* Create paloalto_globalprotect_cve_2025_0133.yaml
new module for CVE-2025-0133
* Updated docs/Modules.md
updated docs
* Update nettacker/modules/vuln/paloalto_globalprotect_cve_2025_0133.yaml
CodeRabbit YAML formatting suggestion - we have this issue pretty much with all YAML files, so a separate tidy-up PR will be needed in the future
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
---------
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
* feature: exclude certain ports from being scanned
* ruff fixes
* handling exception for vulnerablility modules
* not relying on try and except
* updated documentation, changed flag
* test case for module file
* update test
* mocking the database calls, that's probably the issue
* removed breaking test for now
* coderabbit suggested change, minor code refactoring
* ruff fixes
---------
Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
* [feature] add custom headers for http requests via CLI. Removes sensitive info before logging in the database
* better help message
* input validation - coderabbit changes
* ruff fixes
* allow for header chaining with multiple -H flags and for complex headers involving comma separated values
* test case for http.py that include using headers. Added pytest-asyncio for the same
* ruff fixes
* formatting changes suggested by coderabbit
* docs update
* correct usage and en.yaml file
* Update dependencies in poetry.lock and pyproject.toml for new packages
* feat: add SMB brute force module
* feat: add unit tests for SMB brute force module
* ran make pre-commit
---------
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
* Config-scan
* Update config_wordlist.txt
Adding possible configuration file names
* Update config_wordlist.txt
Updating the wordlist to remove spaces in the urls
---------
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
* fixing mysql connections using pymysql
* fixing threading issues
* fixed postgres conns
* fix ruff
* reverting to original config
* sslmode as a user configurable parameter
* adding default loop policy for asyncio
* added custom wordlist functionality
* lint fix
* bug fixes
* added break after first detection to exit for loop
* removed custom read from brute scans because its already implemented there
* updated according to suggested changes
* cleared old code
* fixed lint
* made requested changes
* made suggested changes
* lint fix
* changed user_wordlist to read_from_file
* Update paloalto_panos_cve_2025_0108.yaml added cisa_kev
Adding cisa_kev profile to the module:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added this CVE-2025-0108 impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
* adding sonicwall_sslvpn_cve_2024_53704_vuln module
Adding cisa_kev profile to the module:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added this CVE-2025-0108 impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
* move paloalto_panos_cve_2025_0108.yaml to nettacker/modules/vuln/paloalto_panos_cve_2025_0108.yaml
Fix of the incorrect location for the module
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
* Delete Modules.md in wrong location
location fix
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
* Update Modules.md with CVE-2025-0108
added CVE-2025-0108 module to the docs
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
---------
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
The issue caused the program to erroneously run a regex pattern on HTML content instead of the request data. This was because the port number wasn't displayed in the HTML's body content. The commit rectifies this problem, ensuring that regex operates on the correct data.
Sam Stepanyan
Achintya Jai
Son Sulung Suryahatta Asnan
Packet Phantom
Manav Acharya
dyp4r
Soumyaditya Batabyal
Osama Ahmed Tahir
Arun Krishnan
Bhagyashree
tanaydin sirin
AntonL