Merge branch 'master' into master

2025-05-17 19:18:21 +05:30 · 2025-05-17 19:18:21 +05:30 · 25f0e60203
parent ac5d24c4e9 75fc06bd31
commit 25f0e60203
10 changed files with 345 additions and 15 deletions
--- a/ADOPTERS.md
+++ b/ADOPTERS.md
@ -0,0 +1,32 @@
+ # Adopters
+
+ This document highlights organizations, projects, and individuals using OWASP Nettacker in their security workflows.
+
+ ## Why list adopters?
+ Showcasing adoption encourages community engagement, provides credibility, and helps new users discover real-world use cases.
+
+ ## How to add yourself
+ If you or your organization use OWASP Nettacker, please:
+ 1. Fork this repository.
+ 2. Add your name, logo, and a short description below.
+ 3. Submit a pull request.
+
+ ## Organizations
+
+ | Logo | Name | Description | Website |
+ | ---- | ---- | ----------- | ------- |
+ | <!-- ![Acme Logo](path/to/logo.png) --> | **Example Acme Corp** | Uses Nettacker for automated penetration testing. | https://acme.example.com |
+ | <!-- ![SecurityCo Logo](path/to/securityco-logo.png) --> | **Example SecurityCo** | Integrates Nettacker into their CI/CD pipeline for continuous security assessment. | https://securityco.example.org |
+
+ ## Community Projects
+
+ - **Example project X** — integrates Nettacker for infrastructure scanning in Kubernetes environments.
+ - **Example tool** — extends Nettacker modules for custom vulnerability detection.
+
+ ## Individuals
+
+ - **Alice Smith example person** — security researcher (Twitter: @alice)
+
+
+ ## Thank You
+ Thanks to everyone using and contributing to OWASP Nettacker! We appreciate your support and feedback.
--- a/README.md
+++ b/README.md
@ -1,6 +1,6 @@
 OWASP Nettacker
 =========
-[![Build Status](https://github.com/OWASP/Nettacker/workflows/CI/badge.svg?branch=master)](https://github.com/OWASP/Nettacker/actions/workflows/CI.yml)
+[![Build Status](https://github.com/OWASP/Nettacker/actions/workflows/ci_cd.yml/badge.svg?branch=master)](https://github.com/OWASP/Nettacker/actions/workflows/ci_cd.yml/badge.svg?branch=master)
 [![Apache License](https://img.shields.io/badge/License-Apache%20v2-green.svg)](https://github.com/OWASP/Nettacker/blob/master/LICENSE)
 [![Twitter](https://img.shields.io/badge/Twitter-@iotscan-blue.svg)](https://twitter.com/iotscan)
 ![GitHub contributors](https://img.shields.io/github/contributors/OWASP/Nettacker)
@ -50,6 +50,15 @@ _____________
 Thanks to our awesome contributors
 ============
 ![Awesome Contributors](https://contrib.rocks/image?repo=OWASP/Nettacker)
+
+## Adopters
+
+We’re grateful to the organizations, community projects, and individuals who adopt and rely on OWASP Nettacker for their security workflows.
+
+If you’re using OWASP Nettacker in your organization or project, we’d love to hear from you! Feel free to add your details to the [ADOPTERS.md](ADOPTERS.md) file by submitting a pull request or reach out to us via GitHub issues. Let’s showcase how Nettacker is making a difference in the security community!
+
+ See [ADOPTERS.md](ADOPTERS.md) for details.
+
 _____________

 ## ***IoT Scanner***
--- a/docs/API.md
+++ b/docs/API.md
@ -75,7 +75,7 @@ At the first, you must send an API key through the request each time you send a
 To submit a new scan follow this step.

 ```python
->>> r = requests.post('https://127.0.0.1:5000/new/scan', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07", "targets": "127.0.0.1,owasp.org", "scan_method": "port_scan"})
+>>> r = requests.post('https://127.0.0.1:5000/new/scan', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07", "targets": "127.0.0.1,owasp.org", "selected_modules": "port_scan", "report_path_filename": "/home/test.html"})
 >>> r.status_code
 200
 >>> import json
@ -120,7 +120,7 @@ To submit a new scan follow this step.
 }
 ```

-Please note, `targets` and `scan_method` are **necessary** to submit a new scan unless you modify the config file before! The `scan_method` could be empty if you define the `profile`.
+Please note, `targets` and `selected_modules` are **necessary** to submit a new scan unless you modify the config file before! The `selected_modules` could be empty if you define the `profile`.

 ```python
 >>> r = requests.post('https://127.0.0.1:5000/new/scan', data={"key": "8370bd0a0b9a98ac25b341833fb0fb07"})
@ -131,7 +131,7 @@ Please note, `targets` and `scan_method` are **necessary** to submit a new scan
 >>> r.content
 u'{"msg":"please choose your scan method!","status":"error"}\n'

->>> r = requests.post('https://127.0.0.1:5000/new/scan', data={"key": "09877e92c75f6afdca6ae61ad3f53727", "targets": "127.0.0.1", "scan_method": "dir_scan,port_scan"})
+>>> r = requests.post('https://127.0.0.1:5000/new/scan', data={"key": "09877e92c75f6afdca6ae61ad3f53727", "targets": "127.0.0.1", "selected_modules": "dir_scan,port_scan", "report_path_filename": "/home/test.html"})
 >>> print json.dumps(json.loads(r.content), sort_keys=True, indent=4)
 {
    "backup_ports": null, 
@ -429,7 +429,7 @@ To enable session-based requests, like (e.g. Python `requests.session()` or brow
 </div>
 <style type="text/css">

-	.header{
+    .header{
    margin:2%;
    text-align:center;
  }
@ -665,7 +665,7 @@ To enable session-based requests, like (e.g. Python `requests.session()` or brow
 ```
 ## Generate a HTML Scan Result for a Host
 ```python
->>> r = s.get("https://localhost:5000/logs/get_html?host=127.0.0.1")
+>>> r = s.get("https://localhost:5000/logs/get_html?target=127.0.0.1&key=<your_api_key>")
 >>> print r.content[:1000]
 <!DOCTYPE html>
 <!-- THIS PAGE COPIED AND MODIFIED FROM http://bl.ocks.org/robschmuecker/7880033-->
@ -677,7 +677,7 @@ To enable session-based requests, like (e.g. Python `requests.session()` or brow
 </div>
 <style type="text/css">

-	.header{
+    .header{
    margin:2%;
    text-align:center;
  }
@ -706,7 +706,7 @@ To enable session-based requests, like (e.g. Python `requests.session()` or brow

 ### Get the Scan Result in JSON Type
 ```python
->>> r = s.get("https://localhost:5000/logs/get_json?host=owasp.org")
+>>> r = s.get("https://localhost:5000/logs/get_json?target=owasp.org&key=<your_api_key>")
 >>> print(json.dumps(json.loads(r.content), sort_keys=True, indent=4))
 [
    {
--- a/nettacker/api/engine.py
+++ b/nettacker/api/engine.py
@ -11,6 +11,7 @@ from types import SimpleNamespace
 from flask import Flask, jsonify
 from flask import request as flask_request
 from flask import render_template, abort, Response, make_response
+from werkzeug.serving import WSGIRequestHandler
 from werkzeug.utils import secure_filename

 from nettacker import logger
@ -43,6 +44,9 @@ from nettacker.database.db import (
 )
 from nettacker.database.models import Report

+# Monkey-patching the Server header to avoid exposing the actual version
+WSGIRequestHandler.version_string = lambda self: "API"
+
 log = logger.get_logger()

 app = Flask(__name__, template_folder=str(Config.path.web_static_dir))
@ -128,10 +132,23 @@ def limit_remote_addr():
    return


