Gh0st
/
Nettacker
mirror of https://github.com/OWASP/Nettacker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,676 Commits 14 Branches 13 Tags 27 MiB
Commit Graph

2676 Commits

Author SHA1 Message Date
Sam Stepanyan ad76ce537a
Update README.md (#1141) 
* Update README.md

Adding Scarf to Readme

* Update README.md

alt added

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-09-25 18:30:02 +00:00
einsibjarni 0fa6c156e3
Allow running on FreeBSD 13.*, 14.* and 15.* (#1136) 
* Allow running on FreeBSD 13.*, 14.* and 15.*

* Update code

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-09-14 17:31:15 +00:00
Sam Stepanyan a0831bc70a
Added AGENTS.md (#1128) 
* add AGENTS.md file

* add AGENTS.md file - link

* moved first two sentences into a comment
 2025-09-07 19:09:29 +00:00
Sam Stepanyan bf43de5f71
docs add Codebase Overview (#1129) 2025-09-07 18:29:02 +00:00
Achintya Jai e934f748ee
adding new output types (#1085) 
* sarif fully done, dd.json little left

* This is good to go now

* pre-commit fixes

* updated

* removing redundancy and less i/o operations

* ruff fixes

* fixed tests for Path.open

* rabbit suggestions

* added relevant documentation

* slight change in doc

* removing empty files that were added by mistake

* updated datatime format according to coderabbit's suggestions
 2025-09-07 18:22:29 +00:00
dependabot[bot] 2fea1e44f0
Bump actions/setup-python from 5 to 6 (#1133) 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v5...v6)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-version: '6'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-05 12:52:25 +00:00
Achintya Jai 1d37e0e3a2
Removing redundancy and cleaning profiles (#1041) 
* removed the vulnerability profile as it a subset of vuln

* removed brute_force profile as it is exactly same as brute

* removed cve_2021_38702 as a profile, its already there in cve, cve2021 and more relevant ones

* removed the puneethreddyrc profile

* removed information_gathering profile, added graphql.yaml to info

* removed the wp profile, it was a subset of wordpress

* removed the infortmation profile

* made relevant changes to the doc

* coderabbit suggestions
 2025-09-04 18:39:00 +00:00
Achintya Jai cd0d168ab4
pyproject updates to fix warnings issued by pytest (#1130) 
* updated pyproject to fix warnings issued by pytest

* Update pyproject.toml

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-09-02 22:34:18 +00:00
dependabot[bot] 5d905edce4
Bump ruff from 0.7.3 to 0.12.11 (#1131) 
Bumps [ruff](https://github.com/astral-sh/ruff) from 0.7.3 to 0.12.11.
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](https://github.com/astral-sh/ruff/compare/0.7.3...0.12.11)

---
updated-dependencies:
- dependency-name: ruff
  dependency-version: 0.12.11
  dependency-type: direct:development
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-09-02 22:11:43 +00:00
Sam Stepanyan 1ff4258318
New module: adobe_aem_lastpatcheddate_scan (#1125) 
* New module: adobe_aem_lastpatcheddate_scan

* docs update

* Update nettacker/modules/scan/adobe_aem_lastpatcheddate.yaml

coderabbit suggested improvements

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

* Update nettacker/modules/scan/adobe_aem_lastpatcheddate.yaml

coderabbit suggestion

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-08-30 03:29:49 +00:00
Sam Stepanyan 6eb1f5731d
New module to detect CrushFTP CVE-2025-31161 (#1126) 
* New module: crushftp_cve_2025_31161_vuln

* Update nettacker/modules/vuln/crushftp_cve_2025_31161.yaml

coderabbit formatting fix

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

* clean-up coderabbit issues

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-08-30 03:25:18 +00:00
dependabot[bot] 281a072675
Bump flask from 3.0.3 to 3.1.2 (#1127) 
Bumps [flask](https://github.com/pallets/flask) from 3.0.3 to 3.1.2.
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/flask/compare/3.0.3...3.1.2)

---
updated-dependencies:
- dependency-name: flask
  dependency-version: 3.1.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-29 23:10:18 +00:00
Sam Stepanyan b465808c59
Readme update with updated text, docker commands +docker-compose update (#1121) 
* Update README.md

Readme update with the updated tool description text and revised  Docker run commands in Quick Start

* Update docker-compose.yml

fix he command as the new runtime Docker no longer has poetry and runs Nettacker directly
 2025-08-13 00:06:20 +00:00
Sam Stepanyan 518321718c
New module: crushftp_lastpatcheddate_scan (#1124) 
* crushftp_lastpatcheddate_scan module

* docs update

* Fix typos found by code-rabbit

Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-08-13 00:02:26 +00:00
dependabot[bot] 2cb512bbc0
Bump actions/checkout from 4 to 5 (#1123) 
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-12 18:03:16 +00:00
Achintya Jai a9f48be405
removing accidental commit (#1122) 2025-08-12 00:13:57 +00:00
Sam Stepanyan 5fedd73868
Update pyproject.toml URLs (#1119) 
* Update pyproject.toml -homepage

added homepage and project email address to pyproject.toml

* Update pyproject.toml

ruff
 2025-08-11 20:06:46 +00:00
Achintya Jai a373e23c28
changed nettacker's data directory naming (#1100) 
* changed nettacker's data directory naming

* migration from .data to .nettacker

* ruff fixes

* documentation update
 2025-08-11 19:47:13 +00:00
Arkadii Yakovets 0f30544584
Add coderabbit config (#1120) 2025-08-09 19:59:21 +00:00
Sam Stepanyan c42460ce2f
Dockerfile change to multi-stage with 'nettacker' as entrypoint + related CI/CD changes (#1115) 
* Update Dockerfile

multi-stage Dockerfile

* Update ci_cd.yml

modifications to support Dockerfile entrypoint changes

* Update Dockerfile

added --no-deps --no-cache-dir

* Update Dockerfile

added OCI Label and remove the whl file after installation following the CodeRabbit review

* Update Dockerfile

moved OCI label as copy-pasted in the wrong place

* Update Dockerfile

as per suggestion

Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2025-08-09 15:30:45 +00:00
Davda James c77246f700
Fixed the issue of select all profiles button (#1117) 
* earlier selecting the select all profiles selects the all scan methods instead of profiles, fixed that now select all profiles works perfectly

* was taking all_profiles also its name, fixed that by adding condition
 2025-08-09 15:19:31 +00:00
Achintya Jai 7c36e44a67
unicode encoding of special characters to avoid breaking WAF scans graph (#1096) 
* unicode encoding of special characters to avoid breaking the HTML graph

* rerun checks

* ruff

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-08-08 21:19:03 +00:00
Achintya Jai cab9b2c2fe
[Feature-Web] adding skipping service discovery, exclude ports and custom HTTP headers to the web (#1113) 
* adding new features to the web UI

* minor bug fix

* ruff fixes

* removing debugging statement

* code-rabbit suggested changes

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-08-07 16:31:10 +00:00
dependabot[bot] 8695749cc5
Bump actions/download-artifact from 4 to 5 (#1114) 
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-08-06 16:37:43 +00:00
Sam Stepanyan 070902df5c
Update Dockerfile - bump python to 3.11.13 (#1110) 
bump python to 3.11.13
 2025-07-31 22:12:05 +00:00
Sam Stepanyan 630de628b9
New module to detect PaloAlto GlobalProtect XSS CVE-2025-0133 (#1109) 
* Create paloalto_globalprotect_cve_2025_0133.yaml

new module for CVE-2025-0133

* Updated docs/Modules.md

updated docs

* Update nettacker/modules/vuln/paloalto_globalprotect_cve_2025_0133.yaml

CodeRabbit YAML formatting suggestion - we have this issue pretty much with all YAML files, so a separate tidy-up PR will be needed in the future

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>
 2025-07-30 21:57:08 +00:00
Achintya Jai e04fd1c17e
updated the declarative base import (#1108) 2025-07-28 14:17:58 +00:00
Achintya Jai 9a0006ea42
Feature: Exclude certain ports from being scanned (#1099) 
* feature: exclude certain ports from being scanned

* ruff fixes

* handling exception for vulnerablility modules

* not relying on try and except

* updated documentation, changed flag

* test case for module file

* update test

* mocking the database calls, that's probably the issue

* removed breaking test for now

* coderabbit suggested change, minor code refactoring

* ruff fixes

---------

Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
 2025-07-27 08:11:53 +00:00
Achintya Jai e450c819d8
[feature] add custom headers for http requests via CLI and remove sensitive headers before adding it to the database (#1107) 
* [feature] add custom headers for http requests via CLI. Removes sensitive info before logging in the database

