Gh0st
/
Nettacker
mirror of https://github.com/OWASP/Nettacker.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
2,643 Commits 14 Branches 13 Tags 27 MiB
Commit Graph

2643 Commits

Author SHA1 Message Date
Achintya Jai cd34fba676
fixing the global flags issue in joomla_template_scan and drupal_theme_scan (#1091) 
* fixing the global flags issue in joomla template and drupal theme scans, and adding a regex validation testcase

* ruff fixes
 2025-06-25 14:06:50 +00:00
dependabot[bot] bb90f09378
Bump urllib3 from 2.2.2 to 2.5.0 (#1089) 
Bumps [urllib3](https://github.com/urllib3/urllib3) from 2.2.2 to 2.5.0.
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](https://github.com/urllib3/urllib3/compare/2.2.2...2.5.0)

---
updated-dependencies:
- dependency-name: urllib3
  dependency-version: 2.5.0
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-19 17:22:57 +00:00
Arkadii Yakovets dadb3ea9cb
Update PR template (#1084) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-06-18 08:31:36 +00:00
Achintya Jai e419d227c2
Add die.py tests (#1042) 
* created tests for die.py

* updated

* migrate to pytest

* Update deps

* Revert poetry.lock

---------

Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-12 00:20:17 +00:00
Achintya Jai 04c2097fbe
regex fixes for mysql and mariaDB (#1083) 2025-06-11 12:43:20 +00:00
Achintya Jai 74e494dd1a
refactor tests and migrate to pytest (#1081) 
* refactor tests and migrate to pytest

* Update tests

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-11 01:27:16 +00:00
Achintya Jai 8748df910b
Add API core tests (#1080) 
* added tests for api/core

* ruff

* ruff fixes

* migrate to pytest

* Bump requests from 2.32.3 to 2.32.4 (#1082)

Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update code

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2025-06-11 00:59:40 +00:00
Achintya Jai 6244176c99
Add ip.py tests (#1075) 
* tests for ip.py

* migrate to pytest

* Update asserts

* Update tests

---------

Co-authored-by: Arkadii Yakovets <arkadii.yakovets@owasp.org>
 2025-06-11 00:38:49 +00:00
dependabot[bot] 6275ead5ed
Bump requests from 2.32.3 to 2.32.4 (#1082) 
Bumps [requests](https://github.com/psf/requests) from 2.32.3 to 2.32.4.
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](https://github.com/psf/requests/compare/v2.32.3...v2.32.4)

---
updated-dependencies:
- dependency-name: requests
  dependency-version: 2.32.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
 2025-06-11 00:14:24 +00:00
Packet Phantom 958e1bc075
feature: add smb_brute command (#1070) 
* Update dependencies in poetry.lock and pyproject.toml for new packages

* feat: add SMB brute force module

* feat: add unit tests for SMB brute force module

* ran make pre-commit

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-06-09 15:49:15 +00:00
Achintya Jai af7abb683c
Unittets for database files (#1077) 
* unittests for database files

* ruff fixes
 2025-06-08 22:59:42 +00:00
Achintya Jai 4fd743a15d
fixed the create database part of postgresql.py (#1072) 2025-05-27 22:10:28 +00:00
Achintya Jai 10c95512e6
Refactoring Ip.py to return proper boolean values (#1043) 
* added bool to netaddr instances, removed redundant imports

* created test file for ip.py

* refactoring ip.py
 2025-05-27 22:02:59 +00:00
Packet Phantom 75fc06bd31
Handle socket.gaierror when retrieving server certificate (#1069) 2025-05-08 21:30:48 +00:00
Packet Phantom 9bdb94039c
refactor: use class attribute for SSH and Telnet client instantiation (#1068) 2025-05-08 00:34:32 +00:00
Achintya Jai d77becc42a
fixing regex introduced in PR1062 (#1067) 2025-05-06 11:34:34 +00:00
Sam Stepanyan 5eb8f3a506
security improvements (#1066) 
* security improvements

* formatting fix

* import sort

* security headers separate function
 2025-05-06 01:13:21 +00:00
Manav Acharya 423f66151a
Adding config_file_scan (#1051) 
* Config-scan

* Update config_wordlist.txt

Adding possible configuration file names

* Update config_wordlist.txt

Updating the wordlist to remove spaces in the urls

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-05-05 12:11:37 +00:00
Sam Stepanyan 4c88862c90
Adding ADOPTERS.md (#1065) 
* addding ADOPTERS.MD

* example Adopters
 2025-05-05 10:38:31 +00:00
Achintya Jai 6c0fbbfd0a
updated relevant parts of the documentation (#1064) 
* updated relevant parts of the documentation

* updated request header
 2025-04-28 21:11:33 +00:00
Achintya Jai 0c2d21405e
regex updates for port.yaml (#1062) 
* updated regexes

* Implementing logging response_dependent conditions in socket.py (#1060)

* logging matched services along with output from tcp_connect_send_and_recieve

* fixed tests

* fixed module.py

---------

Signed-off-by: Achintya Jai <153343775+pUrGe12@users.noreply.github.com>
 2025-04-28 19:40:31 +00:00
Achintya Jai 3f214b76cf
Implementing logging response_dependent conditions in socket.py (#1060) 
* logging matched services along with output from tcp_connect_send_and_recieve

* fixed tests

* fixed module.py
 2025-04-27 22:18:11 +00:00
Achintya Jai a72bdfc9b6
Fixing database issues (#1056) 
* fixing mysql connections using pymysql

