# 1n3/sn1per **Attribution required: if you use, quote, or summarise this content, you must credit and link back to [awesome-repositories.com](https://awesome-repositories.com/repository/1n3-sn1per).** 10,049 stars · 2,077 forks · Shell · other ## Links - GitHub: https://github.com/1N3/Sn1per - Homepage: https://sn1persecurity.com - awesome-repositories: https://awesome-repositories.com/repository/1n3-sn1per.md ## Topics `attack-surface` `attack-surface-management` `attacksurface` `bugbounty-platform` `cybersecurity` `hacking` `hacking-tools` `osint-framework` `osint-tool` `penetration-testing` `pentest-scripts` `pentest-tool` `pentest-tools` `pentesting` `pentesting-tools` `security` `security-tools` `sn1per` `sn1per-professional` ## Description Sn1per is a vulnerability management platform and penetration testing orchestrator designed to automate reconnaissance, vulnerability scanning, and exploit verification. It functions as a dockerized security toolkit that coordinates multiple tools into a unified automated pipeline to identify security flaws across network and web assets. The platform features an attack surface manager for discovering internet-facing assets through OSINT, DNS enumeration, and certificate transparency. It distinguishes itself with an AI-powered security analyzer that uses large language models to summarize scan outputs and triage vulnerabilities, alongside an active exploit validation engine to eliminate false positives. Its broader capabilities cover mobile application auditing for Android and iOS binaries, dark web leak monitoring, and asset risk assessment. The system provides a security analysis dashboard for managing multi-user workspaces, generating structured reports, and configuring security tools via a web interface. The environment is deployed using containers and persistent volumes to ensure a reproducible runtime. ## Tags ### Security & Cryptography - [Attack Surface Management](https://awesome-repositories.com/f/security-cryptography/attack-surface-management.md) — Discovers and monitors internet-facing assets using OSINT and DNS enumeration to identify organizational exposures. - [Penetration Testing Platforms](https://awesome-repositories.com/f/security-cryptography/penetration-testing-platforms.md) — Provides a comprehensive platform for orchestrating vulnerability detection and automated exploit verification. ([source](https://cdn.jsdelivr.net/gh/1n3/sn1per@master/README.md)) - [Security Orchestration](https://awesome-repositories.com/f/security-cryptography/security-orchestration.md) — Orchestrates a unified automated pipeline combining multiple reconnaissance, scanning, and exploitation tools. ([source](https://sn1persecurity.com/wordpress/documentation/)) - [Attack Surface Mapping](https://awesome-repositories.com/f/security-cryptography/attack-surface-mapping.md) — Discovers and monitors internet-facing assets to identify unknown exposures and track changes in the organizational perimeter. ([source](https://cdn.jsdelivr.net/gh/1n3/sn1per@master/README.md)) - [Exploit Frameworks](https://awesome-repositories.com/f/security-cryptography/exploit-frameworks.md) — Runs specialized functional modules for brute forcing and fuzzing through a library of curated exploit signatures. - [Exploitation Workflow Managers](https://awesome-repositories.com/f/security-cryptography/exploit-frameworks/exploitation-workflow-managers.md) — Orchestrates the end-to-end security pipeline from reconnaissance to exploit verification to streamline penetration testing. ([source](https://sn1persecurity.com/wordpress/use-cases/)) - [Finding Classification](https://awesome-repositories.com/f/security-cryptography/finding-classification.md) — Centralizes results from multiple scanning tools into a single interface for scoring and triage. ([source](https://sn1persecurity.com/wordpress/use-cases/)) - [Security Analysis Dashboards](https://awesome-repositories.com/f/security-cryptography/security-analysis-dashboards.md) — Provides a web interface for managing security workspaces, analyzing APK binaries, and visualizing risk scores. - [AI-Powered Security