingerprints and web technologies detected to give a good high level overview of the workspace.

Updated Support For Kali Linux 2022-W02

With the release of Sn1per Professional v10.0, we also updated our support for the latest Kali Linux distribution (Kali Linux 2022-W02) so customers can enjoy the latest security updates and tools. We also cleaned up the installation script to remove any older dependencies and tools while updating Sn1per to remain compatible with the latest versions of all tools.

Updated Wordlists

Another major improvement in version 10.0 is that we have updated the default web and sub-domain wordlists for better accuracy and results. There are only 2 settings now to control web brute forcing and 1 setting for the sub-domain wordlist seen below. This change will help simplify configuration of wordlists in Sn1per and will further reduce the overall size of the installation.

##-------------------------------------------------------## ACTIVE WEB BRUTE FORCE STAGES
WEB_BRUTE_STEALTHSCAN="1"
WEB_BRUTE_COMMONSCAN="1"

# WEB BRUTE FORCE WORDLISTS
WEB_BRUTE_STEALTH="$INSTALL_DIR/wordlists/web-brute-stealth.txt"
WEB_BRUTE_COMMON="$INSTALL_DIR/wordlists/web-brute-common.txt"
WEB_BRUTE_EXTENSIONS="*"
WEB_BRUTE_EXCLUDE_CODES="400,404,405,406,429,500,502,503,504"

# DOMAIN WORDLISTS
DOMAINS_DEFAULT="$INSTALL_DIR/wordlists/domains-default.txt"

PHP 8.1 Upgrade

Due to a recent change in Kali Linux, we have upgraded our code to PHP v8.1 to fix the broken/missing PHP 7.4 package dependencies required by Sn1per Professional. Customers running Sn1per Professional v9.0 or lower may receive the following errors when attempting to re-install Sn1per:

Package php7.4-common is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source

E: Unable to locate package php7.4
E: Couldn't find any package by glob 'php7.4'
E: Package 'php7.4-common' has no installation candidate
E: Unable to locate package php7.4-cli
E: Couldn't find any package by glob 'php7.4-cli'
E: Unable to locate package php7.4-xml
E: Couldn't find any package by glob 'php7.4-xml'

In this case, a version 10.0 license would need to be purchased in order to fix this issue and continue using the product.

Changelog

For a complete list of all scan engine changes, see below:

*v10.0 – Fixed broken/missing PHP 7.4 packages Kali Linux
* v10.0 – Added compatibility with Kali Linux 2022-W02
* v10.0 – Added Nessus 10.x integration and sc0pe parser
* v10.0 – Added GVM 21.x integration support & sc0pe parser
* v10.0 – Added OWASP ZAP 2.11.x integration support & sc0pe parser
* v10.0 – Added CSVTool to installer
* v10.0 – Added option to ignore certificate errors in wget
* v10.0 – Added dnsutils to installer to fix missing deps
* v10.0 – Updated OSINT panel and scan mode to include all OSINT tools available
* v10.0 – Updated domain and web bruteforce wordlists
* v10.0 – Updated subfinder to latest version
* v10.0 – Updated nuclei templates path
* v10.0 – Updated max-timeout setting for web scans
* v10.0 – Updated WPScan installer
* v10.0 – Updated email security options
* v10.0 – Fixed issue with Nuclei installation missing symlink
* v10.0 – Fixed issue with Burpsuite sc0pe parser not working
* v10.0 – Fixed issue with URLCrazy not working on Ubuntu
* v10.0 – Fixed issue with EmailFormat API not working in OSINT mode
* v10.0 – Fixed issue with theharvester not running
* v10.0 – Fixed issue with dirsearch overwriting previous output reports
* v10.0 – Disabled WEB_BRUTE_FULL and WEB_BRUTE_EXPLOIT scan options
* v10.0 – Disabled NMap brute force scripts
* v10.0 – Disabled SMUGGLER plugin in sniper.conf default configuration
* v10.0 – Removed CORSTest plugin from installer
* v10.0 – Remove Shocker plugin from installer
* v10.0 – Sanitized dig command output
* v10.0 – Sanitized 403 bypass scanner output
* v10.0 – Removed Arachni from installer since its EOL and doesn’t work on latest Kali
* v10.0 – Removed INURLBR tool due to outdated PHP deps missing
* v10.0 – Removed Ultratools API lookup since site no longer exists
* v10.0 – Removed Strict Transport Security missing sc0pe template since nuclei makes this check redundant
* v10.0 – Removed directory listing sc0pe template since nuclei makes this check redundant
* v10.0 – Removed Clickjacking sc0pe template since nuclei makes this check redundant
* v10.0 – Removed SMBv1 enabled sc0pe template since nuclei makes this check redundant
* v10.0 – Removed Metasploit SSH enum user exploit since nuclei makes this check redundant

New Pricing Model

Starting with Sn1per Professional v10.0, we have also restructured our pricing to match our customers needs while remaining competitive in the market. This includes our “Personal” plan geared towards Information Security professionals and researchers, our “Business” plan for small to medium sized businesses, and our “Enterprise” plan for large businesses and enterprises.

For a high level view of the specific changes regarding our pricing structure, see below:

  • All plans will be billed annually and will require renewal to continue usage of the product
  • Each license will be billed “per server/machine”
  • To install Sn1per Professional v10.0 on multiple machines simultaneously, multiple licenses will need to be purchased
  • Each pricing plan will be billed based on usage (ie. maximum workspaces & maximum hosts per workspace)
  • Professional email support will be provided for the license term (ie. 1 year)
  • Scan engine and UI updates will be included for the license term (ie. 1 year)

Demo

See Sn1per Professional v10.0 in action with our complete feature walk through.

 

That wraps up this post, but feel free to reach out to us at [email protected]rsecurity.com with any questions. Our “Personal” and “Business” plans can both be purchased immediately from our shop. For all “Enterprise” plan inquiries, please email us at [email protected] for a quote.

Leave a Reply