* fixing threading issues

* fixed postgres conns

* fix ruff

* reverting to original config

* sslmode as a user configurable parameter
 2025-04-04 23:08:56 +00:00
Achintya Jai f62da6a605
added clean exit for missing wordlists (#1047) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-18 12:42:37 +00:00
dyp4r cb1a011c13
Fix issues in telent.py located in core/lib (#1048) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-18 10:28:33 +00:00
Achintya Jai 809b6e2e5c
Implemented tests and removed duplicates for wordlists (#1039) 
* added tests for wordlists, removed duplicates

* removed src from conftest

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-18 01:26:42 +00:00
Achintya Jai f7ce6a0e2c
added amqp detection regex (#1046) 2025-03-18 00:57:35 +00:00
Sam Stepanyan 6ad4ce083c
added missing url logging (#1040) 
* added missing url logging

* Update nettacker/modules/scan/pma.yaml

Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2025-03-18 00:47:32 +00:00
dependabot[bot] 9c4cd46a2d
Bump jinja2 from 3.1.5 to 3.1.6 (#1035) 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.5 to 3.1.6.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.5...3.1.6)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-07 16:54:19 +00:00
Soumyaditya Batabyal 426ad9f06b
updated the whole italian translation file (#1033) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-03-07 15:26:37 +00:00
Achintya Jai 7a8bd583d4
small patch for en (#1036) 2025-03-07 14:41:30 +00:00
Achintya Jai 2667369af0
Custom wordlist functionality addition for scan modules (#1026) 
* adding default loop policy for asyncio

* added custom wordlist functionality

* lint fix

* bug fixes

* added break after first detection to exit for loop

* removed custom read from brute scans because its already implemented there

* updated according to suggested changes

* cleared old code

* fixed lint

* made requested changes

* made suggested changes

* lint fix

* changed user_wordlist to read_from_file
 2025-03-07 11:40:16 +00:00
Soumyaditya Batabyal 8d48b81467
Add some JapaneseTranslation (#1034) 2025-03-05 22:58:42 +00:00
Soumyaditya Batabyal e6f526e5ac
Add some ItalianTranslation (#1030) 2025-03-05 19:20:03 +00:00
Manav Acharya 71ea8a7c5e
create 'wp_plugin_cve_2023_47668_vuln' (#1029) 
* create 'wp_plugin_cve_2023_47668_vuln'

* Update wp_plugin_cve_2023_47668.yaml
 2025-03-02 23:57:48 +00:00
Achintya Jai 65192c8fc6
Added base path for directory enumeration (#1019) 
* added base path addition functionality

* fixed ruff

* unbound variable fix

---------

Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-21 21:33:02 +00:00
Sam Stepanyan f257381c2a
Update Dockerfile - bump python to 3.11.11 (#1021) 
bumping python image to 3.11.11

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-21 20:45:08 +00:00
Achintya Jai c0962bcd9d
adding default loop policy for asyncio (#1020) 2025-02-20 21:31:26 +00:00
Sam Stepanyan 626a765708
adding SonicWALL SSLVPN CVE-2024-53704 module (#1018) 
* Update paloalto_panos_cve_2025_0108.yaml added cisa_kev

Adding cisa_kev profile to the module:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added this CVE-2025-0108 impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.

* adding sonicwall_sslvpn_cve_2024_53704_vuln module
 2025-02-20 02:30:11 +00:00
Sam Stepanyan 2456cd1951
Update paloalto_panos_cve_2025_0108.yaml added cisa_kev (#1017) 
Adding cisa_kev profile to the module:
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has just added this CVE-2025-0108 impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation.
 2025-02-19 16:30:59 +00:00
Achintya Jai d143f4302b
updated regex for SSH scanning to include more matches (#1012) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-17 17:53:29 +00:00
Sam Stepanyan 507a098041
palo module location fix (#1014) 
* move paloalto_panos_cve_2025_0108.yaml to nettacker/modules/vuln/paloalto_panos_cve_2025_0108.yaml

Fix of the incorrect location for the module

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

* Delete Modules.md in wrong location

location fix

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

* Update Modules.md with CVE-2025-0108

added CVE-2025-0108 module to the docs

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>

---------

Signed-off-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-17 17:41:20 +00:00
Sam Stepanyan 6d427e2a3c
adding paloalto_panos_cve_2025_0108_vuln module (#1013) 2025-02-17 02:13:54 +00:00
Sam Stepanyan aff7fe3dc2 Revert "adding paloalto_panos_cve_2025_0108_vuln module" 
This reverts commit d76eb0b7d9.
 2025-02-17 01:39:23 +00:00
Sam Stepanyan d76eb0b7d9 adding paloalto_panos_cve_2025_0108_vuln module 2025-02-17 01:24:52 +00:00
Soumyaditya Batabyal 012bf5dda2
Add some ChineseTranslation (#1002) 
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-14 11:03:58 +00:00
Achintya Jai 34523c8e43
fixed the admin_scan output to include the hit URLs (#1008) 2025-02-11 20:00:18 +00:00
Osama Ahmed Tahir cd3d4c6e2e
The Urdu translation has been completed (#994) 
Signed-off-by: Osama Ahmed Tahir <31954609+osamaahmed17@users.noreply.github.com>
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
 2025-02-06 13:38:02 +00:00
dependabot[bot] 40781bf55f
Bump jinja2 from 3.1.4 to 3.1.5 (#984) 
Bumps [jinja2](https://github.com/pallets/jinja) from 3.1.4 to 3.1.5.
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](https://github.com/pallets/jinja/compare/3.1.4...3.1.5)

---
updated-dependencies:
- dependency-name: jinja2
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sam Stepanyan <sam.stepanyan@owasp.org>
Co-authored-by: Arkadii Yakovets <2201626+arkid15r@users.noreply.github.com>
 2025-02-03 17:13:29 +00:00
Soumyaditya Batabyal 4a7c6f3eb9
Add some KoreanTranslation (#996) 2025-02-03 15:45:21 +00:00