{"id":15137,"date":"2021-02-24T13:39:57","date_gmt":"2021-02-24T20:39:57","guid":{"rendered":"https:\/\/xerosecurity.com\/wordpress\/?p=15137"},"modified":"2021-09-30T18:40:31","modified_gmt":"2021-10-01T01:40:31","slug":"sn1per-professional-v9-1-se-update-released","status":"publish","type":"post","link":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-professional-v9-1-se-update-released\/","title":{"rendered":"Sn1per Professional v9.1 SE Update Released!"},"content":{"rendered":"
Sn1per Professional v9.1 Scan Engine (SE)<\/strong> update is now available for Sn1per Professional v9.0<\/a> customers with a ton of new features and improvements! This update will start the beginning of a new private development branch (Sn1per Professional SE<\/strong>) which will be exclusively available only to Sn1per Professional v9.0<\/a> customers. If you are a previous customer (ie. Sn1per Professional v8.0 or less) or if you use the Community Edition available on Github<\/a>, you will need to purchase a Sn1per Professional v9.0<\/a> license to download and receive future scan engine updates and technical support.<\/div>\n
<\/div>\n

<\/p>\n

Auto-Target Mode Selection<\/h4>\n
New in Sn1per v9.1 is our new auto-target mode selection. With this feature, it is now possible to input multiple types of target input (ie. subnets, URL’s, domains and IP’s) and Sn1per will automatically select the appropriate scan mode best suited for the target (ie. subnets will automatically be scanned with ‘discover’ mode. URL’s will be scanned with ‘web’ mode, etc.). You can also enter multiple subnets, URL’s, domains or IP’s in-line using the Sn1per Professional Multi-Target Scan Target List<\/strong> box and let Sn1per do the rest!<\/div>\n
<\/div>\n
\"\"<\/a><\/div>\n
<\/div>\n

Burpsuite Professional Vulnerability Parser<\/h4>\n

Another major improvement in v9.1 is a new sc0pe parser for Burpsuite Professional. This will allow customers to automatically import all Burpsuite Professional vulnerabilities from new and previous scans directly into the Sn1per Professional v9.0 for improved vulnerability analytics and reporting.<\/p>\n

<\/div>\n
\n
\"Sn1per<\/a>

Sn1per v9.1 Burpsuite Parser<\/p><\/div>\n<\/div>\n

<\/div>\n

Testing for HTTP 403 Forbidden Bypasses<\/h4>\n

A new tool called “DirDar<\/a>” was added to help in testing for HTTP 403 “Forbidden” bypasses using a number of common techniques (ie. altering HTTP headers, appending common character sequences to the URL, etc.). DirDar<\/a> comes enabled by default for all Sn1per ‘web’ based modes and can be disabled within the sniper.conf file by setting the “DIRDAR” variable to “0”.<\/p>\n

\"\"<\/a><\/div>\n
<\/div>\n

Verbose Scan Notifications for Disabled Conf Options<\/h4>\n

In prior versions of Sn1per, it hasn’t been easy to tell which options are enabled or disabled when running scans. With Sn1per SE v9.1, customers will now see scan notifications with the exact setting name and a short message indicating that the setting is disabled in the current config.<\/p>\n

URLScan.io Cached URL Retrieval<\/h4>\n

We added urlscan.io cached URL retrieval to automatically list all URL’s for the target website. This comes as yet another way to retrieve known URL’s from a target website which may lead to some interesting vulnerabilities being discovered. This will come enabled by default for all ‘web’ mode scans and can be enabled or disabled via the “URLSCANIO” setting.<\/p>\n

Scanning For Sensitive Secrets In JavaScript Files<\/h4>\n

SecretFinder<\/a> was also added in v9.1 to automatically scan all retrieved JavaScript (.js) files from a target website for sensitive data (ie. usernames, passwords, keys, etc.). This will come enabled by default for all ‘web’ mode scans and can be enabled or disabled via the “WEB_JAVASCRIPT_ANALYSIS” setting.<\/p>\n

