Skip to content

Ibrahim-dad/Exploit-Sniper

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
src
src
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
build.mjs
build.mjs
 
 
package.json
package.json
 
 
tsconfig.json
tsconfig.json
 
 

Repository files navigation

  ⠀⠀⠀⠀⠀⠀⠶⡶⣶⣾⣷⣶⢶⣿⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
  ⣿⣿⣿⣿⣷⣶⣶⣶⣿⣿⣿⣿⣿⣿⣿⣿⣿⣿⣉⣉⣙⣉⡉⠉⠉⠉⠉⠉⠛⠉
  ⠿⠿⠿⠛⠻⠿⢶⣿⠉⠈⠛⠉⠁⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀

███████╗██╗  ██╗██████╗ ██╗      ██████╗ ██╗████████╗
██╔════╝╚██╗██╔╝██╔══██╗██║     ██╔═══██╗██║╚══██╔══╝
█████╗   ╚███╔╝ ██████╔╝██║     ██║   ██║██║   ██║
██╔══╝   ██╔██╗ ██╔═══╝ ██║     ██║   ██║██║   ██║
███████╗██╔╝ ██╗██║     ███████╗╚██████╔╝██║   ██║
╚══════╝╚═╝  ╚═╝╚═╝     ╚══════╝ ╚═════╝ ╚═╝   ╚═╝
██████╗ ███╗   ██╗██╗██████╗ ███████╗██████╗
██╔════╝████╗  ██║██║██╔══██╗██╔════╝██╔══██╗
███████╗██╔██╗ ██║██║██████╔╝█████╗  ██████╔╝
╚════██║██║╚██╗██║██║██╔═══╝ ██╔══╝  ██╔══██╗
███████║██║ ╚████║██║██║     ███████╗██║  ██║
╚══════╝╚═╝  ╚═══╝╚═╝╚═╝     ╚══════╝╚═╝  ╚═╝

Precision Strike Web Security Scanner

Fast. Powerful. Animated.
An advanced CLI web security scanner built for bug hunters.
12 scan modules | 600+ payloads | Concurrent execution | Live findings output

Version Node TypeScript License

Installation

git clone https://github.com/Ibrahim-dad/Exploit-Sniper.git
cd Exploit-Sniper
npm install
npm run build
sudo npm link

Now run from anywhere:

exploit-sniper full -t https://target.com

Note: Use sudo npm link on Linux/macOS. On Windows, run your terminal as Administrator.

Features

  • 12 Security Scan Modules — XSS, SQLi, LFI, SSRF, IDOR, CORS, Open Redirect, Security Headers, Directory Bruteforce, API Discovery, User Enumeration, Rate Limit Testing
  • 600+ Attack Payloads — Curated and categorized payloads across all injection types
  • Concurrent Execution — Configurable thread count per module for blazing-fast scans
  • Live Finding Output — Findings print in real-time as they're discovered with severity ratings
  • Animated CLI — Sniper ASCII art banner, typewriter title effect, spinners on every module
  • JSON Reports — Export structured scan reports for every module or full scan
  • Deep Scan Mode — Unleash the full payload arsenal for thorough assessments
  • Zero External Dependencies for HTTP — Uses Node.js native fetch — no axios needed

Scan Modules

Module Command Description Payloads
XSS xss Cross-Site Scripting — 8 categories including DOM-based, polyglot, WAF bypass 150+
SQLi sqli SQL Injection — union, boolean, time-based blind, stacked queries 200+
LFI lfi Local File Inclusion / Path Traversal — encoded, null byte, filter bypass 100+
Open Redirect redirect Open Redirect — protocol-relative, data URI, encoding tricks 50+
SSRF ssrf Server-Side Request Forgery — localhost, cloud metadata, internal services 70+
CORS cors CORS Misconfiguration — wildcard, origin reflection, null origin, preflight
Headers headers Security Headers & Info Disclosure — 10 headers, cookies, HTTP methods, stack traces
IDOR idor Insecure Direct Object Reference — 27 API patterns, ID probing, method tampering
Dirs dirs Directory & File Bruteforce — admin panels, backups, configs, sensitive files 250+
API api API Endpoint Discovery — REST patterns, auth checks, version enumeration
Users users User Enumeration — login, register, password reset timing & response analysis
Rate Limit ratelimit Rate Limit Testing — burst requests against auth endpoints

Quick Start

# Full scan — run all 12 modules
exploit-sniper full -t https://target.com

# Deep scan — unleash all 600+ payloads
exploit-sniper full -t https://target.com --deep

# Save JSON report
exploit-sniper full -t https://target.com -o report.json

# Skip specific modules
exploit-sniper full -t https://target.com --skip users ratelimit

# Crank up the threads
exploit-sniper full -t https://target.com --threads 50

Individual Scan Commands

XSS — Cross-Site Scripting

exploit-sniper xss -t https://target.com -p search q
exploit-sniper xss -t https://target.com --deep -c polyglot waf_bypass

Categories: basic, eventHandlers, encodingBypass, filterEvasion, domBased, polyglot, waf_bypass, template_injection

SQLi — SQL Injection

exploit-sniper sqli -t https://target.com -p id username
exploit-sniper sqli -t https://target.com --deep --time-based --time-threshold 5000

Categories: union, boolean, error_based, stacked, time_based, comment, auth_bypass, nosql, order_by, insert_update

LFI — Local File Inclusion

exploit-sniper lfi -t https://target.com?file=test -p file
exploit-sniper lfi -t https://target.com --deep

Categories: basic, encoded, null_byte, filter_bypass, windows, interesting_files, wrapper

