\n
- \n
- Automatically fuzz dynamic URL\u2019s for OWASP TOP 10 vulnerabilities.<\/li>\n
- Discover hidden content in a target environment.<\/li>\n
- Spider all URL\u2019s within a target environment.<\/li>\n
- Single & built-in multi target selections.<\/li>\n
- Customized wordlist selections and options via the GUI.<\/li>\n
- HTML and text based reports for all tools (ie. Black Widow, InjectX, SQLMap, Arachni, FFuf, Dirsearch, Gobuster)<\/li>\n
- Reporting of all output via the Command Execution Add-on<\/a>.<\/li>\n<\/ul>\n
Adding Custom Wordlists<\/h4>\n
\nTo add custom wordlists, add any .txt files to the following directory:<\/p>\n
\/usr\/share\/sniper\/wordlists\/custom\/*.txt<\/pre>\n
Usage<\/h4>\n
\nDiscover Hidden Content<\/h5>\n
To fuzz a specific URL to discover hidden files and folders, do the following:<\/p>\n
- \n
- Click on any workspace from the Workspace Navigator<\/li>\n
- Scroll down and click “Fuzzer” menu to access the Fuzzer Add-on<\/li>\n
- Enter the starting URL you want to brute force in the URL field<\/li>\n
- Select a wordlist to use from the “Wordlist” menu<\/li>\n
- Select a program to use (ie. Gobuster, Dirsearch, Ffuf)<\/li>\n
- Click the “Run” button to begin the scan<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer1.png\")
<\/p>\n![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer1b.png\")
<\/p>\nCrawl\/Spider All URL’s<\/h5>\n
To crawl\/spider a website to discover all URL’s, do the following:<\/p>\n
- \n
- Click on any workspace from the Workspace Navigator<\/li>\n
- Scroll down and click “Fuzzer” menu to access the Fuzzer Add-on<\/li>\n
- Enter the starting URL you want to spider in the URL field<\/li>\n
- Select “BlackWidow” from the “Program” menu<\/li>\n
- Click the “Run” button to begin the scan<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer2.png\")
<\/p>\n![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer2b.png\")
<\/p>\nFuzz All Dynamic URL’s for OWASP Top 10 Vulnerabilities<\/h5>\n
To fuzz all dynamic URL’s for OWASP Top 10 vulnerabilities, do the following:<\/p>\n
- \n
- Click on any workspace from the Workspace Navigator<\/li>\n
- Scroll down and click “Fuzzer” menu to access the Fuzzer Add-on<\/li>\n
- Select a URL list to fuzz from the “URL List” menu (ie. target.com_port-dynamic-sorted.txt)<\/li>\n
- Select “InjectX” from the “Program” menu<\/li>\n
- Click the “Run” button to begin the scan<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer3.png\")
<\/p>\n![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer3b.png\")
<\/p>\nRun Automated Web Application Scans<\/h5>\n
To run automated web application scans against a target website, do the following:<\/p>\n
- \n
- Click on any workspace from the Workspace Navigator<\/li>\n
- Scroll down and click “Fuzzer” menu to access the Fuzzer Add-on<\/li>\n
- Enter the starting URL you want to spider in the URL field<\/li>\n
- Select “Nikto”, “Arachni” or “SQLMap” from the “Program” menu<\/li>\n
- Click the “Crawl” checkbox to spider all URL’s<\/li>\n
- Click the “Run” button to begin the scan<\/li>\n<\/ol>\n
![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer4.png\")
<\/p>\n![\"\"](\"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/03\/Sn1per-Professional-v9.0-fuzzer4b.png\")
<\/p>\nMisc Usage Notes<\/h4>\n
\nWhen using the Fuzzer Add-on, it’s important to keep the following in mind:<\/p>\n
- \n
- Only the URL field OR the URL List field can be selected at one time. If URL List does not equal “NA”, the URL List will be used by default.<\/li>\n
- To fuzz all web hosts in a workspace, you can select the ‘webhosts-sorted.txt’ file in the URL List drop down menu.<\/li>\n
- To specify extensions to scan for, use ext, ext2, ext3 for Gobuster and Dirsearch. For FFuf, use .ext, .ext2, .ext3<\/li>\n
- The “Autotune” option only applies to Gobuster and FFuf. This will auto filter results based on heuristics.<\/li>\n
- The “Crawl” option only applies to both SQLMap and Arachni to increase the crawl\/spider limits.<\/li>\n
- All output from all tools is stored under \/usr\/share\/sniper\/loot\/workspace\/<WORKSPACE>\/web\/. There is also a link within the fuzzer addon for convenience.<\/li>\n
- HTML reports are produced for both Arachni and FFuf scans.<\/li>\n
- Use the built-in URL Lists to automatically select URL lists based on previous scans. You can also add .txt files to your \/usr\/share\/sniper\/loot\/workspace\/<WORKSPACE>\/web\/ directory to automatically import them.<\/li>\n
- You can also use the “FUZZ” keyword in the URL field when using FFuf to select a specific location to begin fuzzing (ie. https:\/\/target.com\/url.php?file=FUZZ).<\/li>\n<\/ul>\n
Back to Main Documentation<\/a><\/h4>\n","protected":false},"excerpt":{"rendered":"
Automatically fuzz for OWASP TOP 10 vulnerabilities and discover hidden content easily with the new Sn1per Professional Fuzzer Add-on! Features Automatically fuzz dynamic URL\u2019s for OWASP TOP 10 vulnerabilities. Discover\u2026<\/p>\n","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"class_list":["post-15264","page","type-page","status-publish","hentry"],"aioseo_notices":[],"aioseo_head":"\n\t\t\n\t\n\t\n\t\n\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t\n\t\t