\"Sn1per<\/a>

Sn1per v9.1 Sensitive Secrets<\/p><\/div>\n

Screenshots on No X GUI Installations (Docker\/VPS)<\/h4>\n

As some may have noticed, there has been some graphic limitations with running Sn1per on installations with no X based GUI running (typically Docker and VPS installations). As a result, most common methods for retrieving web screenshots don’t work since they typically rely on running a headless web browser. After lots of research and testing, a solution was found to capture screenshots on these types of installations which can be enabled in the sniper.conf file by setting the “NO_X_GUI” setting to “1”.<\/p>\n

CVE-2021-21972 – VMware vCenter Unauthorized RCE<\/h4>\n

In case you missed it, a critical Remote Code Execution (RCE) vulnerability in VMWare vCenter was recently disclosed<\/a> which allows remote attackers to execute malicious code on both Windows and Linux based systems running vCenter client. To assist customers, we added a new sc0pe template to automatically detect this vulnerability and alert you.<\/p>\n

Differential Updates<\/h4>\n

In the past, typical Sn1per updates would involve re-installing and re-downloading ALL included programs, scripts and dependencies which could take some time depending on your bandwidth. With Sn1per Professional SE v9.1 onward, we will now be including differential updates to selectively update only the new additions and updated code to ease bandwidth and update times.<\/p>\n

Full Changelog<\/h4>\n
CHANGELOG:<\/strong><\/div>\n
* v9.1 – Added CVE-2021-21972 – VMware vCenter Unauthorized RCE sc0pe template<\/div>\n
* v9.1 – Differential updates for new Sn1per SE development branch<\/div>\n
* v9.1 – Added Burpsuite Professional sc0pe parser
* v9.1 – Added DirDar tool to detect 403 errors and attempt bypass
\n* v9.1 – Added Static Analysis – Sensitive Information Disclosure sc0pe template
\n* v9.1 – Added SecretFinder static analysis tool<\/div>\n
* v9.1 – Added urlscan.io cached URL retrieval
\n* v9.1 – Added xvfb screenshot tool for no X gui installations (see sniper.conf to enable)<\/div>\n
* v9.1 – Added verbose scan notifications for disabled conf options
* v9.1 – Added FFuf URL fuzzer to install.sh for Fuzzer Add-on dependency
\n* v9.1 – Added HTML reporting for webscan mode
\n* v9.1 – Fixed issue with carriage returns in conf
\n* v9.1 – Fixed issue with DNS resolution in ‘discover’ mode scans causing duplicate hosts
\n* v9.1 – Fixed issue with bruteforce running automatically due to changes in conf file
\n* v9.1 – Sanitized XSS payloads in spidered URL lists
\n* v9.1 – Updated default aux mode options in default sniper.conf<\/div>\n

Update Instructions<\/h4>\n

If you’re a current Sn1per Professional v9.0 customer, you have two options to upgrading the v9.1:<\/p>\n

    \n
  1. From a ‘root’ terminal, run the ‘sniper -u’ command<\/li>\n
  2. From the Sn1per Professional v9.0 Workspace Navigator, click the “Quick Commands” panel and run the “Update” option<\/li>\n<\/ol>\n

    NOTE:<\/strong> The update to the latest branch is “silent”, so no output will be displayed. To confirm the update was successful, simply run the ‘sniper’ command again or run ‘sniper -u’ to confirm the version was updated to v9.1 after.<\/p>\n

    \"Sn1per<\/a>

    Sn1per Professional Update Panel<\/p><\/div>\n

    <\/div>\n
    <\/div>\n
    \r\n\r\n<\/span>\r\nFacebook<\/span>\r\n\r\n9<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nTwitter<\/span>\r\n\r\n2<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nReddit<\/span>\r\n\r\n1<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nLinkedin<\/span>\r\n\r\n1<\/span>\r\n\r\n<\/a>\r\n\r\n<\/i><\/span><\/a>
    X<\/span>\r\n\r\n<\/span>\r\nEmail<\/span>\r\n1<\/span>\t\t\t\t\r\n\r\n<\/a>\r\n<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"

