Automate Dynamic Web Application Scans (DAST) Using Sn1per Professional

Automate Dynamic Application Security Testing (DAST) Using Sn1per

In this blog post, I will outline the steps needed in order to automate Dynamic Application Security Testing (DAST) using Sn1per Professional. For those unfamiliar with DAST, it is the process of analyzing dynamic web content in order to find vulnerabilities. There are several tools on the market to accomplish this, but we’ll focus on the top tools used by Sn1per Professional in this blog post.

(more…)

October 11, 2021 Attack Surface Management, Bug Bounties, Dynamic Application Security Testing, Penetration Testing, Vulnerability Scanning No comments yet
Sn1per-logo1

New Payment Methods Available!

We are pleased to announce that we have officially integrated “Paddle” as our new payment gateway. This change will allow us to accept payments anywhere in the world (with the exception of sanctioned countries) using the following payment methods:
(more…)

September 8, 2021 News No comments yet
Sn1per Professional MassPwn Add-on

Sn1per Professional MassPwn Add-on Released!

Leverage the full power of Metasploit with the new “MassPwn Add-on” for Sn1per Professional v9.0. Easily customize each Metasploit scan to meet your needs! Automatically update your Sn1per Professional host data and get notifications when a remote host has been compromised or a vulnerability has been discovered. Getting the most out of Metasploit has never been easier!

(more…)

July 13, 2021 News No comments yet
Sn1per Professional v9.1 Update

Sn1per Professional v9.2 SE Update Released!
Sn1per Professional v9.2 Scan Engine (SE) update is now available for Sn1per Professional v9.0 customers with a ton of new features and improvements! This update is part of the new private development branch (Sn1per Professional SE) which is exclusively available only to Sn1per Professional v9.0 customers. If you are a previous customer (ie. Sn1per Professional v8.0 or less) or if you use the Community Edition available on Github, you will need to purchase a Sn1per Professional v9.0 license to download and receive scan engine updates.

(more…)

June 9, 2021 News No comments yet
Passive Attack Surface Reconnaissance

Passive Reconnaissance Techniques For Penetration Testing

As a top ranked bug bounty researcher and Sr. Penetration Tester, I’ve discovered some critical vulnerabilities without ever directly accessing or scanning the target in question. These vulnerabilities are typically found by querying 3rd party services to discover cached and historic URL’s from a target and searching interesting URL’s. In some cases, this has lead me to discover critical “0day” vulnerabilities in commercial security products, Corporate owned websites and online services. In this blog post, I’ll discuss the methodology and step-by-step process used to find these vulnerabilities and how we can leverage tools like Sn1per Professional to assist us.

(more…)

April 19, 2021 Attack Surface Management, Bug Bounties, Penetration Testing No comments yet