Sn1per: Automated pentest recon scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities.


“I originally created Sn1per because I didn’t want to run 10 different security tools and remember every command switch for each pentest I was doing. I wanted to be more efficient in the enumeration phase in order to save time and focus on other more manual aspects of penetration testing,” 1N3@CrowdShield, creator of Sn1per, told Help Net Security.


  • Automatically collects basic recon (ie. whois, ping, DNS, etc.)
  • Automatically launches Google hacking queries against a target domain
  • Automatically enumerates open ports
  • Automatically brute forces sub-domains and DNS info
  • Automatically checks for sub-domain hijacking
  • Automatically runs targeted nmap scripts against open ports
  • Automatically runs targeted Metasploit scan and exploit modules
  • Automatically scans all web applications for common vulnerabilities
  • Automatically brute forces all open services
  • Automatically exploit remote hosts to gain remote shell access
  • Performs high level enumeration of multiple hosts
  • Auto-pwn added for Metasploitable, ShellShock, MS08-067, Default Tomcat Creds.


Future development

Users will be excited to learn that the developer is in talks about having Sn1per included in future versions of Kali Linux, a popular choice for many penetration testers.

“I’m continually improving and refining each release and listening to feedback I receive on GitHub. I definitely want to make Sn1per more intelligent about the scan and exploit selection process, depending on the information it’s able to retrieve. For example, if the site is running WordPress, it will run only WordPress tools and exploits,” 1N3@CrowdShield concluded.

Don't miss