Sn1per Professional v9.1 SE Update Released!

Auto-Target Mode Selection

Burpsuite Professional Vulnerability Parser

Another major improvement in v9.1 is a new sc0pe parser for Burpsuite Professional. This will allow customers to automatically import all Burpsuite Professional vulnerabilities from new and previous scans directly into the Sn1per Professional v9.0 for improved vulnerability analytics and reporting.

Sn1per v9.1 Burpsuite Parser

Testing for HTTP 403 Forbidden Bypasses

A new tool called “DirDar” was added to help in testing for HTTP 403 “Forbidden” bypasses using a number of common techniques (ie. altering HTTP headers, appending common character sequences to the URL, etc.). DirDar comes enabled by default for all Sn1per ‘web’ based modes and can be disabled within the sniper.conf file by setting the “DIRDAR” variable to “0”.

Verbose Scan Notifications for Disabled Conf Options

In prior versions of Sn1per, it hasn’t been easy to tell which options are enabled or disabled when running scans. With Sn1per SE v9.1, customers will now see scan notifications with the exact setting name and a short message indicating that the setting is disabled in the current config.

URLScan.io Cached URL Retrieval

We added urlscan.io cached URL retrieval to automatically list all URL’s for the target website. This comes as yet another way to retrieve known URL’s from a target website which may lead to some interesting vulnerabilities being discovered. This will come enabled by default for all ‘web’ mode scans and can be enabled or disabled via the “URLSCANIO” setting.

Scanning For Sensitive Secrets In JavaScript Files

SecretFinder was also added in v9.1 to automatically scan all retrieved JavaScript (.js) files from a target website for sensitive data (ie. usernames, passwords, keys, etc.). This will come enabled by default for all ‘web’ mode scans and can be enabled or disabled via the “WEB_JAVASCRIPT_ANALYSIS” setting.

Sn1per v9.1 Sensitive Secrets

Screenshots on No X GUI Installations (Docker/VPS)

As some may have noticed, there has been some graphic limitations with running Sn1per on installations with no X based GUI running (typically Docker and VPS installations). As a result, most common methods for retrieving web screenshots don’t work since they typically rely on running a headless web browser. After lots of research and testing, a solution was found to capture screenshots on these types of installations which can be enabled in the sniper.conf file by setting the “NO_X_GUI” setting to “1”.

CVE-2021-21972 – VMware vCenter Unauthorized RCE

In case you missed it, a critical Remote Code Execution (RCE) vulnerability in VMWare vCenter was recently disclosed which allows remote attackers to execute malicious code on both Windows and Linux based systems running vCenter client. To assist customers, we added a new sc0pe template to automatically detect this vulnerability and alert you.

Differential Updates

In the past, typical Sn1per updates would involve re-installing and re-downloading ALL included programs, scripts and dependencies which could take some time depending on your bandwidth. With Sn1per Professional SE v9.1 onward, we will now be including differential updates to selectively update only the new additions and updated code to ease bandwidth and update times.

Full Changelog

Update Instructions

If you’re a current Sn1per Professional v9.0 customer, you have two options to upgrading the v9.1:

1. From a ‘root’ terminal, run the ‘sniper -u’ command
2. From the Sn1per Professional v9.0 Workspace Navigator, click the “Quick Commands” panel and run the “Update” option

NOTE: The update to the latest branch is “silent”, so no output will be displayed. To confirm the update was successful, simply run the ‘sniper’ command again or run ‘sniper -u’ to confirm the version was updated to v9.1 after.

Sn1per Professional Update Panel