Sn1per

[necrose99]

Automated Pentest Recon Scanner: Sn1per https://github.com/1N3/Sn1per

Automated Pentest Recon Scanner

Sn1per is an automated pentest recon scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.

Features:

Automatically collects basic recon (ie. whois, ping, DNS, etc.) Automatically launches Google hacking queries against a target domain Automatically enumerates open ports via NMap port scanning Automatically brute forces sub-domains, gathers DNS info and checks for zone transfers Automatically checks for sub-domain hijacking Automatically runs targeted NMap scripts against open ports Automatically runs targeted Metasploit scan and exploit modules Automatically scans all web applications for common vulnerabilities Automatically brute forces ALL open services Automatically test for anonymous FTP access Automatically runs WPScan, Arachni and Nikto for all web services Automatically enumerates NFS shares Automatically test for anonymous LDAP access Automatically enumerate SSL/TLS ciphers, protocols and vulnerabilities Automatically enumerate SNMP community strings, services and users Automatically list SMB users and shares, check for NULL sessions and exploit MS08-067 Automatically exploit vulnerable JBoss, Java RMI and Tomcat servers Automatically tests for open X11 servers Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds Performs high level enumeration of multiple hosts and subnets Automatically integrates with Metasploit Pro, MSFConsole and Zenmap for reporting Automatically gathers screenshots of all web sites Create individual workspaces to store all scan output

[necrose99]

ebuild for this might also be of use.

[gkroon]

I'm on this because I'm curious and want to practise writing ebuilds, but you should really have a look at all the deps it needs: https://github.com/1N3/Sn1per/blob/master/install.sh

Suffice it to say that this is gonna take a while

[blshkv]

It would be also interesting to know why this framework. There are dozens others as well, for example: https://www.guardicore.com/infectionmonkey/ https://github.com/j3ssie/Osmedeus (in Pentoo) https://github.com/trustedsec/ptf https://github.com/owtf/owtf (in Pentoo) https://github.com/zardus/ctf-tools https://tools.pentestbox.com/ https://github.com/x3omdax/PenBox https://github.com/LionSec/katoolin https://github.com/Aptive/penetration-testing-tools https://github.com/sidaf/homebrew-pentest

[necrose99]

this one now has split to community / commercial

[necrose99]

this has gone Free / semi commercial , just incase a tool dies or one is better at x vs y use cases , good to have a few spares.

[blshkv]

well, the split to a close source (semi commercial) is a slippery slope usually where a free version becomes a demo version slowly. Take burp, faraday and many others.