Operations](https://awesome-repositories.com/f/security-cryptography/security/ai-and-machine-learning/ai-powered-security-operations.md) — Uses large language models to summarize scan outputs and automate the triage of identified vulnerabilities. - [Subdomain Enumeration Tools](https://awesome-repositories.com/f/security-cryptography/subdomain-enumeration-tools.md) — Discovers hidden and public subdomains using a variety of passive and active DNS reconnaissance techniques. ([source](https://github.com/1N3/Sn1per/wiki/Plugins-&-Tools)) - [Exploitability Validation](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-vulnerabilities/exploitability-validation.md) — Implements active exploitation tests to verify the exploitability of identified vulnerabilities and eliminate false positives. ([source](https://sn1persecurity.com/wordpress/external-attack-surface-management-with-sn1per/)) - [Vulnerability Management](https://awesome-repositories.com/f/security-cryptography/vulnerability-management.md) — Centralizes security findings from multiple tools into a single interface for risk scoring and triage. - [Reachability Prioritizers](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning/reachability-prioritizers.md) — Calculates risk scores based on criticality and exploitability to prioritize the remediation of vulnerabilities. ([source](https://sn1persecurity.com/wordpress/external-attack-surface-management-with-sn1per/)) - [Automated Security Scan Triggers](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning/scanning-template-libraries/automated-security-scan-triggers.md) — Provides an API to automatically trigger reconnaissance and vulnerability scans using configurable logic gates. ([source](https://sn1persecurity.com/wordpress/documentation/configuration/)) - [Vulnerability Retesters](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanning/vulnerability-retesters.md) — Verifies the accuracy of identified security flaws through active exploitation and re-testing. ([source](https://sn1persecurity.com/wordpress/request-a-trial/)) - [Web Security Analysis](https://awesome-repositories.com/f/security-cryptography/web-security-analysis.md) — Crawls web targets to identify security holes, CMS versions, and underlying directory structures. ([source](https://github.com/1N3/Sn1per/wiki/Plugins-&-Tools)) - [Credential Auditing Tools](https://awesome-repositories.com/f/security-cryptography/credential-auditing-tools.md) — Includes utilities to scan across multiple hosts for default and weak passwords to identify unauthorized access. ([source](https://sn1persecurity.com/wordpress/)) - [Dark Web Monitoring](https://awesome-repositories.com/f/security-cryptography/credential-monitoring-services/dark-web-monitoring.md) — Scans dark web sources and breach databases for leaked credentials and organizational mentions. ([source](https://sn1persecurity.com/wordpress/use-cases/)) - [Exploit Execution Engines](https://awesome-repositories.com/f/security-cryptography/exploit-execution-engines.md) — Launches network and web-based exploit modules and manages listener configurations for callbacks. ([source](https://github.com/1N3/Sn1per/wiki/Metasploit-Integration)) - [Attack Simulations](https://awesome-repositories.com/f/security-cryptography/governance-policy-frameworks/compliance-governance/security-and-compliance/security-and-threat-mitigations/attack-simulations.md) — Executes automated exploitation chains with stealth modes to simulate adversary attacks and bypass security defenses. ([source](https://sn1persecurity.com/wordpress/use-cases/)) - [Security Report Generation](https://awesome-repositories.com/f/security-cryptography/security-report-generation.md) — Generates findings summaries in CSV, Excel, PDF, HTML, and JSON formats for external documentation. ([source](https://cdn.jsdelivr.net/gh/1n3/sn1per@master/README.md)) - [Security Reporting Tools](https://awesome-repositories.com/f/security-cryptography/security-reporting-tools.md) — Generates structured security findings and host inventory reports in JSON, CSV, and TXT formats. ([source](https://sn1persecurity.com/wordpress/documentation/api/)) - [Threat Intelligence Platforms](https://awesome-repositories.com/f/security-cryptography/threat-intelligence-platforms.md) — Incorporates