Penetration Test con Sn1per
Sn1per es un scanner automatizado para realizar Penetration Test y sobre todo las tareas de enumeración y análisis de vulnerabilidades.
Las herramientas incluidas en Sn1per son las siguientes:
git clone https://github.com/1N3/Sn1per.git
./install.sh
sniper blabla.com- Collects basic recon (ie. whois, ping, DNS, etc.)
- Launches Google hacking queries against a target domain
- Enumerates open ports via NMap port scanning
- Brute forces sub-domains, gathers DNS info and checks for zone transfers
- Checks for sub-domain hijacking
- Runs targeted NMap scripts against open ports
- Runs targeted Metasploit scan and exploit modules
- Scans all web applications for common vulnerabilities
- Brute forces ALL open services
- Test for anonymous FTP access
- Runs WPScan, Arachni and Nikto for all web services
- Enumerates NFS shares
- Test for anonymous LDAP access
- Enumerate SSL/TLS ciphers, protocols and vulnerabilities
- Enumerate SNMP community strings, services and users
- List SMB users and shares, check for NULL sessions and exploit MS08-067
- Exploit vulnerable JBoss, Java RMI and Tomcat servers
- Tests for open X11 servers
- Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds
- Performs high level enumeration of multiple hosts and subnets
- Integrates with Metasploit Pro, MSFConsole and Zenmap for reporting
- Gathers screenshots of all web sites
- Create individual workspaces to store all scan output
0 Comments:
Publicar un comentario
Gracias por dejar un comentario en Segu-Info.
Gracias por comentar!