mirror of https://github.com/OWASP/Nettacker.git
automationbruteforcecvecveshacking-toolsinformation-gatheringnetwork-analysisowasppenetration-testingpenetration-testing-frameworkpentestingpentesting-toolsportscannerpythonscannersecuritysecurity-toolsvulnerability-managementvulnerability-scannervulnerability-scanners
14f6c06207
This is a refactor of existing Nettacker code I've been working on recently. The (incomplete) list of changes:
- add pre-commit checks
- apply OOP approach to the application architecture
- consolidate common modules logic into a base class
- extract YAML parsing logic into a separate module
- fix some typos
- get rid of (not all) misused try/except blocks
- migrate to poetry, remove requirements.* files
- re-design configuration module
- re-design logging module
- split application logic into classes
- use `pathlib` for path related manipulations
- use context-based naming for variables, modules, directories, etc
- use module level imports (vs function level)
- use the base class for specific protocol libraries
|
||
|---|---|---|
| .data | ||
| .github | ||
| src/nettacker | ||
| tests | ||
| .gitattributes | ||
| .gitignore | ||
| .pre-commit-config.yaml | ||
| CODE_OF_CONDUCT.md | ||
| CONTRIBUTING.md | ||
| Dockerfile | ||
| EXTERNAL_LIBRARIES_LICENSES.md | ||
| LICENSE | ||
| README.md | ||
| docker-compose.yml | ||
| poetry.lock | ||
| pyproject.toml | ||
| version.txt | ||
README.md
OWASP Nettacker
DISCLAIMER
- THIS SOFTWARE WAS CREATED FOR AUTOMATED PENETRATION TESTING AND INFORMATION GATHERING. CONTRIBUTORS WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanners making it one of the best.
- OWASP Page: https://owasp.org/www-project-nettacker/
- Wiki: https://github.com/OWASP/Nettacker/wiki
- Installation: https://github.com/OWASP/Nettacker/wiki/Installation
- Usage: https://github.com/OWASP/Nettacker/wiki/Usage
- GitHub: https://github.com/OWASP/Nettacker
- Slack: #project-nettacker on https://owasp.slack.com
- Mailing List: https://groups.google.com/forum/#!forum/owasp-nettacker
- Docker Image: https://hub.docker.com/r/owasp/nettacker
- How to use the Dockerfile: https://github.com/OWASP/Nettacker/wiki/Installation#docker
- OpenHub: https://www.openhub.net/p/OWASP-Nettacker
- Donate: https://owasp.org/donate/?reponame=www-project-nettacker&title=OWASP+Nettacker
- Read More: https://www.secologist.com/open-source-projects
Quick Setup & Run
$ docker-compose up -d && docker exec -it nettacker-nettacker-1 /bin/bash
# python nettacker.py -i owasp.org -s -m port_scan
- Results are accessible from your (https://localhost:5000) or https://nettacker-api.z3r0d4y.com:5000/ (pointed to your localhost)
- The local database is
.data/nettacker.db(sqlite). - Default results path is
.data/results docker-composewill share your nettacker folder, so you will not lose any data afterdocker-compose down- To see the API key in you can run
docker logs nettacker_nettacker_1. - More details and setup without docker https://github.com/OWASP/Nettacker/wiki/Installation
Thanks to our awesome contributors
IoT Scanner
- Python Multi Thread & Multi Process Network Information Gathering Vulnerability Scanner
- Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… )
- Asset Discovery & Network Service Analysis
- Services Brute Force Testing
- Services Vulnerability Testing
- HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
- HTML, JSON, CSV and Text Outputs
- API & WebUI
- This project is at the moment in research and development phase
- Thanks to Google Summer of Code Initiative and all the students who contributed to this project during their summer breaks:
Stargazers over time
