High-risk, widespread vulnerabilities cause significant disruptions to already struggling security teams. In 2021, 1100+ CVEs with 9-10 CVSSv3 scores flooded the tech ecosystem. Fixing a critical vulnerability takes 100+ days on average and some may take years to eliminate through patching or other solutions. Case in point, Log4Shell.
Without dependable help, increasingly complex and voluminous VA and VM activities can burden security pros until they burn out, which is already a widespread problem.
Automation can help them cope and scale, but it has to be reliable, under their control, and make an actual difference.
Because we care about this problem, our research team built Sniper Automatic Exploiter to help security teams confirm the real impact of a CVE with remote code execution or arbitrary file read risks and quickly identify which of their systems are truly vulnerable, so they can effectively prioritize remediation.
Sniper bridges the gap between results that common vulnerability scanners produce and the attack methods real threat actors use. This offensive tool mimics real world exploits and attack techniques to determine the truly vulnerable systems in a fraction of the time compared to manual exploitation.
Sniper extracts the current user and directory, system information, local users, running process, network configuration, and other artefacts, which it automatically correlates into a visual network graph.
Given its capabilities, use cases for Sniper Auto-Exploiter include gaining initial access for lateral movement, weeding through false positives, and controlled exploitation that leaves the system unaltered and clean.