* better help message

* input validation - coderabbit changes

* ruff fixes

* allow for header chaining with multiple -H flags and for complex headers involving comma separated values

* test case for http.py that include using headers. Added pytest-asyncio for the same

* ruff fixes

* formatting changes suggested by coderabbit

* docs update

* correct usage and en.yaml file
 2025-07-26 20:30:05 +00:00
Son Sulung Suryahatta Asnan a08c328e83
chore: add indonesian translation (#1101) 2025-07-26 19:30:28 +00:00
Achintya Jai 6e7a6519cf
changed rege (#1098) 2025-07-12 10:11:13 +00:00
Achintya Jai 7cbf897e30
handle OSError if port not present in /etc/services (#1093) 
* handle unknown ports in /etc/services

* ruff fix

* Update code

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-07-09 14:04:30 +00:00
Achintya Jai 66c0e919b2
adding tests for graph.py (#1094) 2025-07-08 23:28:54 +00:00
Achintya Jai cd34fba676
fixing the global flags issue in joomla_template_scan and drupal_theme_scan (#1091) 
* fixing the global flags issue in joomla template and drupal theme scans, and adding a regex validation testcase

* ruff fixes
 2025-06-25 14:06:50 +00:00
dependabot[bot] bb90f09378
Bump urllib3 from 2.2.2 to 2.5.0 (#1089) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.2 to 2.5.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.2...2.5.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-19 17:22:57 +00:00
Arkadii Yakovets dadb3ea9cb
Update PR template (#1084) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-06-18 08:31:36 +00:00
Achintya Jai e419d227c2
Add die.py tests (#1042) 
* created tests for die.py

* updated

* migrate to pytest

* Update deps

* Revert poetry.lock

---------

Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-12 00:20:17 +00:00
Achintya Jai 04c2097fbe
regex fixes for mysql and mariaDB (#1083) 2025-06-11 12:43:20 +00:00
Achintya Jai 74e494dd1a
refactor tests and migrate to pytest (#1081) 
* refactor tests and migrate to pytest

* Update tests

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-11 01:27:16 +00:00
Achintya Jai 8748df910b
Add API core tests (#1080) 
* added tests for api/core

* ruff

* ruff fixes

* migrate to pytest

* Bump requests from 2.32.3 to 2.32.4 (#1082)

Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update code

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2025-06-11 00:59:40 +00:00
Achintya Jai 6244176c99
Add ip.py tests (#1075) 
* tests for ip.py

* migrate to pytest

* Update asserts

* Update tests

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-11 00:38:49 +00:00
dependabot[bot] 6275ead5ed
Bump requests from 2.32.3 to 2.32.4 (#1082) 
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-11 00:14:24 +00:00
Packet Phantom 958e1bc075
feature: add smb_brute command (#1070) 
* Update dependencies in poetry.lock and pyproject.toml for new packages

* feat: add SMB brute force module

* feat: add unit tests for SMB brute force module

* ran make pre-commit

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-06-09 15:49:15 +00:00
Achintya Jai af7abb683c
Unittets for database files (#1077) 
* unittests for database files

* ruff fixes
 2025-06-08 22:59:42 +00:00
Achintya Jai 4fd743a15d
fixed the create database part of postgresql.py (#1072) 2025-05-27 22:10:28 +00:00
Achintya Jai 10c95512e6
Refactoring Ip.py to return proper boolean values (#1043) 
* added bool to netaddr instances, removed redundant imports

* created test file for ip.py

* refactoring ip.py
 2025-05-27 22:02:59 +00:00
Packet Phantom 75fc06bd31
Handle socket.gaierror when retrieving server certificate (#1069) 2025-05-08 21:30:48 +00:00
Packet Phantom 9bdb94039c
refactor: use class attribute for SSH and Telnet client instantiation (#1068) 2025-05-08 00:34:32 +00:00
Achintya Jai d77becc42a
fixing regex introduced in PR1062 (#1067) 2025-05-06 11:34:34 +00:00
Sam Stepanyan 5eb8f3a506
security improvements (#1066) 
* security improvements

* formatting fix

* import sort

* security headers separate function
 2025-05-06 01:13:21 +00:00