    Sn1per Professional v9.1 Scan Engine (SE) update is now available for Sn1per Professional v9.0 customers with a ton of new features and improvements! […]<\/p>\n","protected":false},"author":1,"featured_media":16470,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[184],"tags":[271,173,41,270,116,38,247,269,37,285,171,118,254],"class_list":["post-15137","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-271","tag-automated","tag-bugbounty","tag-engine","tag-hacking","tag-professional","tag-scan","tag-se","tag-sn1per","tag-sn1persecurity","tag-tool","tag-tools","tag-v9-0"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/02\/Sn1per-Professional-v9.1-Update4.png","jetpack_shortlink":"https:\/\/wp.me\/pdnW96-3W9","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":15770,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-professional-v9-2-se-update-released\/","url_meta":{"origin":15137,"position":0},"title":"Sn1per Professional v9.2 SE Update Released!","author":"xer0dayz","date":"June 9, 2021","format":false,"excerpt":"Sn1per Professional v9.2 Scan Engine (SE) update is now available for Sn1per Professional v9.0 customers with a ton of new features and improvements! This update is part of the new private development branch (Sn1per Professional SE) which is exclusively available only to Sn1per Professional v9.0 customers. If you are a\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per Professional v9.1 Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/06\/Sn1per-Professional-v9.1-Update3.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/06\/Sn1per-Professional-v9.1-Update3.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/06\/Sn1per-Professional-v9.1-Update3.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/06\/Sn1per-Professional-v9.1-Update3.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/06\/Sn1per-Professional-v9.1-Update3.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/06\/Sn1per-Professional-v9.1-Update3.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":29138,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-6-released\/","url_meta":{"origin":15137,"position":1},"title":"Sn1per Scan Engine v10.6 Released!","author":"xer0dayz","date":"May 28, 2024","format":false,"excerpt":"Sn1per SE (Scan Engine) v10.6 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per SE Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":22072,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-4-released\/","url_meta":{"origin":15137,"position":2},"title":"Sn1per Scan Engine v10.4 Released!","author":"xer0dayz","date":"April 10, 2023","format":false,"excerpt":"Sn1per SE (Scan Engine) v10.4 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per SE v10.4 Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":16007,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-professional-masspwn-add-on-released\/","url_meta":{"origin":15137,"position":3},"title":"Sn1per Professional MassPwn Add-on Released!","author":"xer0dayz","date":"July 13, 2021","format":false,"excerpt":"Leverage the full power of Metasploit with the new \"MassPwn Add-on\" for Sn1per Professional v9.0. Easily customize each Metasploit scan to meet your needs! Automatically update your Sn1per Professional host data and get notifications when a remote host has been compromised or a vulnerability has been discovered. Getting the most\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per Professional MassPwn Add-on","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/07\/Sn1per9MPAdd-onv1c.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/07\/Sn1per9MPAdd-onv1c.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/07\/Sn1per9MPAdd-onv1c.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/07\/Sn1per9MPAdd-onv1c.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":14681,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-professional-v9-0-whats-new\/","url_meta":{"origin":15137,"position":4},"title":"Sn1per Professional v9.0 – What’s New?","author":"xer0dayz","date":"December 22, 2020","format":false,"excerpt":"If you're a new or returning customer, you might be wondering what's new in Sn1per Professional v9.0. In this post, I've highlighted the key features and differences compared to Sn1per Professional v8.0 and below. New Look & Feel One of the first things users will notice when using version 9.0\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per Professional (Pro Bundle)","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2020\/12\/Sn1per-Professional-v9.0Command-Execution-Addon2A.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2020\/12\/Sn1per-Professional-v9.0Command-Execution-Addon2A.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2020\/12\/Sn1per-Professional-v9.0Command-Execution-Addon2A.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2020\/12\/Sn1per-Professional-v9.0Command-Execution-Addon2A.png?resize=700%2C400&ssl=1 2x"},"classes":[]},{"id":18011,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-professional-v10-1-se-update-released\/","url_meta":{"origin":15137,"position":5},"title":"Sn1per Professional v10.1 SE Update Released!","author":"xer0dayz","date":"April 19, 2022","format":false,"excerpt":"Sn1per Professional v10.1 Scan Engine (SE) update is now available for Sn1per Professional v10.0 customers with a ton of new features and improvements. This update is part of the Sn1per Professional SE development branch which is exclusively available only to Sn1per Professional v10.0 customers. If you are a previous customer\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/15137","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/comments?post=15137"}],"version-history":[{"count":16,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/15137\/revisions"}],"predecessor-version":[{"id":16471,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/15137\/revisions\/16471"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media\/16470"}],"wp:attachment":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media?parent=15137"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/categories?post=15137"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/tags?post=15137"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}