Sniper – Automatic Exploiter from Pentest-Tools.com (“Best Emerging Technology” finalist at SC Europe Awards 2022)

Introducing: Sniper Automatic Exploiter, helping security teams confirm the real impact of a CVE with remote code execution or arbitrary file read risks and quickly identify which of their systems are truly vulnerable, so they can effectively prioritize remediation.
pentest tools defcamp 2022

High-risk, widespread vulnerabilities cause significant disruptions to already struggling security teams. In 2021, 1100+ CVEs with 9-10 CVSSv3 scores flooded the tech ecosystem. Fixing a critical vulnerability takes 100+ days on average and some may take years to eliminate through patching or other solutions. Case in point, Log4Shell.

Without dependable help, increasingly complex and voluminous VA and VM activities can burden security pros until they burn out, which is already a widespread problem.

Automation can help them cope and scale, but it has to be reliable, under their control, and make an actual difference.

Because we care about this problem, our research team built Sniper Automatic Exploiter to help security teams confirm the real impact of a CVE with remote code execution or arbitrary file read risks and quickly identify which of their systems are truly vulnerable, so they can effectively prioritize remediation.

Sniper bridges the gap between results that common vulnerability scanners produce and the attack methods real threat actors use. This offensive tool mimics real world exploits and attack techniques to determine the truly vulnerable systems in a fraction of the time compared to manual exploitation.

Sniper extracts the current user and directory, system information, local users, running process, network configuration, and other artefacts, which it automatically correlates into a visual network graph.

Given its capabilities, use cases for Sniper Auto-Exploiter include gaining initial access for lateral movement, weeding through false positives, and controlled exploitation that leaves the system unaltered and clean.

    Do you own a specialized tool regarding cyber security and want to share it? in that case just send it over and we’ll post it.

    SHARE US
    YOUR TOOL

    Related articles​

    CVE Monitor from Bit Sentinel

    BY Adina Harabagiu
    Introducing: CVE Monitor, a free early warning service that informs organisations worldwide of upcoming ..

    Business Internet Security Threat Map

    BY defcamp
    Business Internet Security from Orange protects the information delivered over the internet and the ..

    IoT Security Assessment from Keysight

    BY defcamp
    Introducing: Keysight’s IoT Security Assessment, helping you validate virtually any connected device against..