Investigator Use
Sn1per is an automated reconnaissance and vulnerability scanning framework available on GitHub that combines multiple open-source tools into a unified attack surface discovery workflow. It performs subdomain enumeration, port scanning, service detection, screenshot capture, and vulnerability assessment in an automated pipeline, outputting structured reports suitable for penetration testing engagements.
For authorized penetration testers and security researchers, Sn1per dramatically reduces the manual overhead of reconnaissance by chaining together tools like Nmap, Masscan, Metasploit, Nikto, Whatweb, and dozens of others into a coordinated scan sequence. A single Sn1per invocation can enumerate subdomains, scan all discovered hosts for open ports, fingerprint running services, capture screenshots of web applications, and identify known vulnerabilities — work that would take hours manually.
For OSINT investigators working within authorized scopes, Sn1per's reconnaissance output provides a comprehensive picture of an organization's external attack surface: all externally accessible hosts, their open services, technology stack, and potential vulnerabilities. This intelligence informs risk assessment, prioritizes follow-up investigation, and establishes the technical breadth of a target's internet-facing infrastructure.
Sn1per's workspace feature organizes scan results by target, enabling long-running investigations to accumulate data across multiple scan sessions. Results are stored in a structured format that facilitates comparison across time — useful for detecting changes in a target's infrastructure between assessment periods.
The framework includes both community (free) and professional (paid) editions, with the professional edition adding continuous attack surface monitoring, advanced reporting, and API integrations.
Critical legal requirements: Sn1per is a powerful active scanning tool that generates significant traffic and leaves evidence in target system logs. It must only be run against systems the investigator owns or has explicit, written authorization to test. Unauthorized use constitutes computer fraud and intrusion under laws in virtually every jurisdiction.
Document all authorization documentation, scope definitions, scan parameters, and output before beginning any Sn1per engagement. Retain complete scan logs.
Before You Pivot
Record Context
Capture the target, search terms, and why this source is relevant before you leave the page.
Preserve Evidence
Archive volatile pages, save screenshots, and keep timestamps for anything that may change.
Corroborate
Treat one tool as a lead source. Confirm important findings with independent sources.
Related Tools
CVE
Cyber Threat OSINT
CVE provides standardized vulnerability identifiers and references used in security research, triage, and threat intelligence workflows.
CVE Details
Cyber Threat OSINT
CVE Details aggregates vulnerability records, CVSS scores, and affected software lists for security analysis and patch prioritization.
Default Passwords
Cyber Threat OSINT
Find default passwords and credentials for routers, printers, servers, and network devices for authorized security auditing.
Exploit DB
Cyber Threat OSINT
The Exploit Database archives public exploits and proof-of-concept code for known vulnerabilities, used in penetration testing and research.
Honey DB
Cyber Threat OSINT
HoneyDB aggregates honeypot sensor data to identify malicious IP addresses, attacker tactics, and emerging threat patterns.
Hybrid analysis
Cyber Threat OSINT
Hybrid Analysis provides free malware sandboxing with Falcon Sandbox technology to analyze suspicious files and URLs for threat intelligence.