Gh0st
/
Nettacker
mirror of https://github.com/OWASP/Nettacker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,573 Commits 15 Branches 13 Tags 27 MiB
Commit Graph

27 Commits

Author SHA1 Message Date
Arkadii Yakovets 7b1fe262ce
Remove `numpy` dependency 2024-10-21 15:12:13 -07:00
Arkadii Yakovets 8921009c14
Refactor code for future `numpy` removal 2024-10-21 14:46:26 -07:00
Sam Stepanyan efa2c4df94 reformat 2024-09-26 08:09:38 +01:00
Sam Stepanyan 14933497e9 adding "-d" as a shortcut for "--skip-service-discovery" with relevant Usage documentation update 2024-09-26 07:59:20 +01:00
Sam Stepanyan 9b89749389
Update app.py 
minor formatting issue 

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2024-09-21 02:35:32 +01:00
Sam Stepanyan 987d4c3ed1 ScanID added to CLI and HTML report for easy identification of results 2024-09-21 02:30:26 +01:00
Sam Stepanyan 6c68fb91a4
Merge branch 'master' into sam_dirb 2024-09-19 23:11:55 +01:00
Sam Stepanyan a86b9095fd dir_scan module 2024-09-19 23:08:19 +01:00
Arkadii Yakovets 763e998437
Update code 2024-09-17 16:32:56 -07:00
Arkadii Yakovets 6ffbf882cc
Apply suggestions from code review 
Signed-off-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2024-09-17 16:28:06 -07:00
Captain-T2004 97c4f99bb9 Reverted back the results to results_dir directory(.data/results) 
Now the comparison results are stored as report_compare_{date_time}_{scan_id}... in the default results_dir
 2024-09-16 08:31:47 +05:30
Captain-T2004 9ffa45978e Fix file path handeling 2024-09-13 21:17:15 +05:30
Captain-T2004 d94f11860a CodeQL recommended changes 2024-09-11 21:05:09 +05:30
Akshay Behl 10fd8afd68
Merge branch 'master' into CREATE_SCAN_COMPARE 2024-09-11 18:48:57 +05:30
Arkadii Yakovets a397fa9e4b
Implement `nettacker` command 2024-09-05 09:44:03 -07:00
Captain-T2004 97eb4f9c4c Made suggested changes 
1. changed the date format from "%Y/%m/%d" to "%Y-%m-%d" to make it ANSI and ISO 8601 compliant.

2. Changed the issuer and subject to issuer_str and subject_str which are formatted string from the x509 objects.

3. Added subject to  ssl_expired_certificate_vuln and ssl_expiring_certificate_scan modules
 2024-09-01 18:03:29 +05:30
Captain-T2004 e47ef52929 Made changes following suggestion 
1. Change the date format from d/m/Y to Y-m-d (e.g. 2004-08-28)

2. In the return/output of ssl_certificate_scan in SSL library please  add certificate "subject" and "issuer" so these could be logged

3. Rename ssl_version module to ssl_weak_version

4. Change ssl_expired_certificate module to return expired certs only ( do not count expiring_soon certs - it is not a vulnerability!)

5. Create a separate ssl_expiring_certificate module in modules/scan (remember  'expiring soon'  is not a vulnerability, so we need to make this a 'scan' module)

6. Rename ssl_signed_certificate module to ssl_certificate_weak_signature and remove the self-signed check from it

7. Create a separate ssl_self_signed_certificate module in modules/vuln

Next in  nettacker/core/lib/ssl.py
 in class SslLibrary(BaseLibrary): you have ssl_certificate_scan and ssl_version_and_cipher_scan methods.
 There is a common code in these two methods so these could be refactored to remove the repetition.  Please refactor/improve this.
 In ssl_version_and_cipher_scan also please add add  to the output /return certificate "subject" ,"issuer" and an expiry date.
 This way if a user scans they network using IP addresses and some servers will come up with weak SSL versions/ciphers it will be easier for user to identify the servers using the certificate subject/issuer
 2024-08-31 02:42:15 +05:30
Akshay Behl 5518b140f6
Apply suggestions from code review 
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Akshay Behl <126911424+Captain-T2004@users.noreply.github.com>
 2024-08-31 02:35:38 +05:30
Akshay Behl 64b9457a8f
Update nettacker/core/lib/ssl.py 
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Akshay Behl <126911424+Captain-T2004@users.noreply.github.com>
 2024-08-27 01:15:33 +05:30
Captain-T2004 de4e02c2b1 Added Scan Compare feature 2024-08-26 04:02:07 +05:30
Captain-T2004 e8f57c1d16 Added SSL/TLS Modules 2024-08-25 19:49:53 +05:30
Arkadii Yakovets 44bd2ab7cd
Run scan in a separate thread when started via API 2024-08-23 17:45:01 -07:00
Arkadii Yakovets 310938b6cf
Simplify module fuzzer config syntax 2024-08-21 08:39:37 -07:00
Arkadii Yakovets 560d94aced
Improve module configuration compatibility 2024-08-20 09:12:08 -07:00
Arkadii Yakovets 335c6cd7ee
Clean up code 2024-08-19 16:52:09 -07:00
Arkadii Yakovets 030c0adf22
Whitelist fuzzers for paths/URLs 2024-08-19 16:44:10 -07:00
Arkadii Yakovets 8a64187048
Change the entry point name/location 
As per request by Sam Stepanyan
 2024-08-11 11:31:18 -07:00