data from external threat feeds and security databases directly into the scanning workflow. ([source](https://sn1persecurity.com/wordpress/use-cases/)) - [Contextual Enrichment](https://awesome-repositories.com/f/security-cryptography/threat-intelligence-platforms/contextual-enrichment.md) — Integrates a retrieval engine to correlate scan findings with industry security databases. ([source](https://sn1persecurity.com/wordpress/documentation/configuration/)) - [Exposure Monitoring](https://awesome-repositories.com/f/security-cryptography/threat-intelligence-platforms/exposure-monitoring.md) — Tracks the attack surface on a configurable schedule and alerts on new exposures. ([source](https://sn1persecurity.com/wordpress/external-attack-surface-management-with-sn1per/)) - [Mobile App Security Auditing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/mobile-app-security-auditing.md) — Analyzes Android and iOS binaries through decompilation and static analysis to identify internal logic flaws. - [Credential Brute-Forcing](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/credential-brute-forcing.md) — Provides automated testing of authentication credentials through systematic brute-force attacks. ([source](https://github.com/1N3/Sn1per/wiki/Plugins-&-Tools)) - [Mobile Application Scanners](https://awesome-repositories.com/f/security-cryptography/vulnerability-assessment-testing/security-testing-auditing/security-testing/mobile-application-scanners.md) — Analyzes iOS and Android binaries through static analysis, dynamic instrumentation, and certificate-pinning bypasses. ([source](https://sn1persecurity.com/wordpress/use-cases/)) - [Vulnerability Scanner Integrations](https://awesome-repositories.com/f/security-cryptography/vulnerability-scanner-integrations.md) — Integrates with OpenVAS instances to perform comprehensive vulnerability assessments across specific port lists. ([source](https://sn1persecurity.com/wordpress/documentation/configuration/)) ### Part of an Awesome List - [Continuous Security Monitoring](https://awesome-repositories.com/f/awesome-lists/security/continuous-security-monitoring.md) — Performs continuous discovery and active exploitation of external assets to identify and track security gaps. ([source](https://sn1persecurity.com/wordpress/product/sn1per-professional-2026-license/)) - [OSINT and Reconnaissance](https://awesome-repositories.com/f/awesome-lists/security/osint-and-reconnaissance.md) — Gathers passive intelligence and threat data about a target from public sources without direct interaction. ([source](https://sn1persecurity.com/wordpress/documentation/usage/)) - [Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-scanning.md) — Centralizes the automation of reconnaissance, vulnerability scanning, and exploit verification across network assets. - [Scanner Orchestrators](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-scanning/scanner-orchestrators.md) — Orchestrates multiple external vulnerability scanners to identify security flaws across various hosts. ([source](https://github.com/1N3/Sn1per/wiki/OpenVAS-Integration)) - [Web Vulnerability Scanning](https://awesome-repositories.com/f/awesome-lists/security/web-vulnerability-scanning.md) — Automates vulnerability scanning for web targets and generates structured HTML reports. ([source](https://github.com/1N3/Sn1per/wiki/OWASP-ZAP-Integration)) - [Subdomain Discovery](https://awesome-repositories.com/f/awesome-lists/devtools/subdomain-discovery.md) — Extracts subdomains from GitHub to expand the known attack surface of a target domain. ([source](https://github.com/1N3/Sn1per/wiki/Github-API-Integration)) - [Web Application Fuzzing](https://awesome-repositories.com/f/awesome-lists/devtools/web-application-fuzzing.md) — Ships capabilities to discover hidden directories and parameters in web applications using automated fuzzing payloads. ([source](https://sn1persecurity.com/wordpress/documentation/usage/)) - [Cloud Infrastructure Discovery](https://awesome-repositories.com/f/awesome-lists/security/cloud-infrastructure-discovery.md) — Identifies publicly accessible cloud storage