Attack Surface Management Platform
GitHub Repository: https://github.com/1N3/Sn1per
Sn1per is an automated attack‑surface management and penetration‑testing toolkit that integrates both open‑source and commercial scanners to discover assets, identify CVE exposures, and enumerate vulnerabilities across web, network, and application layers. It supports diverse modes—ranging from stealth, OSINT recon, to full “nuke” scans—providing both speed and depth, with capabilities like brute‑forcing, extensive reporting, scheduling, and API integrations to streamline continuous security assessments
Kali/Ubuntu/Debian/Parrot Linux Install
git clone https://github.com/1N3/Sn1per
cd Sn1per
bash install.sh
Docker Install
1.Run the Docker Compose file
sudo docker compose up
2. Run the container
sudo docker run --privileged -it sn1per-kali-linux /bin/bash
BlackArch-based Sn1per
1. Run the Docker Compose file
sudo docker compose -f docker-compose-blackarch.yml up
2. Run the container
sudo docker run --privileged -it sn1per-blackarch /bin/bash
Usage
[*] NORMAL MODE
sniper -t <TARGET>
[*] NORMAL MODE + OSINT + RECON
sniper -t <TARGET> -o -re
[*] STEALTH MODE + OSINT + RECON
sniper -t <TARGET> -m stealth -o -re
[*] DISCOVER MODE
sniper -t <CIDR> -m discover -w <WORSPACE_ALIAS>
[*] SCAN ONLY SPECIFIC PORT
sniper -t <TARGET> -m port -p <portnum>
[*] FULLPORTONLY SCAN MODE
sniper -t <TARGET> -fp
[*] WEB MODE - PORT 80 + 443 ONLY!
sniper -t <TARGET> -m web
[*] HTTP WEB PORT MODE
sniper -t <TARGET> -m webporthttp -p <port>
[*] HTTPS WEB PORT MODE
sniper -t <TARGET> -m webporthttps -p <port>
[*] HTTP WEBSCAN MODE
sniper -t <TARGET> -m webscan
[*] ENABLE BRUTEFORCE
sniper -t <TARGET> -b
[*] AIRSTRIKE MODE
sniper -f targets.txt -m airstrike
[*] NUKE MODE WITH TARGET LIST, BRUTEFORCE ENABLED, FULLPORTSCAN ENABLED, OSINT ENABLED, RECON ENABLED, WORKSPACE & LOOT ENABLED
sniper -f targets.txt -m nuke -w <WORKSPACE_ALIAS>
[*] MASS PORT SCAN MODE
sniper -f targets.txt -m massportscan
[*] MASS WEB SCAN MODE
sniper -f targets.txt -m massweb
[*] MASS WEBSCAN SCAN MODE
sniper -f targets.txt -m masswebscan
[*] MASS VULN SCAN MODE
sniper -f targets.txt -m massvulnscan
[*] PORT SCAN MODE
sniper -t <TARGET> -m port -p <PORT_NUM>
[*] LIST WORKSPACES
sniper --list
[*] DELETE WORKSPACE
sniper -w <WORKSPACE_ALIAS> -d
[*] DELETE HOST FROM WORKSPACE
sniper -w <WORKSPACE_ALIAS> -t <TARGET> -dh
[*] GET SNIPER SCAN STATUS
sniper --status
[*] LOOT REIMPORT FUNCTION
sniper -w <WORKSPACE_ALIAS> --reimport
[*] LOOT REIMPORTALL FUNCTION
sniper -w <WORKSPACE_ALIAS> --reimportall
[*] LOOT REIMPORT FUNCTION
sniper -w <WORKSPACE_ALIAS> --reload
[*] LOOT EXPORT FUNCTION
sniper -w <WORKSPACE_ALIAS> --export
[*] SCHEDULED SCANS
sniper -w <WORKSPACE_ALIAS> -s daily|weekly|monthly
[*] USE A CUSTOM CONFIG
sniper -c /path/to/sniper.conf -t <TARGET> -w <WORKSPACE_ALIAS>
[*] UPDATE SNIPER
sniper -u|--update
Modes
-
NORMAL: Performs basic scan of targets and open ports using both active and passive checks for optimal performance.
-
STEALTH: Quickly enumerate single targets using mostly non-intrusive scans to avoid WAF/IPS blocking.
-
FLYOVER: Fast multi-threaded high level scans of multiple targets (useful for collecting high level data on many hosts quickly).
-
AIRSTRIKE: Quickly enumerates open ports/services on multiple hosts and performs basic fingerprinting. To use, specify the full location of the file which contains all hosts, IPs that need to be scanned and run ./sn1per /full/path/to/targets.txt airstrike to begin scanning.
-
NUKE: Launch full audit of multiple hosts specified in text file of choice. Usage example: ./sniper /pentest/loot/targets.txt nuke.
-
DISCOVER: Parses all hosts on a subnet/CIDR (ie. 192.168.0.0/16) and initiates a sniper scan against each host. Useful for internal network scans.
-
PORT: Scans a specific port for vulnerabilities. Reporting is not currently available in this mode.
-
FULLPORTONLY: Performs a full detailed port scan and saves results to XML.
-
MASSPORTSCAN: Runs a "fullportonly" scan on multiple targets specified via the "-f" switch.
-
WEB: Adds full automatic web application scans to the results (port 80/tcp & 443/tcp only). Ideal for web applications but may increase scan time significantly.
-
MASSWEB: Runs "web" mode scans on multiple targets specified via the "-f" switch.
-
WEBPORTHTTP: Launches a full HTTP web application scan against a specific host and port.
-
WEBPORTHTTPS: Launches a full HTTPS web application scan against a specific host and port.
-
WEBSCAN: Launches a full HTTP & HTTPS web application scan against via Burpsuite and Arachni.
-
MASSWEBSCAN: Runs "webscan" mode scans of multiple targets specified via the "-f" switch.
-
VULNSCAN: Launches a OpenVAS vulnerability scan.
-
MASSVULNSCAN: Launches a "vulnscan" mode scans on multiple targets specified via the "-f" switch.