Sniper – Automatic Exploiter from Pentest-Tools.com (“Best Emerging Technology” finalist at SC Europe Awards 2022)

Introducing: Sniper Automatic Exploiter, helping security teams confirm the real impact of a CVE with remote code execution or arbitrary file read risks and quickly identify which of their systems are truly vulnerable, so they can effectively prioritize remediation.
pentest tools defcamp 2022

High-risk, widespread vulnerabilities cause significant disruptions to already struggling security teams. In 2021, 1100+ CVEs with 9-10 CVSSv3 scores flooded the tech ecosystem. Fixing a critical vulnerability takes 100+ days on average and some may take years to eliminate through patching or other solutions. Case in point, Log4Shell.

Without dependable help, increasingly complex and voluminous VA and VM activities can burden security pros until they burn out, which is already a widespread problem.

Automation can help them cope and scale, but it has to be reliable, under their control, and make an actual difference.

Because we care about this problem, our research team built Sniper Automatic Exploiter to help security teams confirm the real impact of a CVE with remote code execution or arbitrary file read risks and quickly identify which of their systems are truly vulnerable, so they can effectively prioritize remediation.

Sniper bridges the gap between results that common vulnerability scanners produce and the attack methods real threat actors use. This offensive tool mimics real world exploits and attack techniques to determine the truly vulnerable systems in a fraction of the time compared to manual exploitation.

Sniper extracts the current user and directory, system information, local users, running process, network configuration, and other artefacts, which it automatically correlates into a visual network graph.

Given its capabilities, use cases for Sniper Auto-Exploiter include gaining initial access for lateral movement, weeding through false positives, and controlled exploitation that leaves the system unaltered and clean.

    Do you own a specialized tool regarding cyber security and want to share it? in that case just send it over and we’ll post it.

    SHARE US
    YOUR TOOL

    Related articles​

    SOC-as-a-Service from Orange Business Services

    BY Adina Harabagiu
    Orange Business Services Security Operations Center solution is designed to protect a company's business from ..

    Flexible Engine from Orange Business Services

    BY Adina Harabagiu
    Flexible Engine, the Orange Business Services public cloud platform, enables you to create pay-as-you-go ..

    Sandbox Scryer from CrowdStrike

    BY Adina Harabagiu
    CrowdStrike Introduces Sandbox Scryer: A Free Threat-Hunting Tool for Generating MITRE ATT&CK and Navigator ..