Sn1per
security
Our great sponsors
Sn1per | security | |
---|---|---|
5 | 2 | |
7,501 | 73 | |
- | - | |
6.1 | 0.0 | |
17 days ago | over 1 year ago | |
Shell | Shell | |
GNU General Public License v3.0 or later | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
Sn1per
-
Surface management tools
For now the best tool I have found is this one: https://github.com/1N3/Sn1per
-
somone please help me improving my log file nom Parser code?
Starting PostgreSQL 13 database server: main. [94m[*][0m Loaded configuration file from /usr/share/sniper/sniper.conf [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Loaded configuration file from /root/.sniper.conf [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Saving loot to /usr/share/sniper/loot/workspace/nosva [94m[[0m[92mOK[0m[94m][0m [94m[*][0m Scanning 192.158.1.38 [94m[[0m[92mOK[0m[94m][0m [91m ____ [0m [91m _________ / _/___ ___ _____[0m [91m / ___/ __ \ / // __ \/ _ \/ ___/[0m [91m (__ ) / / // // /_/ / __/ / [0m [91m /____/_/ /_/___/ .___/\___/_/ [0m [91m /_/ [0m [93m + -- --=[ https://sn1persecurity.com[0m [93m + -- --=[ Sn1per v9.0 by u/xer0dayz[0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m RUNNING SC0PE WEB VULNERABILITY SCAN [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• P5 - INFO, CSP Not Enforced, http://192.158.1.38/, P2 - HIGH, Clear-Text Protocol - HTTP, http://192.158.1.38/, HTTP/1.1 200 OK P4 - LOW, Clickjacking HTTP, http://192.158.1.38/, P5 - INFO, CSP Not Enforced, https://192.158.1.38:443/, [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m RUNNING SC0PE NETWORK VULNERABILITY SCAN [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• P5 - INFO, Interesting Ports Found, 192.158.1.38, 21 8080 9090 7070 [92m====================================================================================[0 m•x[92m[2022-08-22](15:56)[0mx• ==================================================================================== •?((¯°·..• Sc0pe Vulnerability Report by u/xer0dayz •._.·°¯))؟• ==================================================================================== Critical: 0 High: 1 Medium: 0 Low: 1 Info: 2 Score: 8 ==================================================================================== P2 - HIGH, Clear-Text Protocol - HTTP, http://192.158.1.38:80/, HTTP/1.1 200 OK P4 - LOW, Clickjacking HTTP, http://192.158.1.38:80/, P5 - INFO, CSP Not Enforced, http://192.158.1.38:80/, P5 - INFO, CSP Not Enforced, https://192.158.1.38:443/, ==================================================================================== [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx• [91m SCAN COMPLETE! [0m [92m====================================================================================[0m•x[92m[2022-08-22](15:56)[0mx•
-
Are there any good automated attack tools besides Pentera?
Sn1per https://github.com/1N3/Sn1per
-
Tools for github recon?
Sniper All-in-one Pentesting tool
-
WebMap : A Python tool used to automate the execution of the following tools : Nmap , Nikto and Dirsearch but also to automate the report generation during a Web Penetration Testing
This is awesome you have made your own tool a feat I have yet to do. If you are looking for pen-test automation you should check out Sn1per I love this tool.
security
-
https://securityledger.com/2021/04/deere-john-researcher-warns-ag-giants-site-provides-a-map-to-customers-equipment/
The researcher known as “Sick Codes” (@sickcodes) published two advisories on Thursday warning about the flaws in the myjohndeere.com web site and the John Deere Operations Center web site and mobile applications. In a conversation with Security Ledger, the researcher said that a he was able to use VINs (vehicle identification numbers) taken from a farm equipment auction site to identify the name and physical address of the owner. Furthermore, a flaw in the myjohndeere.com website could allow an unauthenticated user to carry out automated attacks against the site, possibly revealing all the user accounts for that site.
-
Finding a Vulnerability in Teamwork Cloud Server (NoMagic, 3DS), Which Is Used By Gov/Enterprise to Design Rockets, Missiles, and Satellites.
fix the critical file permissions as per NoMagic's updated instructions at the bottom of the article, or here: https://github.com/sickcodes/security/blob/master/advisories/SICK-2020-002.md
What are some alternatives?
rengine - reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.
EDR-Testing-Script - Test the accuracy of Endpoint Detection and Response (EDR) software with simple script which executes various ATT&CK/LOLBAS/Invoke-CradleCrafter/Invoke-DOSfuscation payloads
reconftw - reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities
sbt-dependency-check - SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). :rainbow:
Vulnnr - Vulnnr - Vulnerability Scanner And Mass Exploiter, created for pentesting.
atomic-red-team - Small and highly portable detection tests based on MITRE's ATT&CK.
nuclei-templates - Community curated list of templates for the nuclei engine to find security vulnerabilities.
MultiBUGS - Multi-core BUGS for fast Bayesian inference of large hierarchical models
GhostRecon - Popular OSINT framework. Works fine with kali linux and other Debian-based systems. Coded this as a teen, so not really reliable for real researches.
LazyRecon - An automated approach to performing recon for bug bounty hunting and penetration testing.
ReverseAPK - Quickly analyze and reverse engineer Android packages
Sudomy - Sudomy is a subdomain enumeration tool to collect subdomains and analyzing domains performing automated reconnaissance (recon) for bug hunting / pentesting