Gh0st
/
Nettacker
mirror of https://github.com/OWASP/Nettacker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,652 Commits 14 Branches 13 Tags 27 MiB
Commit Graph

2652 Commits

Author SHA1 Message Date
Sam Stepanyan 070902df5c
Update Dockerfile - bump python to 3.11.13 (#1110) 
bump python to 3.11.13
 2025-07-31 22:12:05 +00:00
Sam Stepanyan 630de628b9
New module to detect PaloAlto GlobalProtect XSS CVE-2025-0133 (#1109) 
* Create paloalto_globalprotect_cve_2025_0133.yaml

new module for CVE-2025-0133

* Updated docs/Modules.md

updated docs

* Update nettacker/modules/vuln/paloalto_globalprotect_cve_2025_0133.yaml

CodeRabbit YAML formatting suggestion - we have this issue pretty much with all YAML files, so a separate tidy-up PR will be needed in the future

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-07-30 21:57:08 +00:00
Achintya Jai e04fd1c17e
updated the declarative base import (#1108) 2025-07-28 14:17:58 +00:00
Achintya Jai 9a0006ea42
Feature: Exclude certain ports from being scanned (#1099) 
* feature: exclude certain ports from being scanned

* ruff fixes

* handling exception for vulnerablility modules

* not relying on try and except

* updated documentation, changed flag

* test case for module file

* update test

* mocking the database calls, that's probably the issue

* removed breaking test for now

* coderabbit suggested change, minor code refactoring

* ruff fixes

---------

Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
 2025-07-27 08:11:53 +00:00
Achintya Jai e450c819d8
[feature] add custom headers for http requests via CLI and remove sensitive headers before adding it to the database (#1107) 
* [feature] add custom headers for http requests via CLI. Removes sensitive info before logging in the database

* better help message

* input validation - coderabbit changes

* ruff fixes

* allow for header chaining with multiple -H flags and for complex headers involving comma separated values

* test case for http.py that include using headers. Added pytest-asyncio for the same

* ruff fixes

* formatting changes suggested by coderabbit

* docs update

* correct usage and en.yaml file
 2025-07-26 20:30:05 +00:00
Son Sulung Suryahatta Asnan a08c328e83
chore: add indonesian translation (#1101) 2025-07-26 19:30:28 +00:00
Achintya Jai 6e7a6519cf
changed rege (#1098) 2025-07-12 10:11:13 +00:00
Achintya Jai 7cbf897e30
handle OSError if port not present in /etc/services (#1093) 
* handle unknown ports in /etc/services

* ruff fix

* Update code

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-07-09 14:04:30 +00:00
Achintya Jai 66c0e919b2
adding tests for graph.py (#1094) 2025-07-08 23:28:54 +00:00
Achintya Jai cd34fba676
fixing the global flags issue in joomla_template_scan and drupal_theme_scan (#1091) 
* fixing the global flags issue in joomla template and drupal theme scans, and adding a regex validation testcase

* ruff fixes
 2025-06-25 14:06:50 +00:00
dependabot[bot] bb90f09378
Bump urllib3 from 2.2.2 to 2.5.0 (#1089) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.2 to 2.5.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.2...2.5.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-19 17:22:57 +00:00
Arkadii Yakovets dadb3ea9cb
Update PR template (#1084) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-06-18 08:31:36 +00:00
Achintya Jai e419d227c2
Add die.py tests (#1042) 
* created tests for die.py

* updated

* migrate to pytest

* Update deps

* Revert poetry.lock

---------

Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-12 00:20:17 +00:00
Achintya Jai 04c2097fbe
regex fixes for mysql and mariaDB (#1083) 2025-06-11 12:43:20 +00:00
Achintya Jai 74e494dd1a
refactor tests and migrate to pytest (#1081) 
* refactor tests and migrate to pytest

* Update tests

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-11 01:27:16 +00:00
Achintya Jai 8748df910b
Add API core tests (#1080) 
* added tests for api/core

* ruff

* ruff fixes

* migrate to pytest

* Bump requests from 2.32.3 to 2.32.4 (#1082)

Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update code

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2025-06-11 00:59:40 +00:00
Achintya Jai 6244176c99
Add ip.py tests (#1075) 
* tests for ip.py

* migrate to pytest

* Update asserts

* Update tests

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-11 00:38:49 +00:00
dependabot[bot] 6275ead5ed
Bump requests from 2.32.3 to 2.32.4 (#1082) 
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-11 00:14:24 +00:00
Packet Phantom 958e1bc075
feature: add smb_brute command (#1070) 
* Update dependencies in poetry.lock and pyproject.toml for new packages

* feat: add SMB brute force module

* feat: add unit tests for SMB brute force module

* ran make pre-commit

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-06-09 15:49:15 +00:00
Achintya Jai af7abb683c
Unittets for database files (#1077) 
* unittests for database files

* ruff fixes
 2025-06-08 22:59:42 +00:00
Achintya Jai 4fd743a15d
fixed the create database part of postgresql.py (#1072) 2025-05-27 22:10:28 +00:00
Achintya Jai 10c95512e6
Refactoring Ip.py to return proper boolean values (#1043) 
* added bool to netaddr instances, removed redundant imports