Open Redirect

exploit-sniper redirect -t https://target.com?next= -p next url redirect

SSRF — Server-Side Request Forgery

exploit-sniper ssrf -t https://target.com?url= -p url callback webhook

CORS Misconfiguration

exploit-sniper cors -t https://target.com

Security Headers

exploit-sniper headers -t https://target.com

IDOR — Insecure Direct Object Reference

exploit-sniper idor -t https://target.com

Directory Bruteforce

exploit-sniper dirs -t https://target.com -e php html asp
exploit-sniper dirs -t https://target.com --sensitive --threads 50

API Endpoint Discovery

exploit-sniper api -t https://target.com
exploit-sniper api -t https://target.com --no-auth-check

User Enumeration

exploit-sniper users -t https://target.com
exploit-sniper users -t https://target.com --login-path /api/login -u admin root test

Rate Limit Testing

exploit-sniper ratelimit -t https://target.com -n 100
exploit-sniper ratelimit -t https://target.com --paths /api/login /api/reset

Global Options

Option Description Default
-t, --target <url> Target URL (required)
-v, --verbose Show detailed output false
-o, --output <file> Save report as JSON
--threads <n> Concurrent requests Varies per module
--deep Use ALL payloads (slower, thorough) false

Default Thread Counts

Module Default Threads
XSS, SQLi, LFI, Redirect 15
SSRF, IDOR 10
Dirs 25
Full Scan 20

Utility Commands

exploit-sniper payloads      # List all payload categories
exploit-sniper help-all      # Complete command reference with examples
exploit-sniper --help        # Quick help

Output

Live Findings

Findings appear in real-time during scans with severity color coding:

  ⚡ FINDING [CRITICAL] CORS: Wildcard Access-Control-Allow-Origin
  ⚡ FINDING [HIGH] XSS: Reflected payload in response — <script>alert(1)</script>
  ⚡ FINDING [MEDIUM] Missing Header: X-Content-Type-Options
  ⚡ FINDING [LOW] Info Disclosure: Server header exposes version

Severity Levels

Level Color Description
CRITICAL Red Immediate exploitation risk
HIGH Orange Significant vulnerability
MEDIUM Yellow Moderate security concern
LOW Blue Minor issue or informational
INFO Gray Informational finding

JSON Report Structure

{
  "target": "https://target.com",
  "scanType": "full",
  "timestamp": "2026-03-27T00:00:00.000Z",
  "summary": {
    "total": 42,
    "critical": 3,
    "high": 8,
    "medium": 15,
    "low": 10,
    "info": 6
  },
  "findings": [
    {
      "module": "cors",
      "severity": "critical",
      "title": "Wildcard Access-Control-Allow-Origin",
      "detail": "..."
    }
  ]
}

Project Structure

exploit-sniper/
├── src/
│   ├── cli.ts                  # Main CLI entry — 14 commands
│   ├── scanners/
│   │   ├── full-scan.ts        # Orchestrates all 12 modules
│   │   ├── xss.ts              # XSS scanner
│   │   ├── sqli.ts             # SQL Injection scanner
│   │   ├── lfi.ts              # LFI / Path Traversal scanner
│   │   ├── open-redirect.ts    # Open Redirect scanner
│   │   ├── ssrf.ts             # SSRF scanner
│   │   ├── cors.ts             # CORS misconfiguration scanner
│   │   ├── headers.ts          # Security headers scanner
│   │   ├── idor.ts             # IDOR scanner
│   │   ├── directory.ts        # Directory bruteforce scanner
│   │   ├── api-checker.ts      # API endpoint discovery
│   │   ├── user-enum.ts        # User enumeration scanner
│   │   └── rate-limit.ts       # Rate limit tester
│   ├── payloads/
│   │   ├── xss-payloads.ts     # 150+ XSS payloads (8 categories)
│   │   ├── sqli-payloads.ts    # 200+ SQLi payloads (10 categories)
│   │   ├── lfi-payloads.ts     # 100+ LFI payloads (7 categories)
│   │   ├── ssrf-payloads.ts    # 70+ SSRF payloads
│   │   ├── redirect-payloads.ts# 50+ Open Redirect payloads
│   │   └── directories.ts      # 250+ directory/file paths
│   └── utils/
│       ├── http.ts             # HTTP client with runConcurrentWithCallback()
│       └── reporter.ts         # Animated banner, Spinner, printLiveFind, reports
├── package.json
├── tsconfig.json
├── build.mjs
└── README.md

Tech Stack

Component Technology
Language TypeScript 5.x
Runtime Node.js >= 18
HTTP Native fetch API (no axios)
CLI Framework Commander.js
Terminal Output Chalk, cli-table3, cli-progress
Concurrency Custom runConcurrentWithCallback() with configurable thread pools
Build esbuild

Disclaimer

⚠  IMPORTANT: Only use Exploit-$niper on targets you have explicit authorization to test.

Unauthorized scanning of systems you do not own or have permission to test is illegal
and unethical. The authors are not responsible for any misuse of this tool.

This tool is intended for:
  - Authorized penetration testing
  - Bug bounty programs
  - Security research on your own systems
  - Educational purposes

License

MIT

Built for bug hunters, by bug hunters.
[ Exploit-$niper ] — Precision Strike Web Security Scanner

About

Exploit-$niper — Precision Strike Web Security Scanner. Advanced CLI tool for bug hunters with concurrent scanning for XSS, SQLi, LFI, SSRF, IDOR, CORS, Open Redirect, and more.

Topics

cli bugbounty xss-detection vulnerability-detection vulnerability-scanners sql-vulnerability-scanner webscanner bughunter server-scanner bughunting-tools

Resources

Readme
Activity

Stars

1 star

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages