Sn1per Scan Engine v10.7 Released!
Sn1per SE (Scan Engine) v10.7 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional and Sn1per Enterprise customers. If you are a previous customer or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional or Sn1per Enterprise license to download and receive updates.
New Features
* v10.7 – Added logic to extract all email addresses from workspace
* v10.7 – Added static code scanning for all extracted JS files
* v10.7 – Added per target configuration registration to allow simultaneous scans with different configurations
* v10.7 – Added Nuclei technology scans for all web, recon and network scans
* v10.7 – Moved Hunter.io integration scans to OSINT mode
New Tools
* v10.7 – Added Sc0pe Static Scan Tool by @xer0dayz to run/parse/combine results from semgrep, trufflehog, gitleaks and nuclei static scans
* v10.7 – Added Dalfox XSS scanning/vuln parser
* v10.7 – Added semgrep static code scanning for sensitive data
* v10.7 – Added trufflehog static code scanning for sensitive data
* v10.7 – Added gitleaks static code scanning for sensitive data
* v10.7 – Added nuclei static code scanning for sensitive data
* v10.7 – Added S3scanner tool to scan for AWS S3 mis-configurations in RECON mode
* v10.7 – Added HTTPX tool to detect all web services for all discovered sub-domains in RECON mode
* v10.7 – Added PorchPirate Postman secrets scan to OSINT mode
* v10.7 – Added SwaggerSpy SwaggerHub secrets scan to OSINT mode
* v10.7 – Added misconfig-mapper tool to OSINT mode to check for 3rd party mis-configurations
New Templates
* v10.7 – Added template for CVE-2024-21733
* v10.7 – Added template for PHPinfo Disclosure
* v10.7 – Added template for JQuery version disclosure
* v10.7 – Added template for generic HTTP client de-sync vulnerabilities
* v10.7 – Added template for blind XXE detection
* v10.7 – Added template for header reflection in body
* v10.7 – Added template for custom local file inclusion fuzzing
* v10.7 – Added template for reflected sinks fuzzing
* v10.7 – Added template for reflected XSS query fuzzing
* v10.7 – Added template for file credentials disclosure
New Settings
* v10.7 – Added new setting “FFUF_OPTS” to set all FFuf scan options
* v10.7 – Added new setting “USE_EXISTING_DOMAINS” to use existing sub-domains/skip sub-domain enumeration for RECON mode
* v10.7 – Added new setting “SCAN_ALL_DISCOVERED_IPS” to scan all discovered IP’s in RECON mode
Update Instructions
To update Sn1per to the latest version, customers can run the ‘sniper -u‘ command from the command line or use the ‘Update‘ function from the Command Execution module.
