Gh0st
/
Nettacker
mirror of https://github.com/OWASP/Nettacker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,573 Commits 15 Branches 13 Tags 27 MiB
Commit Graph

59 Commits

Author SHA1 Message Date
Arkadii Yakovets 7b1fe262ce
Remove `numpy` dependency 2024-10-21 15:12:13 -07:00
Arkadii Yakovets 8921009c14
Refactor code for future `numpy` removal 2024-10-21 14:46:26 -07:00
Sam Stepanyan c26625de4e
Adding litespeed-cache to wp_plugin_small.txt (#941) 
Adding litespeed-cache plugin affected by CVE-2024-47374 to the list of WordPress plugins to scan for

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-10-14 01:35:10 +00:00
T1 536b5f0c1f
Update es.yaml 
Added Spanish translations for scan comparison (issue  #905 )

Signed-off-by: T1 <126980610+tadash10@users.noreply.github.com>
 2024-10-01 18:09:32 -03:00
Arkadii Yakovets 2fbd9f6fa6
Merge pull request #928 from OWASP/cups_cve 
New module: cups_version_scan to help with the vulnerable CUPS printe…
 2024-09-29 18:52:37 +00:00
Sam Stepanyan 546042dea5 New module: cups_version_scan to help with the vulnerable CUPS printer detection 2024-09-29 19:41:48 +01:00
Sam Stepanyan b0db4adb68
Updated wp_plugin_small.txt with the-events-calendar (CVE-2024-8275) (#926) 
Added  the-events-calendar to the list as it has Unauthenticated SQL Injection vulnerability (SQLi) CVE-2024-8275

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-29 11:13:49 -07:00
Sam Stepanyan 506b3b4371
Merge branch 'master' into ivanti_vtm_ldate 2024-09-27 00:51:36 +01:00
Sam Stepanyan 0a0e2d6fc1 new module: ivanti_vtm_version_scan 2024-09-26 21:05:52 +01:00
Sam Stepanyan efa2c4df94 reformat 2024-09-26 08:09:38 +01:00
Sam Stepanyan 14933497e9 adding "-d" as a shortcut for "--skip-service-discovery" with relevant Usage documentation update 2024-09-26 07:59:20 +01:00
Sam Stepanyan 9b89749389
Update app.py 
minor formatting issue 

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-21 02:35:32 +01:00
Sam Stepanyan 987d4c3ed1 ScanID added to CLI and HTML report for easy identification of results 2024-09-21 02:30:26 +01:00
Sam Stepanyan 5eab2709c1
Merge branch 'master' into ivanti_csa 2024-09-20 01:54:07 +01:00
Sam Stepanyan 0de0aa167b ivanti_csa_lastpatcheddate_scan module 2024-09-20 01:44:15 +01:00
Sam Stepanyan 8ab4e48ac0
YAML indent fix in ivanti_ics_lastpatcheddate.yaml 
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-20 01:05:58 +01:00
Sam Stepanyan ed9ab85d20
dir_scan module update 
removed unnecessary extra trailing newlines

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-19 23:49:20 +01:00
Sam Stepanyan 6c68fb91a4
Merge branch 'master' into sam_dirb 2024-09-19 23:11:55 +01:00
Sam Stepanyan a86b9095fd dir_scan module 2024-09-19 23:08:19 +01:00
Omar Nasser 7d7e4158b4
Updating translations for ar.yaml 
Added translations for ar.yaml file and modified two old variables with better translations.

Signed-off-by: Omar Nasser <140649004+onass1@users.noreply.github.com>
 2024-09-19 02:02:06 +03:00
Sam Stepanyan f08334c9fc
Merge pull request #906 from Captain-T2004/Compare_Scans_Hindi 
Added Hindi translations for scan comparison
 2024-09-18 23:25:30 +01:00
Sam Stepanyan b62c037900
Update wp_plugin.yaml 
yaml update

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-18 09:06:58 +01:00
Sam Stepanyan 4e6cabb331
Updated wp_plugin.yaml 
Minor improvements - added plugin version to regex and fixed overlooked previously copy-pasted text from another module