+@app.after_request
+def set_security_headers(response):
+    """
+    Add common security headers to every response.
+    """
+    response.headers.setdefault("Content-Security-Policy", "upgrade-insecure-requests")
+    response.headers.setdefault("X-Content-Type-Options", "nosniff")
+    response.headers.setdefault("X-Frame-Options", "SAMEORIGIN")
+    response.headers.setdefault("X-XSS-Protection", "1; mode=block")
+    response.headers.setdefault("Referrer-Policy", "no-referrer-when-downgrade")
+    return response
+
+
@app.after_request
 def access_log(response):
    """
-    if access log enabled, its writing the logs
+    Write to the access log file if enabled.

    Args:
        response: the flask response
--- a/nettacker/core/lib/ssh.py
+++ b/nettacker/core/lib/ssh.py
@ -9,13 +9,15 @@ logging.getLogger("paramiko.transport").disabled = True


 class SshLibrary(BaseLibrary):
+    client = SSHClient
+
    def brute_force(self, *args, **kwargs):
        host = kwargs["host"]
        port = kwargs["port"]
        username = kwargs["username"]
        password = kwargs["password"]

-        connection = SSHClient()
+        connection = self.client()
        connection.set_missing_host_key_policy(AutoAddPolicy())
        connection.connect(
            **{
--- a/nettacker/core/lib/ssl.py
+++ b/nettacker/core/lib/ssl.py
@ -187,6 +187,8 @@ class SslLibrary(BaseLibrary):
                cert = ssl.get_server_certificate((host, port))
            except ssl.SSLError:
                cert = None
+            except socket.gaierror:
+                cert = None
            cert_info = get_cert_info(cert) if cert else None
            ssl_ver, weak_version = is_weak_ssl_version(host, port, timeout)
            cipher_suite, weak_cipher_suite = is_weak_cipher_suite(host, port, timeout)
--- a/nettacker/core/lib/telnet.py
+++ b/nettacker/core/lib/telnet.py
@ -7,7 +7,7 @@ class TelnetLibrary(BaseLibrary):
    client = telnetlib.Telnet

    def brute_force(self, host, port, username, password, timeout):
-        connection = telnetlib.Telnet(host, port, timeout)
+        connection = self.client(host, port, timeout)
        connection.read_until(b"login: ")
        connection.write(username.encode("utf-8") + b"\n")
        connection.read_until(b"Password: ")
--- a/nettacker/lib/payloads/wordlists/config_wordlist.txt
+++ b/nettacker/lib/payloads/wordlists/config_wordlist.txt
@ -0,0 +1,222 @@
+configuration.php_old
+configuration.php_new
+configuration.php~
+configuration.php.new
+configuration.php.new~
+configuration.php.old
+configuration.php.old~
+configuration.bak
+configuration.php.bak
+configuration.php.bkp
+configuration.txt
+configuration.php.txt
+configuration-Copy.php
+configuration.php.swo
+configuration.php_bak
+configuration.php#
+configuration.orig
+configuration.php.save
+configuration.php.original
+configuration.php.swp
+configuration.save
+.configuration.php.swp
+configuration.php1
+configuration.php2
+configuration.php3
+configuration.php4
+configuration.php6
+configuration.php7
+configuration.phtml
+configuration.php-dist
+config.php
+configuration.php
+settings.php
+db_config.php
+database.php
+app_config.php
+env.php
+site_config.php
+secure_config.php
+init.php
+wp-config.php
+wp-settings.php
+wp-db.php
+wp-config-sample.php
+wp-secrets.php
+joomla_config.php
+joomla-settings.php
+default.settings.php
+services.yml
+local.settings.php
+config.default.php
+app/etc/env.php
+app/etc/config.php
+.env
+config/app.php
+config/database.php
+config/cache.php
+config/settings.inc.php
+app/config/parameters.php
+admin/config.php
+LocalConfiguration.php
+AdditionalConfiguration.php
+config_default.php
+config-dist.php
+configure.php
+admin/includes/configure.php
+configurationsettings.php
+main_config.php
+app_settings.php
+global_config.php
+secure_settings.php
+private_config.php
+user_settings.php
+site_options.php
+system.php
+security.php
+server.php
+credentials.php
+app.php
+database.ini
+config.inc.php
+core_config.php
+default_config.php
+env_config.php
+master_config.php
+options.php
+private_settings.php
+secrets.php
+server_settings.php
+site_variables.php
+system_config.php
+vars.php
+config_1.php
+config_2.php
+config_bak.php
+config.old.php
+config.new.php
+config_copy.php
+config_dev.php
+config_prod.php
+config_test.php
+config_backup.php
+config-secure.php
+config-hidden.php
+config-local.php
+config-remote.php
+config-private.php
+xyz_config.php
+abc_settings.php
+random123.php
+secure_789.php
+sys_45config.php
+data_567.php
+hash_99.php
+custom_987.php
+hidden_333.php
+secure_app987.php
+config.xml
+settings.ini
+server.conf
+database.cfg
+environment.json
+config.ini
+settings.ini
+database.ini
+app.ini
+server.ini
+system.ini
+site.ini
+env.ini
+default.ini
+global.ini
+config.json
+settings.json
+database.json
+app.json
+package.json
+manifest.json
+firebase.json
+composer.json
+tsconfig.json
+eslint.json
+config.yaml
+settings.yaml
+database.yaml
+app.yaml
+docker-compose.yaml
+kubernetes.yaml
+ansible.cfg.yaml
+symfony.yaml
+cloudbuild.yaml
+netlify.yaml
+config.xml
+settings.xml
+database.xml
+app.xml
+pom.xml
+web.xml
+android_manifest.xml
+hibernate.cfg.xml
+log4j.xml
+struts-config.xml
+.env
+.env.local
+.env.production
+.env.testing
+.env.example
+.env.development
+.env.staging
+.envrc
+.env.dist
+.env.secret
+config.toml
+settings.toml
+database.toml
+app.toml
+Cargo.toml
+poetry.toml
+pyproject.toml
+netlify.toml
+hugo.toml
+tool-config.toml
+settings.cfg
+database.cfg
+app.cfg
+server.cfg
+system.cfg
+default.cfg
+global.cfg
+local.cfg
+environment.cfg
+network.cfg
+app.config
+web.config
+database.config
+machine.config
+security.config
+service.config
+default.config
+user.config
+global.config
+network.config
+settings.conf
+server.conf
+database.conf
+httpd.conf
+nginx.conf
+redis.conf
+supervisord.conf
+xorg.conf
+firewalld.conf
+sshd_config
+.babelrc
+.editorconfig
+.prettierrc
+.eslintrc.json
+.stylelintrc
+.gitattributes
+.gitconfig
+.gitignore
+.npmrc
+.yarnrc
--- a/nettacker/modules/scan/config_file.yaml
+++ b/nettacker/modules/scan/config_file.yaml
@ -0,0 +1,46 @@
+info:
+  name: config_file_scan
+  author: Manushya-a
+  severity: 3
+  description: Configuration file finder
+  reference:
+  profiles:
+    - scan
+    - http
+    - backup
+    - low_severity
+
+payloads:
+  - library: http
+    steps:
+      - method: get
+        timeout: 3
+        headers:
+          User-Agent: "{user_agent}"
+        allow_redirects: false
+        ssl: false
+        url:
+          nettacker_fuzzer:
+            input_format: "{{schema}}://{target}:{{ports}}/{url_base_path}{{urls}}"
+            prefix: ""
+            suffix: ""
+            interceptors:
+            data:
+              urls:
+                read_from_file: wordlists/config_wordlist.txt
+              schema:
+                - "http"
+                - "https"
+              ports:
+                - 80
+                - 443
+        response:
+          condition_type: and
+          log: "response_dependent['url']"
+          conditions:
+            url:
+              regex: .*
+              reverse: false 
+            status_code:
+              regex: 200|403|401
+              reverse: false
--- a/nettacker/modules/scan/port.yaml
+++ b/nettacker/modules/scan/port.yaml
@ -1034,7 +1034,7 @@ payloads:
                reverse: false

