\n
- \n
- Automatically fuzz dynamic URL\u2019s for OWASP TOP 10 vulnerabilities.<\/li>\n
- Discover hidden content in a target environment.<\/li>\n
- Spider all URL\u2019s within a target environment.<\/li>\n
- Single & built-in multi target selections.<\/li>\n
- Customized wordlist selections and options via the GUI.<\/li>\n
- HTML and text based reports for all tools (ie. Black Widow, InjectX, SQLMap, Arachni, FFuf, Dirsearch, Gobuster)<\/li>\n
- Reporting of all output via the Command Execution Add-on<\/a>.<\/li>\n<\/ul>\n
Adding Custom Wordlists<\/h4>\n
\nTo add custom wordlists, add any .txt files to the following directory:<\/p>\n
\/usr\/share\/sniper\/wordlists\/custom\/*.txt<\/pre>\n
Usage<\/h4>\n
\nDiscover Hidden Content<\/h5>\n
To fuzz a specific URL to discover hidden files and folders, do the following:<\/p>\n
- \n
- Click on any workspace from the Workspace Navigator<\/li>\n
- Scroll down and click “Fuzzer” menu to access the Fuzzer Add-on<\/li>\n
- Enter the starting URL you want to brute force in the URL field<\/li>\n
- Select a wordlist to use from the “Wordlist” menu<\/li>\n
- Select a program to use (ie. Gobuster, Dirsearch, Ffuf)<\/li>\n
- Click the “Run” button to begin the scan<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer1.png\")
<\/p>\n![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer1b.png\")
<\/p>\nCrawl\/Spider All URL’s<\/h5>\n
To crawl\/spider a website to discover all URL’s, do the following:<\/p>\n
- \n
- Click on any workspace from the Workspace Navigator<\/li>\n
- Scroll down and click “Fuzzer” menu to access the Fuzzer Add-on<\/li>\n
- Enter the starting URL you want to spider in the URL field<\/li>\n
- Select “BlackWidow” from the “Program” menu<\/li>\n
- Click the “Run” button to begin the scan<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer2.png\")
<\/p>\n![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer2b.png\")
<\/p>\nFuzz All Dynamic URL’s for OWASP Top 10 Vulnerabilities<\/h5>\n
To fuzz all dynamic URL’s for OWASP Top 10 vulnerabilities, do the following:<\/p>\n
- \n
- Click on any workspace from the Workspace Navigator<\/li>\n
- Scroll down and click “Fuzzer” menu to access the Fuzzer Add-on<\/li>\n
- Select a URL list to fuzz from the “URL List” menu (ie. target.com_port-dynamic-sorted.txt)<\/li>\n
- Select “InjectX” from the “Program” menu<\/li>\n
- Click the “Run” button to begin the scan<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer3.png\")
<\/p>\n![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer3b.png\")
<\/p>\nRun Automated Web Application Scans<\/h5>\n
To run automated web application scans against a target website, do the following:<\/p>\n
- \n
- Click on any workspace from the Workspace Navigator<\/li>\n
- Scroll down and click “Fuzzer” menu to access the Fuzzer Add-on<\/li>\n
- Enter the starting URL you want to spider in the URL field<\/li>\n
- Select “Nikto”, “Arachni” or “SQLMap” from the “Program” menu<\/li>\n
- Click the “Crawl” checkbox to spider all URL’s<\/li>\n
- Click the “Run” button to begin the scan<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer4.png\")
<\/p>\n![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer4b.png\")
<\/p>\nMisc Usage Notes<\/h4>\n
\nWhen using the Fuzzer Add-on, it’s important to keep the following in mind:<\/p>\n
- \n
- Only the URL field OR the URL List field can be selected at one time. If URL List does not equal “NA”, the URL List will be used by default.<\/li>\n
- To fuzz all web hosts in a workspace, you can select the ‘webhosts-sorted.txt’ file in the URL List drop down menu.<\/li>\n
- To specify extensions to scan for, use ext, ext2, ext3 for Gobuster and Dirsearch. For FFuf, use .ext, .ext2, .ext3<\/li>\n
- The “Autotune” option only applies to Gobuster and FFuf. This will auto filter results based on heuristics.<\/li>\n
- The “Crawl” option only applies to both SQLMap and Arachni to increase the crawl\/spider limits.<\/li>\n