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-18 08:46:23 +01:00
Captain-T2004 9859db19d4 Added Hindi translations for scan comparison 2024-09-18 11:57:33 +05:30
Arkadii Yakovets 763e998437
Update code 2024-09-17 16:32:56 -07:00
Arkadii Yakovets 6ffbf882cc
Apply suggestions from code review 
Signed-off-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2024-09-17 16:28:06 -07:00
Captain-T2004 97c4f99bb9 Reverted back the results to results_dir directory(.data/results) 
Now the comparison results are stored as report_compare_{date_time}_{scan_id}... in the default results_dir
 2024-09-16 08:31:47 +05:30
Captain-T2004 84e1ed41a9 Fixing last commit 2024-09-13 21:18:08 +05:30
Captain-T2004 9ffa45978e Fix file path handeling 2024-09-13 21:17:15 +05:30
Captain-T2004 f03ea61afe Forgot to run pre-commit 2024-09-12 10:19:12 +05:30
Captain-T2004 c640dcd1cf Adding filepath sanitization 2024-09-12 10:16:52 +05:30
Captain-T2004 d94f11860a CodeQL recommended changes 2024-09-11 21:05:09 +05:30
Akshay Behl 10fd8afd68
Merge branch 'master' into CREATE_SCAN_COMPARE 2024-09-11 18:48:57 +05:30
Arkadii Yakovets a397fa9e4b
Implement `nettacker` command 2024-09-05 09:44:03 -07:00
Sam Stepanyan c91d2db971
Updates subdomain.yaml removing defunct services 
Defunct services: bufferoverflow, threatminer and threatcrowd - replaced

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-05 01:19:52 +01:00
Captain-T2004 0615a1fe2e Fixed ssl_* module responses 2024-09-02 00:25:48 +05:30
Captain-T2004 97eb4f9c4c Made suggested changes 
1. changed the date format from "%Y/%m/%d" to "%Y-%m-%d" to make it ANSI and ISO 8601 compliant.

2. Changed the issuer and subject to issuer_str and subject_str which are formatted string from the x509 objects.

3. Added subject to  ssl_expired_certificate_vuln and ssl_expiring_certificate_scan modules
 2024-09-01 18:03:29 +05:30
Arkadii Yakovets 45943e07a3
Merge branch 'master' into CREATE_SCAN_COMPARE 2024-08-31 19:08:08 -07:00
Akshay Behl 01766065b8
Merge branch 'master' into SSL/TLS_MODULES 2024-09-01 04:20:57 +05:30
Sam Stepanyan b44218bf7a Apache OFBiz CVE-2024-38856 module 2024-08-30 23:19:03 +01:00
Captain-T2004 e47ef52929 Made changes following suggestion 
1. Change the date format from d/m/Y to Y-m-d (e.g. 2004-08-28)

2. In the return/output of ssl_certificate_scan in SSL library please  add certificate "subject" and "issuer" so these could be logged

3. Rename ssl_version module to ssl_weak_version

4. Change ssl_expired_certificate module to return expired certs only ( do not count expiring_soon certs - it is not a vulnerability!)

5. Create a separate ssl_expiring_certificate module in modules/scan (remember  'expiring soon'  is not a vulnerability, so we need to make this a 'scan' module)

6. Rename ssl_signed_certificate module to ssl_certificate_weak_signature and remove the self-signed check from it

7. Create a separate ssl_self_signed_certificate module in modules/vuln

Next in  nettacker/core/lib/ssl.py
 in class SslLibrary(BaseLibrary): you have ssl_certificate_scan and ssl_version_and_cipher_scan methods.
 There is a common code in these two methods so these could be refactored to remove the repetition.  Please refactor/improve this.
 In ssl_version_and_cipher_scan also please add add  to the output /return certificate "subject" ,"issuer" and an expiry date.
 This way if a user scans they network using IP addresses and some servers will come up with weak SSL versions/ciphers it will be easier for user to identify the servers using the certificate subject/issuer
 2024-08-31 02:42:15 +05:30
Akshay Behl 5518b140f6
Apply suggestions from code review 
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Akshay Behl <126911424+Captain-T2004@users.noreply.github.com>
 2024-08-31 02:35:38 +05:30
Akshay Behl 64b9457a8f
Update nettacker/core/lib/ssl.py 
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Akshay Behl <126911424+Captain-T2004@users.noreply.github.com>
 2024-08-27 01:15:33 +05:30
Captain-T2004 de4e02c2b1 Added Scan Compare feature 2024-08-26 04:02:07 +05:30
Captain-T2004 e8f57c1d16 Added SSL/TLS Modules 2024-08-25 19:49:53 +05:30
Arkadii Yakovets 44bd2ab7cd
Run scan in a separate thread when started via API 2024-08-23 17:45:01 -07:00
Arkadii Yakovets 310938b6cf
Simplify module fuzzer config syntax 2024-08-21 08:39:37 -07:00
Arkadii Yakovets 6c56fee299
Update release name/version handling 2024-08-21 08:28:19 -07:00
Arkadii Yakovets 57cf98a036
Update scan/admin config syntax 2024-08-20 16:17:44 -07:00
Arkadii Yakovets 560d94aced
Improve module configuration compatibility 2024-08-20 09:12:08 -07:00