Gh0st
/
Nettacker
mirror of https://github.com/OWASP/Nettacker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,682 Commits 14 Branches 13 Tags 27 MiB
Commit Graph

2682 Commits

Author SHA1 Message Date
Sam Stepanyan 5fe4b03725
Merge pull request #890 from OWASP/securestep9-subdomains-2024-update-patch-1 
Updated subdomain.yaml removing defunct services
 2024-09-05 01:44:38 +01:00
Sam Stepanyan c91d2db971
Updates subdomain.yaml removing defunct services 
Defunct services: bufferoverflow, threatminer and threatcrowd - replaced

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-05 01:19:52 +01:00
Sam Stepanyan 28f1d9001d
Merge pull request #876 from Captain-T2004/SSL/TLS_MODULES 
Added SSL/TLS Modules
 2024-09-05 00:24:24 +01:00
Sam Stepanyan 286c6ea231
Merge branch 'master' into SSL/TLS_MODULES 2024-09-05 00:14:15 +01:00
dependabot[bot] f1ff5ed124
Bump ruff from 0.2.2 to 0.6.3 (#884) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.2.2 to 0.6.3.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/v0.2.2...0.6.3)

---
updated-dependencies:
- dependency-name: ruff
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2024-09-03 09:10:59 -07:00
Akshay Behl 21af8cdd33
Merge branch 'master' into CREATE_SCAN_COMPARE 2024-09-03 21:33:58 +05:30
Akshay Behl 820b198d71
Merge branch 'master' into SSL/TLS_MODULES 2024-09-03 21:33:50 +05:30
Arkadii Yakovets 6bd1aaeef6
Update CI/CD: run workflow just once for pull_request/push events 2024-09-03 08:52:15 -07:00
dependabot[bot] 0126926472
Bump pytest from 7.4.4 to 8.3.2 (#886) 
Bumps [pytest](https://github.com/pytest-dev/pytest) from 7.4.4 to 8.3.2.
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest/compare/7.4.4...8.3.2)

---
updated-dependencies:
- dependency-name: pytest
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-03 08:45:24 -07:00
dependabot[bot] 4593e7790d
Bump pytest-cov from 4.1.0 to 5.0.0 (#883) 
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 4.1.0 to 5.0.0.
- [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst)
- [Commits](https://github.com/pytest-dev/pytest-cov/compare/v4.1.0...v5.0.0)

---
updated-dependencies:
- dependency-name: pytest-cov
  dependency-type: direct:development
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-09-03 08:32:22 -07:00
Arkadii Yakovets 591414810a
Update CI/CD: add pre-commit, merge workflow files 2024-09-01 17:02:07 -07:00
Akshay Behl 63e790aaef
Merge branch 'master' into CREATE_SCAN_COMPARE 2024-09-02 00:50:01 +05:30
Akshay Behl 79cb19576f
Merge branch 'master' into SSL/TLS_MODULES 2024-09-02 00:49:20 +05:30
Captain-T2004 0615a1fe2e Fixed ssl_* module responses 2024-09-02 00:25:48 +05:30
Arkadii Yakovets c054aa9d6c
Update CI/CD: set proper workflow dependencies 2024-09-01 10:33:13 -07:00
Captain-T2004 97eb4f9c4c Made suggested changes 
1. changed the date format from "%Y/%m/%d" to "%Y-%m-%d" to make it ANSI and ISO 8601 compliant.

2. Changed the issuer and subject to issuer_str and subject_str which are formatted string from the x509 objects.

3. Added subject to  ssl_expired_certificate_vuln and ssl_expiring_certificate_scan modules
 2024-09-01 18:03:29 +05:30
Arkadii Yakovets 45943e07a3
Merge branch 'master' into CREATE_SCAN_COMPARE 2024-08-31 19:08:08 -07:00
Arkadii Yakovets 3dd57520bb
Merge branch 'master' into SSL/TLS_MODULES 2024-08-31 19:07:31 -07:00
dependabot[bot] c3259abf9c
Bump numpy from 1.26.4 to 2.0.2 (#881) 
Bumps [numpy](https://github.com/numpy/numpy) from 1.26.4 to 2.0.2.
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](https://github.com/numpy/numpy/compare/v1.26.4...v2.0.2)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-31 18:36:10 -07:00
Arkadii Yakovets 0651a8596a
Bump requests from 2.31.0 to 2.32.3 
Correct zipp dependency syntax
 2024-08-31 18:09:48 -07:00
Arkadii Yakovets deaa85908e
Bump docker/build-push-action from 5 to 6 
Based on https://github.com/OWASP/Nettacker/pull/850
 2024-08-31 17:58:53 -07:00
Arkadii Yakovets 4ed68f6333
Pin zipp >= 3.19.1 
Based on https://github.com/OWASP/Nettacker/pull/856
 2024-08-31 17:56:58 -07:00
Arkadii Yakovets 095909c91d
Update CI/CD: streamline CodeQL workflow 2024-08-31 17:52:51 -07:00
Arkadii Yakovets c783a8b5f2
Update CI/CD: consolidate docker publishing workflows 2024-08-31 17:46:35 -07:00
Arkadii Yakovets bdf281cf46
Update CI/CD, add Nettacker PyPI publishing workflow 2024-08-31 17:34:47 -07:00
Arkadii Yakovets 781f9a8299
Skip existing files for PyPI test uploads 2024-08-31 17:04:23 -07:00
dependabot[bot] 9a51832c28
Bump actions/download-artifact from 3 to 4 (#879) 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-31 16:58:39 -07:00
dependabot[bot] a98c0ccecd
Bump actions/upload-artifact from 3 to 4 (#878) 
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3 to 4.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2024-08-31 16:58:14 -07:00
Arkadii Yakovets 9e2c4b8ca4
Update CI/CD, add Nettacker PyPI test publishing workflow 2024-08-31 16:47:00 -07:00
Akshay Behl 01766065b8
Merge branch 'master' into SSL/TLS_MODULES 2024-09-01 04:20:57 +05:30
Sam Stepanyan f4b0bf827a
Merge pull request #882 from securestep9/apache_ofbiz 
New module: Apache OFBiz CVE-2024-38856 vulnerability
 2024-08-31 00:37:28 +01:00
Sam Stepanyan b44218bf7a Apache OFBiz CVE-2024-38856 module 2024-08-30 23:19:03 +01:00
Captain-T2004 e47ef52929 Made changes following suggestion 
1. Change the date format from d/m/Y to Y-m-d (e.g. 2004-08-28)

