{"id":21178,"date":"2023-01-02T10:00:27","date_gmt":"2023-01-02T17:00:27","guid":{"rendered":"https:\/\/sn1persecurity.com\/wordpress\/?p=21178"},"modified":"2023-01-02T10:00:27","modified_gmt":"2023-01-02T17:00:27","slug":"sn1per-scan-engine-v10-3-released","status":"publish","type":"post","link":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-3-released\/","title":{"rendered":"Sn1per Scan Engine v10.3 Released!"},"content":{"rendered":"
Sn1per SE (Scan Engine) v10.3 <\/strong>is now available with a ton of new features and improvements. This update is part of the Sn1per SE<\/strong> development branch which is available to Sn1per Professional v10.0<\/a> and Sn1per Enterprise<\/a> customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if you use the Community Edition available on Github<\/a>, you will need to purchase a Sn1per Professional v10.0<\/a> license to download and receive updates.<\/div>\n

<\/p>\n

\n

New Vulnerability Templates<\/h4>\n

46 custom\/private OWASP fuzzer templates were added in Sn1per v10.3 to dynamically fuzz all URL’s or SQLi, XSS, RCE, etc. This has added a ton of new scanning capabilities for improved vulnerability detection. 2 new custom static templates were also added detect sensitive and interesting data across all URL’s discovered as well, giving customers an advantage at finding more interesting vulnerabilities and disclosures.<\/p>\n

Going forward, the Nuclei scanner will run in 4 stages listed below:<\/div>\n
    \n
  1. Scan for web server vulnerabilities<\/li>\n
  2. Scan all dynamic URL’s for OWASP vulnerabilities (ie. SQLi, XSS, Traversal, etc.)<\/li>\n
  3. Statically scan all URL’s discovered for interesting and sensitive data<\/li>\n
  4. Statically scan all JavaScript URL’s for DOM XSS and sensitive data<\/li>\n<\/ol>\n

    This will vastly improve Sn1per’s ability to detect dynamic vulnerabilities such as Cross-Site Scripting (XSS), SQL injection, etc. across all URLs discovered.<\/p>\n

    \"sn1per-dynamic-vulnerabilities1\"<\/a><\/p>\n

    \"sn1per-static-vulnerabilities1\"<\/a>
    Sn1per Vulnerability Scans<\/figcaption><\/figure>\n

    New Features<\/h4>\n

    SMTP integration and email notifications<\/strong> were added<\/strong> to Sn1per v10.3. Similar to Sn1per’s current Slack integration, SMTP notifications will allow customers to set their SMTP server and notification preferences to receive a full text-based notification when certain events are triggered. The event types are list below for reference:<\/p>\n

      \n
    1. New domains<\/li>\n
    2. New sub-domain takeovers<\/li>\n
    3. New vulnerabilities<\/li>\n<\/ol>\n

      To setup SMTP notifications, a valid SMTP server will already need to be established and working and the following will need to be set in either your Sn1per configuration file or \/root\/.sniper_api_keys.conf:<\/p>\n

