Sn1per Professional v9.1 Update

Sn1per Professional v9.1 SE Update Released!

Sn1per Professional v9.1 Scan Engine (SE) update is now available for Sn1per Professional v9.0 customers with a ton of new features and improvements! This update will start the beginning of a new private development branch (Sn1per Professional SE) which will be exclusively available only to Sn1per Professional v9.0 customers. If you are a previous customer (ie. Sn1per Professional v8.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v9.0 license to download and receive future scan engine updates and technical support.

Auto-Target Mode Selection

New in Sn1per v9.1 is our new auto-target mode selection. With this feature, it is now possible to input multiple types of target input (ie. subnets, URL’s, domains and IP’s) and Sn1per will automatically select the appropriate scan mode best suited for the target (ie. subnets will automatically be scanned with ‘discover’ mode. URL’s will be scanned with ‘web’ mode, etc.). You can also enter multiple subnets, URL’s, domains or IP’s in-line using the Sn1per Professional Multi-Target Scan Target List box and let Sn1per do the rest!

Burpsuite Professional Vulnerability Parser

Another major improvement in v9.1 is a new sc0pe parser for Burpsuite Professional. This will allow customers to automatically import all Burpsuite Professional vulnerabilities from new and previous scans directly into the Sn1per Professional v9.0 for improved vulnerability analytics and reporting.

Sn1per v9.1 Burpsuite Parser

Sn1per v9.1 Burpsuite Parser

Testing for HTTP 403 Forbidden Bypasses

A new tool called “DirDar” was added to help in testing for HTTP 403 “Forbidden” bypasses using a number of common techniques (ie. altering HTTP headers, appending common character sequences to the URL, etc.). DirDar comes enabled by default for all Sn1per ‘web’ based modes and can be disabled within the sniper.conf file by setting the “DIRDAR” variable to “0”.

Verbose Scan Notifications for Disabled Conf Options

In prior versions of Sn1per, it hasn’t been easy to tell which options are enabled or disabled when running scans. With Sn1per SE v9.1, customers will now see scan notifications with the exact setting name and a short message indicating that the setting is disabled in the current config. Cached URL Retrieval

We added cached URL retrieval to automatically list all URL’s for the target website. This comes as yet another way to retrieve known URL’s from a target website which may lead to some interesting vulnerabilities being discovered. This will come enabled by default for all ‘web’ mode scans and can be enabled or disabled via the “URLSCANIO” setting.

Scanning For Sensitive Secrets In JavaScript Files

SecretFinder was also added in v9.1 to automatically scan all retrieved JavaScript (.js) files from a target website for sensitive data (ie. usernames, passwords, keys, etc.). This will come enabled by default for all ‘web’ mode scans and can be enabled or disabled via the “WEB_JAVASCRIPT_ANALYSIS” setting.

Sn1per v9.1 Sensitive Secrets

Sn1per v9.1 Sensitive Secrets

Screenshots on No X GUI Installations (Docker/VPS)

As some may have noticed, there has been some graphic limitations with running Sn1per on installations with no X based GUI running (typically Docker and VPS installations). As a result, most common methods for retrieving web screenshots don’t work since they typically rely on running a headless web browser. After lots of research and testing, a solution was found to capture screenshots on these types of installations which can be enabled in the sniper.conf file by setting the “NO_X_GUI” setting to “1”.

CVE-2021-21972 – VMware vCenter Unauthorized RCE

In case you missed it, a critical Remote Code Execution (RCE) vulnerability in VMWare vCenter was recently disclosed which allows remote attackers to execute malicious code on both Windows and Linux based systems running vCenter client. To assist customers, we added a new sc0pe template to automatically detect this vulnerability and alert you.

Differential Updates

In the past, typical Sn1per updates would involve re-installing and re-downloading ALL included programs, scripts and dependencies which could take some time depending on your bandwidth. With Sn1per Professional SE v9.1 onward, we will now be including differential updates to selectively update only the new additions and updated code to ease bandwidth and update times.

Full Changelog

* v9.1 – Added CVE-2021-21972 – VMware vCenter Unauthorized RCE sc0pe template
* v9.1 – Differential updates for new Sn1per SE development branch
* v9.1 – Added Burpsuite Professional sc0pe parser
* v9.1 – Added DirDar tool to detect 403 errors and attempt bypass
* v9.1 – Added Static Analysis – Sensitive Information Disclosure sc0pe template
* v9.1 – Added SecretFinder static analysis tool
* v9.1 – Added cached URL retrieval
* v9.1 – Added xvfb screenshot tool for no X gui installations (see sniper.conf to enable)
* v9.1 – Added verbose scan notifications for disabled conf options
* v9.1 – Added FFuf URL fuzzer to for Fuzzer Add-on dependency
* v9.1 – Added HTML reporting for webscan mode
* v9.1 – Fixed issue with carriage returns in conf
* v9.1 – Fixed issue with DNS resolution in ‘discover’ mode scans causing duplicate hosts
* v9.1 – Fixed issue with bruteforce running automatically due to changes in conf file
* v9.1 – Sanitized XSS payloads in spidered URL lists
* v9.1 – Updated default aux mode options in default sniper.conf

Update Instructions

If you’re a current Sn1per Professional v9.0 customer, you have two options to upgrading the v9.1:

  1. From a ‘root’ terminal, run the ‘sniper -u’ command
  2. From the Sn1per Professional v9.0 Workspace Navigator, click the “Quick Commands” panel and run the “Update” option

NOTE: The update to the latest branch is “silent”, so no output will be displayed. To confirm the update was successful, simply run the ‘sniper’ command again or run ‘sniper -u’ to confirm the version was updated to v9.1 after.

Sn1per Professional Update Panel

Sn1per Professional Update Panel

Leave a Reply