Simple Network Input Payload ExploRer
Owner: https://github.com/zrnge
Status: Production-ready
Use case: Authorized HTTP parameter fuzzing and anomaly detection
SNIPER is a lightweight, deterministic HTTP fuzzing tool designed for security testing, QA, and automation pipelines.
It supports:
- Multi-parameter fuzzing (e.g.
username+password) - Intruder-style attack modes (Pitchfork / Cluster Bomb)
- Grep-style response filtering (status code, response length)
- CI/CD-friendly output
- Safe throttling and timeout controls
SNIPER focuses on signal over noise and is built to scale cleanly in production environments.
- Multi-parameter fuzzing (any number of parameters)
- Payload iteration modes:
- Pitchfork (parallel iteration)
- Cluster Bomb (Cartesian product)
- Response filtering:
- HTTP status code matching
- Response length matching
- Inverted matching (anomaly detection)
- GET and POST support
- Custom headers (auth tokens, cookies, etc.)
- Deterministic, scriptable output
- No external dependencies beyond
requests
- Python 3.8+
requestslibrary
pip install requestsgit clone https://github.com/zrnge/sniper.git
cd sniperpython3 sniper.py --help- A target URL
- At least one parameter with a payload file
SNIPER fully supports single-parameter fuzzing, making it suitable for classic web testing scenarios such as:
- XSS
- SQLi
- SSTI
- LFI/RFI
- Open redirect testing Example: Fuzzing a Single Query Parameter
python3 sniper.py \
-u https://target/search \
-X GET \
--param q=xss.txtThis will generate requests equivalent to:
https://target/search?q=<payload1>
https://target/search?q=<payload2>
https://target/search?q=<payload3>
...
python3 sniper.py \
-u https://target/search \
-X GET \
--param q=https://raw.githubusercontent.com/danielmiessler/SecLists/refs/heads/master/Fuzzing/XSS/human-friendly/XSS-BruteLogic.txt--param <name>=<payload_file> or <remote_payload>Each payload file must contain one payload per line.
Example:
admin
test
root
Tests all combinations of payloads. Example:
python3 sniper.py \
-u https://target/login \
--param username=users.txt \
--param password=passwords.txtThis will try:
(user1, pass1)
(user1, pass2)
(user2, pass1)
(user2, pass2)
...
Tests payloads in parallel (1-to-1 mapping).
python3 sniper.py \
-u https://target/login \
--param username=users.txt \
--param password=passwords.txt \
--mode pitchforkUseful when payloads are paired.
POST (default)
-X POSTGET
-X GETSNIPER allows filtering results during execution, similar to grep. Filter by Status Code:
--status 200Multiple values:
--status 200,302,500Exact length:
--len-eq 1234Minimum length:
--len-min 1500Maximum length:
--len-max 800Show only responses that do NOT match the filter
--invertExample:
--status 401 --invertpython3 sniper.py \
-u https://target/login \
--param username=users.txt \
--param password=passwords.txt \
--status 200 \
--len-min 1500python3 sniper.py \
-u https://target/login \
--param username=users.txt \
--param password=passwords.txt \
--status 401 \
--invert--delay 0.5Adds a delay (seconds) between requests.
-H "Authorization: Bearer TOKEN"
-H "User-Agent: SNIPER"SNIPER produces clean, parseable output:
PARAMS={'username': 'admin', 'password': 'admin123'} STATUS=200 LENGTH=1876- Shell pipelines
- SIEM ingestion
- Log processing
- CI/CD jobs
SNIPER is suitable for:
- Pre-release security checks
- Regression testing
- Canary environment validation
Example:
python3 sniper.py ... --status 500 | tee findings.logSNIPER is intended only for systems you own or are explicitly authorized to test. Unauthorized use against third-party systems may be illegal.