buckets to find potentially exposed sensitive data. ([source](https://github.com/1N3/Sn1per/wiki/Plugins-&-Tools)) - [Email and Identity Discovery](https://awesome-repositories.com/f/awesome-lists/security/email-and-identity-discovery.md) — Queries external APIs to discover associated email addresses and professional identities during reconnaissance. ([source](https://github.com/1N3/Sn1per/wiki/Hunter.io-API-Integration)) - [Request Smuggling](https://awesome-repositories.com/f/awesome-lists/security/request-smuggling.md) — Detects HTTP request smuggling vulnerabilities using active probes to confirm exploitability. ([source](https://sn1persecurity.com/wordpress/cve-2024-21733-apache-tomcat-http-request-smuggling/)) - [Subdomain Takeover Tools](https://awesome-repositories.com/f/awesome-lists/security/subdomain-takeover-tools.md) — Scans for dangling DNS records to detect and prevent potential subdomain takeover vulnerabilities. ([source](https://github.com/1N3/Sn1per/wiki/Plugins-&-Tools)) - [Open Source Intelligence](https://awesome-repositories.com/f/awesome-lists/data/open-source-intelligence.md) — Automated reconnaissance and penetration testing scanner. - [Information Gathering](https://awesome-repositories.com/f/awesome-lists/security/information-gathering.md) — Automates reconnaissance and vulnerability scanning tasks. - [Security Tools](https://awesome-repositories.com/f/awesome-lists/security/security-tools.md) — Automated pentest framework for offensive security experts. - [Vulnerability Scanners](https://awesome-repositories.com/f/awesome-lists/security/vulnerability-scanners.md) — Automated pentest framework for offensive security. ### Development Tools & Productivity - [Workspace Organization](https://awesome-repositories.com/f/development-tools-productivity/workspace-management/project-workspaces/workspace-organization.md) — Organizes targets, scan configurations, and live results into isolated environments to track engagement progress. ([source](https://cdn.jsdelivr.net/gh/1n3/sn1per@master/README.md)) - [Cron Scheduling](https://awesome-repositories.com/f/development-tools-productivity/cron-scheduling.md) — Uses system-level cron timers to automate recurring reconnaissance and attack surface monitoring. ### DevOps & Infrastructure - [Docker Container Deployments](https://awesome-repositories.com/f/devops-infrastructure/container-orchestration/container-runtimes/runtime-configuration-interfaces/docker-socket-orchestrators/docker-target-configurators/docker-container-deployments.md) — Packages the security toolkit and its dependencies into Docker images for a reproducible runtime. - [Containerized Deployments](https://awesome-repositories.com/f/devops-infrastructure/containerized-deployments.md) — Provides a containerized deployment to ensure a reproducible and consistent security toolkit runtime. ([source](https://sn1persecurity.com/wordpress/documentation/docker/)) - [AI-Powered Scan Interpretation](https://awesome-repositories.com/f/devops-infrastructure/scan-result-interpreters/ai-powered-scan-interpretation.md) — Employs large language models to summarize scan output, triage vulnerabilities, and determine subsequent scanning steps. ([source](https://sn1persecurity.com/wordpress/documentation/architecture/)) - [Security Automation Workflows](https://awesome-repositories.com/f/devops-infrastructure/security-automation-workflows.md) — Connects security scanning processes to CI/CD pipelines and notification platforms via a standardized JSON API. ### Software Engineering & Architecture - [Security Tool Orchestration Pipelines](https://awesome-repositories.com/f/software-engineering-architecture/security-tool-orchestration-pipelines.md) — Coordinates a pipeline of third-party scanners and tools by normalizing outputs into a unified data format. - [Workflow Logic Engines](https://awesome-repositories.com/f/software-engineering-architecture/workflow-logic-engines.md) — Executes complex security sequences from discovery to exploitation based on conditional triggers and verification steps. - [Asset Risk Scoring](https://awesome-repositories.com/f/software-engineering-architecture/automated-risk-assessment-engines/asset-risk-scoring.md) — Calculates