2. In the return/output of ssl_certificate_scan in SSL library please  add certificate "subject" and "issuer" so these could be logged

3. Rename ssl_version module to ssl_weak_version

4. Change ssl_expired_certificate module to return expired certs only ( do not count expiring_soon certs - it is not a vulnerability!)

5. Create a separate ssl_expiring_certificate module in modules/scan (remember  'expiring soon'  is not a vulnerability, so we need to make this a 'scan' module)

6. Rename ssl_signed_certificate module to ssl_certificate_weak_signature and remove the self-signed check from it

7. Create a separate ssl_self_signed_certificate module in modules/vuln

Next in  nettacker/core/lib/ssl.py
 in class SslLibrary(BaseLibrary): you have ssl_certificate_scan and ssl_version_and_cipher_scan methods.
 There is a common code in these two methods so these could be refactored to remove the repetition.  Please refactor/improve this.
 In ssl_version_and_cipher_scan also please add add  to the output /return certificate "subject" ,"issuer" and an expiry date.
 This way if a user scans they network using IP addresses and some servers will come up with weak SSL versions/ciphers it will be easier for user to identify the servers using the certificate subject/issuer
 2024-08-31 02:42:15 +05:30
Akshay Behl 5518b140f6
Apply suggestions from code review 
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Akshay Behl <126911424+Captain-T2004@users.noreply.github.com>
 2024-08-31 02:35:38 +05:30
Akshay Behl 64b9457a8f
Update nettacker/core/lib/ssl.py 
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Akshay Behl <126911424+Captain-T2004@users.noreply.github.com>
 2024-08-27 01:15:33 +05:30
Captain-T2004 de4e02c2b1 Added Scan Compare feature 2024-08-26 04:02:07 +05:30
Captain-T2004 e8f57c1d16 Added SSL/TLS Modules 2024-08-25 19:49:53 +05:30
Sam Stepanyan 8c86f6239b
Merge pull request #875 from OWASP/securestep9-patch-docs-home-image-fix-patch-1 
Update Home.md in docs - fixed broken images
 2024-08-25 11:55:04 +01:00
Sam Stepanyan 7c9dc72ca1
Update Home.md in docs - fixed broken images 
fixed broken images in Home page of documentation due to web folder move during refactoring

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-08-25 11:46:01 +01:00
Sam Stepanyan 2b30986ac9
Merge pull request #874 from OWASP/securestep9-docs-badge-patch-1 
added docs badge to README.md
 2024-08-25 02:39:48 +01:00
Sam Stepanyan 071bf36c20
added docs badge to README.md 
added docs badge to README.md

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-08-25 02:30:53 +01:00
Sam Stepanyan 52fcf41df7
Merge pull request #873 from OWASP/securestep9-readthedocs-readme-patch-1 
docs README.md update
 2024-08-25 02:20:27 +01:00
Sam Stepanyan b89c50339a
docs README.md update 
to include the ReadtheDocs site

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-08-25 02:11:42 +01:00
Sam Stepanyan dd16c6b51d
Merge pull request #872 from OWASP/securestep9-docs-load-patch-1 
Docs initial commit
 2024-08-25 02:05:25 +01:00
Sam Stepanyan 75561812b0 mkdocs 2024-08-25 01:56:35 +01:00
Sam Stepanyan 05a5de04be
Docs initial commit 
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-08-25 01:50:48 +01:00
Sam Stepanyan cdbdd2e854
Merge pull request #870 from OWASP/securestep9-docs-folder-create-patch-1 
Created docs folder
 2024-08-25 01:10:16 +01:00
Sam Stepanyan c97296ebcf
Merge branch 'master' into securestep9-docs-folder-create-patch-1 2024-08-25 00:58:15 +01:00
Sam Stepanyan 81a5f973e4
Merge pull request #871 from OWASP/securestep9-readme-image-refactor-fix-disclaimer-patch-1 
Update README.md - fixed broken images
 2024-08-25 00:57:53 +01:00
Sam Stepanyan 38e0181adf
Merge branch 'master' into securestep9-readme-image-refactor-fix-disclaimer-patch-1 2024-08-25 00:56:43 +01:00