      ##-------------------------------------------------------## SMTP SETTINGS\r\nSMTP_ALERTS_EMAIL_FROM=\"youremail@yourdomain.com\"\r\nSMTP_ALERTS_EMAIL_TO=\"destination_email@domain.com\"\r\nSMTP_ALERTS_NEW_DOMAINS=\"1\"\r\nSMTP_ALERTS_TAKEOVERS=\"1\"\r\nSMTP_ALERTS_VULNERABILITIES=\"1\" # ONLY ALERTS ON > INFO VULNS\r\n<\/pre>\n
      \"sn1per-smtp-alerts1\"<\/a><\/p>\n
      \"sn1per-smtp-alerts2\"<\/a>
      Sn1per SMTP Alerts<\/figcaption><\/figure>\n
      Hidden web content discovery was also greatly enhanced<\/strong> in Sn1per v10.3 with the use of FFuF and a new and improved (private\/custom) wordlist, yielding faster, more accurate results.<\/p>\n
      A new tool named “RequestX<\/strong>” (private) was added to validate all URL’s discovered, and “uro<\/strong><\/a>” was added to reduce the number of URL’s and only show unique endpoints. Wget<\/strong> was also added to replace BlackWidow for active web spidering.<\/p>\n
      Fixes<\/h4>\n
      A number of new fixes were also added to Sn1per v10.3 to ensure comparability with the latest tools and releases. These include updates to OpenVAS\/GVM, Burpsuite Professional and Nuclei to name a few.<\/p>\n
      For a full change log, please see below.<\/p>\n
      Changelog<\/h4>\n
      # NEW TEMPLATES
      \n* v10.3 – Added 46 custom\/private OWASP fuzzer templates for Nuclei to dynamically fuzz for SQLi, XSS, RCE, etc.
      \n* v10.3 – Added 2 custom\/private static Nuclei templates to detect sensitive and interesting data
      \n* v10.3 – Added Apache Spark UI – Command Injection – CVE-2022-33891
      \n* v10.3 – Added Salesforce Login Portal detection
      \n* v10.3 – Added sc0pe template for Forbidden 403 bypass confirmation<\/p>\n
      # NEW FEATURES
      \n* v10.3 – Added SMTP\/email notifications and alerts
      \n* v10.3 – Added Nuclei dynamic URL fuzzer to replace InjectX tool using custom\/private templates
      \n* v10.3 – Added Nuclei static URL scanner for interesting\/sensitive data using custom\/private templates
      \n* v10.3 – Added auto Nuclei AI network scan when non-web ports are found
      \n* v10.3 – Switched default hidden content discovery tool to FFuF
      \n* v10.3 – Updated web brute force wordlist and options for improved accuracy and greater results
      \n* v10.3 – Added new “combined-url” list to combine both validated URL’s and also hidden\/discovered URL’s into a single file (urls-combined-$TARGET.txt)
      \n* v10.3 – Updated default SSH NMap scripts to exclude brute forcing
      \n* v10.3 – Added port 8009 AJP exploitation and NMap scripts
      \n* v10.3 – Added new streamlined install script<\/p>\n
      # NEW TOOLS
      \n* v10.2 – Added RequestX tool (credit: @xer0dayz) to validate URL’s
      \n* v10.3 – Added uro tool https:\/\/github.com\/s0md3v\/uro
      \n* v10.3 – Added wget spider function to replace BlackWidow tool<\/p>\n
      # FIXES
      \n* v10.3 – Fixed issue with GVM socket integration issue
      \n* v10.3 – Fixed xargs unneeded arguments
      \n* v10.3 – Updated\/added support for Burpsuite Pro 2022.9.5
      \n* v10.3 – Updated Commoncrawl passive URL DB<\/p>\n<\/div>\n
      \n
      Update Instructions<\/h4>\n
      To update to Sn1per v10.3, customers can run the ‘sniper -u<\/strong>‘ command from the command line or use the ‘Update<\/strong>‘ function from the Command Execution module<\/a>.<\/p>\n<\/div>\n
      \r\n\r\n<\/span>\r\nFacebook<\/span>\r\n\r\n15<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nTwitter<\/span>\r\n\r\n4<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nReddit<\/span>\r\n\r\n1<\/span>\r\n\r\n<\/a>\r\n\r\n\r\n\r\n<\/span>\r\nLinkedin<\/span>\r\n\r\n2<\/span>\r\n\r\n<\/a>\r\n\r\n<\/i><\/span><\/a>
      X<\/span>\r\n\r\n<\/span>\r\nEmail<\/span>\r\n1<\/span>\t\t\t\t\r\n\r\n<\/a>\r\n<\/div><\/div><\/div>","protected":false},"excerpt":{"rendered":"
      Sn1per SE (Scan Engine) v10.3 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to\u2026<\/p>\n","protected":false},"author":1,"featured_media":21201,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"jetpack_post_was_ever_published":false,"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[184],"tags":[332,180,173,41,270,322,116,259,38,247,269,37,285,181,171,118,312],"class_list":["post-21178","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news","tag-332","tag-attack","tag-automated","tag-bugbounty","tag-engine","tag-enterprise","tag-hacking","tag-management","tag-professional","tag-scan","tag-se","tag-sn1per","tag-sn1persecurity","tag-surface","tag-tool","tag-tools","tag-v10-0"],"aioseo_notices":[],"jetpack_featured_media_url":"https:\/\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/12\/Sn1per-SE-v10.3-Update.png","jetpack_shortlink":"https:\/\/wp.me\/pdnW96-5vA","jetpack_likes_enabled":true,"jetpack_sharing_enabled":true,"jetpack-related-posts":[{"id":22072,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-4-released\/","url_meta":{"origin":21178,"position":0},"title":"Sn1per Scan Engine v10.4 Released!","author":"xer0dayz","date":"April 10, 2023","format":false,"excerpt":"Sn1per SE (Scan Engine) v10.4 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per SE v10.4 Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/04\/Sn1per-SE-v10.4-Update-2.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":29138,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-6-released\/","url_meta":{"origin":21178,"position":1},"title":"Sn1per Scan Engine v10.6 Released!","author":"xer0dayz","date":"May 28, 2024","format":false,"excerpt":"Sn1per SE (Scan Engine) v10.6 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or if\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per SE Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":18011,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-professional-v10-1-se-update-released\/","url_meta":{"origin":21178,"position":2},"title":"Sn1per Professional v10.1 SE Update Released!","author":"xer0dayz","date":"April 19, 2022","format":false,"excerpt":"Sn1per Professional v10.1 Scan Engine (SE) update is now available for Sn1per Professional v10.0 customers with a ton of new features and improvements. This update is part of the Sn1per Professional SE development branch which is exclusively available only to Sn1per Professional v10.0 customers. If you are a previous customer\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/04\/Sn1per-Professional-v10.1-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":26428,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-5-released\/","url_meta":{"origin":21178,"position":3},"title":"Sn1per Scan Engine v10.5 Released!","author":"xer0dayz","date":"January 1, 2024","format":false,"excerpt":"Sn1per SE (Scan Engine) v10.5 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per SE Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2023\/12\/Sn1per-SE-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":19102,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-scan-engine-v10-2-update\/","url_meta":{"origin":21178,"position":4},"title":"Sn1per Scan Engine v10.2 Released!","author":"xer0dayz","date":"July 20, 2022","format":false,"excerpt":"Sn1per SE (Scan Engine) v10.2 is now available with a ton of new features and improvements. This update is part of the Sn1per SE development branch which is available to Sn1per Professional v10.0 and Sn1per Enterprise customers. If you are a previous customer (ie. Sn1per Professional v9.0 or less) or\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1per SE v10.2 Update","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2022\/07\/Sn1per-SE-v10.2-Update.png?resize=1400%2C800&ssl=1 4x"},"classes":[]},{"id":17329,"url":"https:\/\/sn1persecurity.com\/wordpress\/sn1per-professional-v10-released\/","url_meta":{"origin":21178,"position":5},"title":"Sn1per Professional v10.0 Released","author":"xer0dayz","date":"February 1, 2022","format":false,"excerpt":"After months of hard work and development, we are pleased to announce the release of Sn1per Professional v10.0. This is a major release with many fixes, improvements and new features to help customers get the most value using Sn1per. Starting with v10.0, customers will have have 3 new pricing plans\u2026","rel":"","context":"In "News"","block_context":{"text":"News","link":"https:\/\/sn1persecurity.com\/wordpress\/category\/news\/"},"img":{"alt_text":"Sn1perSecurity-Attack-Surface-Management-header2","src":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=350%2C200&ssl=1","width":350,"height":200,"srcset":"https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=350%2C200&ssl=1 1x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=525%2C300&ssl=1 1.5x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=700%2C400&ssl=1 2x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=1050%2C600&ssl=1 3x, https:\/\/i0.wp.com\/sn1persecurity.com\/wordpress\/wp-content\/uploads\/2021\/10\/Sn1perSecurity-Attack-Surface-Management-header2.png?resize=1400%2C800&ssl=1 4x"},"classes":[]}],"_links":{"self":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/21178","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/comments?post=21178"}],"version-history":[{"count":11,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/21178\/revisions"}],"predecessor-version":[{"id":21330,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/posts\/21178\/revisions\/21330"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media\/21201"}],"wp:attachment":[{"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/media?parent=21178"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/categories?post=21178"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sn1persecurity.com\/wordpress\/wp-json\/wp\/v2\/tags?post=21178"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}