individual asset risk scores and generates vulnerability matrices to prioritize remediation efforts. ([source](https://sn1persecurity.com/wordpress/continuous-attack-surface-management-with-sn1per-professional/)) ### Testing & Quality Assurance - [Autonomous Penetration Testing](https://awesome-repositories.com/f/testing-quality-assurance/software-testing/testing-frameworks/end-to-end-testing-suites/end-to-end-testing-frameworks/autonomous-penetration-testing.md) — Automates the full security assessment lifecycle from reconnaissance to exploit verification. ### Business & Productivity Software - [Automated Audit Schedulers](https://awesome-repositories.com/f/business-productivity-software/scheduling-automation/automated-audit-schedulers.md) — Automates the execution of security tools on fixed timetables using cron jobs for continuous monitoring. ([source](https://cdn.jsdelivr.net/gh/1n3/sn1per@master/README.md)) - [Workspace Collaboration](https://awesome-repositories.com/f/business-productivity-software/team-collaboration-events/collaboration-communication-tools/collaboration-tools/workspace-collaboration.md) — Coordinates penetration testing efforts across teams through shared workspaces and joint access to data. ([source](https://sn1persecurity.com/wordpress/request-a-quote/)) - [Workspace Isolation](https://awesome-repositories.com/f/business-productivity-software/team-collaboration-management/workspace-isolation.md) — Organizes engagement data and scan results into isolated, dedicated workspaces for team collaboration. ### Data & Databases - [Security Data Endpoints](https://awesome-repositories.com/f/data-databases/data-retrieval/security-data-endpoints.md) — Provides secure JSON endpoints to programmatically retrieve workspaces, host details, and vulnerability data. ([source](https://sn1persecurity.com/wordpress/documentation/usage/)) - [Scan Data Importers](https://awesome-repositories.com/f/data-databases/external-data-connectors/scan-data-importers.md) — Ingests scan results and shell access from third-party exploitation frameworks into a centralized workspace via API. ([source](https://sn1persecurity.com/wordpress/)) - [Retrieval Augmentation](https://awesome-repositories.com/f/data-databases/retrieval-augmentation.md) — Integrates large language models with security knowledge bases to summarize scan findings and triage vulnerabilities. ### Networking & Communication - [Port Scanners](https://awesome-repositories.com/f/networking-communication/port-scanners.md) — Maps open ports and network services using integrated scanning engines to define the attack surface. ([source](https://sn1persecurity.com/wordpress/)) ### Operating Systems & Systems Programming - [Mobile Binary Analysis](https://awesome-repositories.com/f/operating-systems-systems-programming/binary-analysis-capabilities/decompilers/mobile-binary-analysis.md) — Enables decompilation and analysis of Android binaries through a browser-based interface. ([source](https://sn1persecurity.com/wordpress/sn1per-professional-2026-release/)) ### System Administration & Monitoring - [Data Leak Monitors](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/data-leak-monitors.md) — Scans GitHub for leaked credentials or sensitive information and sends alerts to messaging platforms. ([source](https://github.com/1N3/Sn1per/wiki/Github-API-Integration)) - [Security Exposure Alerts](https://awesome-repositories.com/f/system-administration-monitoring/monitoring-and-observability/observability-platforms/operational-health-alerting/automated-alerting-workflows/security-exposure-alerts.md) — Sends automated alerts via Slack, email, or SIEM when new exposures are detected. ([source](https://sn1persecurity.com/wordpress/external-attack-surface-management-with-sn1per/)) - [Workflow Management Dashboards](https://awesome-repositories.com/f/system-administration-monitoring/pipeline-monitoring-dashboards/workflow-management-dashboards.md) — Provides a centralized dashboard to track host counts, scan timestamps, and risk levels across multiple engagements. ([source](https://sn1persecurity.com/wordpress/sn1per-professional-2026-release/))