              ftp: &ftp
-                regex: "220-You are user number|530 USER and PASS required|Invalid command: try being more creative|220 \\S+ FTP (Service|service|Server|server)|220 FTP Server ready|Directory status|Service closing control connection|Requested file action|Connection closed; transfer aborted|Directory not empty"
+                regex: "220-You are user number|530 USER and PASS required|Invalid command: try being more creative|220 \\S+ FTP (Service|service|Server|server).*?(530 Please login with USER and PASS\\.\\s*)+|220 FTP Server ready|Directory status|Service closing control connection|Requested file action|Connection closed; transfer aborted|Directory not empty|220 Welcome to the ftp service\\r\\n"
                reverse: false
              ftps: *ftp

@ -1043,7 +1043,7 @@ payloads:
                reverse: false

              imap:
-                regex: "Internet Mail Server|IMAP4 service|BYE Hi This is the IMAP SSL Redirect|LITERAL\\+ SASL\\-IR LOGIN\\-REFERRALS ID ENABLE IDLE AUTH\\=PLAIN AUTH\\=LOGIN AUTH\\=DIGEST\\-MD5 AUTH\\=CRAM-MD5|CAPABILITY completed|OK IMAPrev1|LITERAL\\+ SASL\\-IR LOGIN\\-REFERRALS ID ENABLE IDLE NAMESPACE AUTH\\=PLAIN AUTH\\=LOGIN|BAD Error in IMAP command received by server|IMAP4rev1 SASL-IR|OK \\[CAPABILITY IMAP4rev1"
+                regex: "Internet Mail Server|IMAP4 service|BYE Hi This is the IMAP SSL Redirect|LITERAL\\+ SASL\\-IR LOGIN\\-REFERRALS ID ENABLE IDLE AUTH\\=PLAIN AUTH\\=LOGIN AUTH\\=DIGEST\\-MD5 AUTH\\=CRAM-MD5|CAPABILITY completed|OK IMAPrev1|LITERAL\\+ SASL\\-IR LOGIN\\-REFERRALS ID ENABLE IDLE NAMESPACE AUTH\\=PLAIN AUTH\\=LOGIN|BAD Error in IMAP command received by server|IMAP4rev1 SASL-IR|OK \\[CAPABILITY IMAP4rev1|\\* OK.*IMAP.*Ready"
                reverse: false

              mariadb:
@ -1051,7 +1051,7 @@ payloads:
                reverse: false

              mysql:
-                regex: "is not allowed to connect to this MySQL server"
+                regex: "is not allowed to connect to this MySQL server|\\d\\.\\d+\\.\\d+g?[a-zA-Z]*"
                reverse: false

              nntp:
@ -1089,7 +1089,7 @@ payloads:
                reverse: false

              telnet:
-                regex: "Check Point FireWall-1 authenticated Telnet server running on|Raptor Firewall Secure Gateway|No more connections are allowed to telnet server|Closing Telnet connection due to host problems|NetportExpress|WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING|Login authentication|recommended to use Stelnet|is not a secure protocol|Welcome to Microsoft Telnet Servic|no decompiling or reverse-engineering shall be allowed"
+                regex: "(?s).*login:|Check Point FireWall-1 authenticated Telnet server running on|Raptor Firewall Secure Gateway|No more connections are allowed to telnet server|Closing Telnet connection due to host problems|NetportExpress|WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING|Login authentication|recommended to use Stelnet|is not a secure protocol|Welcome to Microsoft Telnet Servic|no decompiling or reverse-engineering shall be allowed"
                reverse: false

              amqp: