Skip to content
Buy Now
News

Sn1per Scan Engine v10.7 Released!

xer0dayz · · 2 min read
Sn1per SE (Scan Engine) v10.7 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional and Sn1per Enterprise customers. If you are a previous customer or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional or Sn1per Enterprise license to download and receive updates.

Sn1per-Enterprise-20241126

New Features

* v10.7 – Added logic to extract all email addresses from workspace
* v10.7 – Added static code scanning for all extracted JS files
* v10.7 – Added per target configuration registration to allow simultaneous scans with different configurations
* v10.7 – Added Nuclei technology scans for all web, recon and network scans
* v10.7 – Moved Hunter.io integration scans to OSINT mode

New Tools

* v10.7 – Added Sc0pe Static Scan Tool by @xer0dayz to run/parse/combine results from semgrep, trufflehog, gitleaks and nuclei static scans
* v10.7 – Added Dalfox XSS scanning/vuln parser
* v10.7 – Added semgrep static code scanning for sensitive data
* v10.7 – Added trufflehog static code scanning for sensitive data
* v10.7 – Added gitleaks static code scanning for sensitive data
* v10.7 – Added nuclei static code scanning for sensitive data
* v10.7 – Added S3scanner tool to scan for AWS S3 mis-configurations in RECON mode
* v10.7 – Added HTTPX tool to detect all web services for all discovered sub-domains in RECON mode
* v10.7 – Added PorchPirate Postman secrets scan to OSINT mode
* v10.7 – Added SwaggerSpy SwaggerHub secrets scan to OSINT mode
* v10.7 – Added misconfig-mapper tool to OSINT mode to check for 3rd party mis-configurations

New Templates

* v10.7 – Added template for CVE-2024-21733
* v10.7 – Added template for PHPinfo Disclosure
* v10.7 – Added template for JQuery version disclosure
* v10.7 – Added template for generic HTTP client de-sync vulnerabilities
* v10.7 – Added template for blind XXE detection
* v10.7 – Added template for header reflection in body
* v10.7 – Added template for custom local file inclusion fuzzing
* v10.7 – Added template for reflected sinks fuzzing
* v10.7 – Added template for reflected XSS query fuzzing
* v10.7 – Added template for file credentials disclosure

New Settings

* v10.7 – Added new setting “FFUF_OPTS” to set all FFuf scan options
* v10.7 – Added new setting “USE_EXISTING_DOMAINS” to use existing sub-domains/skip sub-domain enumeration for RECON mode
* v10.7 – Added new setting “SCAN_ALL_DISCOVERED_IPS” to scan all discovered IP’s in RECON mode

Update Instructions

To update Sn1per to the latest version, customers can run the ‘sniper -u‘ command from the command line or use the ‘Update‘ function from the Command Execution module.

Tags #2024 #attack #automated #bugbounty #engine #enterprise #hacking #management #professional #scan #SE #sn1per #sn1persecurity #surface #tool #tools #v10.0

Written by

xer0dayz

Founder of XeroSecurity.

Stay ahead

Get security intel delivered.

Monthly updates on offensive-security research, new CVEs, and Sn1per product releases. No spam, unsubscribe anytime.

Request a Trial Explore Sn1per Pro