- All output from all tools is stored under \/usr\/share\/sniper\/loot\/workspace\/<WORKSPACE>\/web\/. There is also a link within the fuzzer addon for convenience.<\/li>\n
- HTML reports are produced for both Arachni and FFuf scans.<\/li>\n
- Use the built-in URL Lists to automatically select URL lists based on previous scans. You can also add .txt files to your \/usr\/share\/sniper\/loot\/workspace\/<WORKSPACE>\/web\/ directory to automatically import them.<\/li>\n
- You can also use the “FUZZ” keyword in the URL field when using FFuf to select a specific location to begin fuzzing (ie. https:\/\/target.com\/url.php?file=FUZZ).<\/li>\n<\/ul>\n
Back to Main Documentation<\/a><\/h4>\n","protected":false},"excerpt":{"rendered":"
Automatically fuzz for OWASP TOP 10 vulnerabilities and discover hidden content easily with the new Sn1per Professional Fuzzer Add-on! Features Automatically fuzz dynamic […]<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"footnotes":""},"class_list":["post-15264","page","type-page","status-publish","hentry"],"aioseo_notices":[],"jetpack_shortlink":"https:\/\/wp.me\/PdnW96-3Yc","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":17839,"url":"https:\/\/sn1persecurity.com\/wordpress\/add-ons\/","url_meta":{"origin":15264,"position":0},"title":"Sn1per Modules","author":"xer0dayz","date":"April 1, 2022","format":false,"excerpt":"[vc_row][vc_column width=\"1\/4\"][vc_single_image image=\"16636\" img_size=\"200x100\" alignment=\"center\" onclick=\"custom_link\" img_link_target=\"_blank\" css=\".vc_custom_1648947685813{padding-top: 25px !important;}\" link=\"https:\/\/sn1persecurity.com\/wordpress\/product\/command-execution-add-on-v2\/\"][\/vc_column][vc_column width=\"3\/4\"][vc_column_text] Command Execution Module Easily manage Sn1per Professional instances from the web interface without ever touching the command line. Find out more. [\/vc_column_text][vc_separator][\/vc_column][\/vc_row][vc_row][vc_column width=\"1\/4\"][vc_single_image image=\"16497\" img_size=\"200x100\" alignment=\"center\" onclick=\"custom_link\" img_link_target=\"_blank\" css=\".vc_custom_1648947827793{padding-top: 25px !important;}\" link=\"https:\/\/sn1persecurity.com\/wordpress\/product\/masspwn-add-on-v1-0\/\"][\/vc_column][vc_column width=\"1\/4\"][vc_column_text] MassPwn Module Pop shells and\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":15174,"url":"https:\/\/sn1persecurity.com\/wordpress\/command-execution-add-on-v2-0-documentation\/","url_meta":{"origin":15264,"position":1},"title":"Command Execution Add-on v2.0 Documentation","author":"xer0dayz","date":"March 2, 2021","format":false,"excerpt":"The Command Execution Add-on v2.0 lets you easily manage your Sn1per Professional instance from a web interface without ever touching the command line. Help Topics Single Target Scan Multi-Target Scan Subnet Scan Custom Target Scan Mass URL Scan Importing URL's Single Target Scan To scan a single target from scratch\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/04\/Sn1per-Professional-v9.0-single-target-scan3.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/04\/Sn1per-Professional-v9.0-single-target-scan3.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/04\/Sn1per-Professional-v9.0-single-target-scan3.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/04\/Sn1per-Professional-v9.0-single-target-scan3.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/04\/Sn1per-Professional-v9.0-single-target-scan3.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/04\/Sn1per-Professional-v9.0-single-target-scan3.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":17887,"url":"https:\/\/sn1persecurity.com\/wordpress\/integrations\/","url_meta":{"origin":15264,"position":2},"title":"Sn1per Integrations","author":"xer0dayz","date":"April 4, 2022","format":false,"excerpt":"[vc_row][vc_column][vc_tta_accordion style=\"modern\" color=\"black\" active_section=\"0\" collapsible_all=\"true\"][vc_tta_section title=\"Nessus\" tab_id=\"1649081552603-7b783b8b-6df1\"][vc_column_text]Scan for the latest vulnerabilities using Nessus and import detailed vulnerability data and reports into Sn1per Professional. Find out more[\/vc_column_text][\/vc_tta_section][vc_tta_section title=\"OpenVAS\/GVM\" tab_id=\"1649081552603-d65d7c3f-749b\"][vc_column_text]Scan for the latest vulnerabilities using OpenVAS\/GVM 21.x and import detailed vulnerability reports and data into Sn1per Professional. Find out more[\/vc_column_text][\/vc_tta_section][vc_tta_section title=\"Burpsuite Professional\"\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/09\/Sn1per-Professional-Elite-Bundle-White.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/09\/Sn1per-Professional-Elite-Bundle-White.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/09\/Sn1per-Professional-Elite-Bundle-White.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/09\/Sn1per-Professional-Elite-Bundle-White.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/09\/Sn1per-Professional-Elite-Bundle-White.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/09\/Sn1per-Professional-Elite-Bundle-White.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":19930,"url":"https:\/\/sn1persecurity.com\/wordpress\/home\/overview\/","url_meta":{"origin":15264,"position":3},"title":"Overview","author":"xer0dayz","date":"September 12, 2022","format":false,"excerpt":"[vc_row][vc_column][vc_column_text] The ultimate pentesting toolkit. Integrate with the leading commercial and open source security scanners to check for the latest CVEs and vulnerabilities in your environment. [\/vc_column_text][vc_row_inner][vc_column_inner][vc_empty_space height=\"60px\"][\/vc_column_inner][vc_column_inner][vc_column_text] Automate the most powerful tools. Security tools are expensive and time-consuming, but with Sn1per, you can save time by automating the execution\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":15285,"url":"https:\/\/sn1persecurity.com\/wordpress\/brute-force-add-on-v1-0-documentation\/","url_meta":{"origin":15264,"position":4},"title":"Brute Force Add-on v1.0 Documentation","author":"xer0dayz","date":"March 13, 2021","format":false,"excerpt":"Check for default and weak credentials across all hosts in your workspace instantly! Features Check for default and weak credentials in a target environment. Single & built-in multi target selections. Customized wordlist selections for usernames and passwords. Automatic brute forcing of all services via BruteX. Reporting of all output via\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-brute-force2b.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-brute-force2b.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-brute-force2b.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-brute-force2b.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-brute-force2b.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-brute-force2b.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":34090,"url":"https:\/\/sn1persecurity.com\/wordpress\/documentation\/owasp-zap-integration\/","url_meta":{"origin":15264,"position":5},"title":"OWASP ZAP Integration","author":"xer0dayz","date":"September 24, 2024","format":false,"excerpt":"Setup In order to setup OWASP ZAP integration, you will need to have ZAP running on the same host as Sn1per and the http\/https proxy listening on port 8081\/tcp. In addition, you will need to enable the ZAP API service and disable the API key. Next, update the following values\u2026","rel":"","context":"Similar post","block_context":{"text":"Similar post","link":""},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/pages\/15264","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/comments?post=15264"}],"version-history":[{"count":11,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/pages\/15264\/revisions"}],"predecessor-version":[{"id":33731,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/pages\/15264\/revisions\/33731"}],"wp:attachment":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media?parent=15264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}