* created test file for ip.py

* refactoring ip.py
 2025-05-27 22:02:59 +00:00
Packet Phantom 75fc06bd31
Handle socket.gaierror when retrieving server certificate (#1069) 2025-05-08 21:30:48 +00:00
Packet Phantom 9bdb94039c
refactor: use class attribute for SSH and Telnet client instantiation (#1068) 2025-05-08 00:34:32 +00:00
Achintya Jai d77becc42a
fixing regex introduced in PR1062 (#1067) 2025-05-06 11:34:34 +00:00
Sam Stepanyan 5eb8f3a506
security improvements (#1066) 
* security improvements

* formatting fix

* import sort

* security headers separate function
 2025-05-06 01:13:21 +00:00
Manav Acharya 423f66151a
Adding config_file_scan (#1051) 
* Config-scan

* Update config_wordlist.txt

Adding possible configuration file names

* Update config_wordlist.txt

Updating the wordlist to remove spaces in the urls

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-05-05 12:11:37 +00:00
Sam Stepanyan 4c88862c90
Adding ADOPTERS.md (#1065) 
* addding ADOPTERS.MD

* example Adopters
 2025-05-05 10:38:31 +00:00
Achintya Jai 6c0fbbfd0a
updated relevant parts of the documentation (#1064) 
* updated relevant parts of the documentation

* updated request header
 2025-04-28 21:11:33 +00:00
Achintya Jai 0c2d21405e
regex updates for port.yaml (#1062) 
* updated regexes

* Implementing logging response_dependent conditions in socket.py (#1060)

* logging matched services along with output from tcp_connect_send_and_recieve

* fixed tests

* fixed module.py

---------

Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
 2025-04-28 19:40:31 +00:00
Achintya Jai 3f214b76cf
Implementing logging response_dependent conditions in socket.py (#1060) 
* logging matched services along with output from tcp_connect_send_and_recieve

* fixed tests

* fixed module.py
 2025-04-27 22:18:11 +00:00
Achintya Jai a72bdfc9b6
Fixing database issues (#1056) 
* fixing mysql connections using pymysql

* fixing threading issues

* fixed postgres conns

* fix ruff

* reverting to original config

* sslmode as a user configurable parameter
 2025-04-04 23:08:56 +00:00
Achintya Jai f62da6a605
added clean exit for missing wordlists (#1047) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-18 12:42:37 +00:00
dyp4r cb1a011c13
Fix issues in telent.py located in core/lib (#1048) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-18 10:28:33 +00:00
Achintya Jai 809b6e2e5c
Implemented tests and removed duplicates for wordlists (#1039) 
* added tests for wordlists, removed duplicates

* removed src from conftest

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-18 01:26:42 +00:00
Achintya Jai f7ce6a0e2c
added amqp detection regex (#1046) 2025-03-18 00:57:35 +00:00
Sam Stepanyan 6ad4ce083c
added missing url logging (#1040) 
* added missing url logging

* Update nettacker/modules/scan/pma.yaml

Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2025-03-18 00:47:32 +00:00
dependabot[bot] 9c4cd46a2d
Bump jinja2 from 3.1.5 to 3.1.6 (#1035) 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.5...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-07 16:54:19 +00:00
Soumyaditya Batabyal 426ad9f06b
updated the whole italian translation file (#1033) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-07 15:26:37 +00:00
Achintya Jai 7a8bd583d4
small patch for en (#1036) 2025-03-07 14:41:30 +00:00
Achintya Jai 2667369af0
Custom wordlist functionality addition for scan modules (#1026) 
* adding default loop policy for asyncio

* added custom wordlist functionality

* lint fix

* bug fixes

* added break after first detection to exit for loop

* removed custom read from brute scans because its already implemented there

* updated according to suggested changes

* cleared old code

* fixed lint

* made requested changes

* made suggested changes

* lint fix

* changed user_wordlist to read_from_file
 2025-03-07 11:40:16 +00:00
Soumyaditya Batabyal 8d48b81467
Add some JapaneseTranslation (#1034) 2025-03-05 22:58:42 +00:00
Soumyaditya Batabyal e6f526e5ac
Add some ItalianTranslation (#1030) 2025-03-05 19:20:03 +00:00
Manav Acharya 71ea8a7c5e
create 'wp_plugin_cve_2023_47668_vuln' (#1029) 
* create 'wp_plugin_cve_2023_47668_vuln'

* Update wp_plugin_cve_2023_47668.yaml
 2025-03-02 23:57:48 +00:00
Achintya Jai 65192c8fc6
Added base path for directory enumeration (#1019) 
* added base path addition functionality

* fixed ruff

* unbound variable fix

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-21 21:33:02 +00:00
Sam Stepanyan f257381c2a
Update Dockerfile - bump python to 3.11.11 (#1021) 
bumping python image to 3.11.11

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-21 20:45:08 +00:00
Achintya Jai c0962bcd9d
adding default loop policy for asyncio (#1020) 2025-02-20 21:31:26 +00:00
Sam Stepanyan 626a765708
adding SonicWALL SSLVPN CVE-2024-53704 module (#1018) 
* Update paloalto_panos_cve_2025_0108.yaml added cisa_kev

Adding cisa_kev profile to the module:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added this CVE-2025-0108 impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

* adding sonicwall_sslvpn_cve_2024_53704_vuln module
 2025-02-20 02:30:11 +00:00
Sam Stepanyan 2456cd1951
Update paloalto_panos_cve_2025_0108.yaml added cisa_kev (#1017) 
Adding cisa_kev profile to the module:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added this CVE-2025-0108 impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
 2025-02-19 16:30:59 +00:00
Achintya Jai d143f4302b
updated regex for SSH scanning to include more matches (#1012) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-17 17:53:29 +00:00