Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Go to file

Sam Stepanyan 5fedd73868 Update pyproject.toml URLs (#1119 ) * Update pyproject.toml -homepage added homepage and project email address to pyproject.toml * Update pyproject.toml ruff		2025-08-11 20:06:46 +00:00
.github	Dockerfile change to multi-stage with 'nettacker' as entrypoint + related CI/CD changes (#1115 )	2025-08-09 15:30:45 +00:00
docs	changed nettacker's data directory naming (#1100 )	2025-08-11 19:47:13 +00:00
nettacker	changed nettacker's data directory naming (#1100 )	2025-08-11 19:47:13 +00:00
tests	Feature: Exclude certain ports from being scanned (#1099 )	2025-07-27 08:11:53 +00:00
.coderabbit.yaml	Add coderabbit config (#1120 )	2025-08-09 19:59:21 +00:00
.coverage.Purge12.53949.XRsbvtqx.wgw1	updated the declarative base import (#1108 )	2025-07-28 14:17:58 +00:00
.gitattributes	Create .gitattributes	2023-07-03 10:25:07 +01:00
.gitignore	changed nettacker's data directory naming (#1100 )	2025-08-11 19:47:13 +00:00
.pre-commit-config.yaml	Nettacker code base major refactoring	2024-08-08 11:04:35 -07:00
.readthedocs.yml	mkdocs	2024-08-25 01:56:35 +01:00
ADOPTERS.md	Adding ADOPTERS.md (#1065 )	2025-05-05 10:38:31 +00:00
CODE_OF_CONDUCT.md	create code of conduct	2017-12-24 18:11:58 +03:30
CONTRIBUTING.md	Change old hardcoded reference to OWASP repo #363	2021-01-11 18:59:13 +05:30
Dockerfile	Dockerfile change to multi-stage with 'nettacker' as entrypoint + related CI/CD changes (#1115 )	2025-08-09 15:30:45 +00:00
EXTERNAL_LIBRARIES_LICENSES.md	Add license for intro.js	2018-06-29 01:32:53 +05:30
LICENSE	update license to apache version 2.0	2017-08-27 18:29:07 +04:30
Makefile	Update PR template (#951 )	2024-11-14 09:25:12 +00:00
README.md	changed nettacker's data directory naming (#1100 )	2025-08-11 19:47:13 +00:00
SECURITY.md	Update Security.md (#964 )	2024-11-21 18:23:05 +00:00
docker-compose.yml	Optimize docker image	2024-09-07 12:24:23 -07:00
mkdocs.yml	mkdocs	2024-08-25 01:56:35 +01:00
nettacker.py	Implement `nettacker` command	2024-09-05 09:44:03 -07:00
poetry.lock	[feature] add custom headers for http requests via CLI and remove sensitive headers before adding it to the database (#1107 )	2025-07-26 20:30:05 +00:00
pyproject.toml	Update pyproject.toml URLs (#1119 )	2025-08-11 20:06:46 +00:00

README.md

OWASP Nettacker

DISCLAIMER

THIS SOFTWARE WAS CREATED FOR AUTOMATED PENETRATION TESTING AND INFORMATION GATHERING. YOU MUST USE THIS SOFTWARE IN A RESPONSIBLE AND ETHICAL MANNER. DO NOT TARGET SYSTEMS OR APPLICATIONS WITHOUT OBTAINING PERMISSIONS OR CONSENT FROM THE SYSTEM OWNERS OR ADMINISTRATORS. CONTRIBUTORS WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.

OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanners making it one of the best.

OWASP Page: https://owasp.org/www-project-nettacker/
Wiki: https://github.com/OWASP/Nettacker/wiki
Slack: #project-nettacker on https://owasp.slack.com
Installation: https://github.com/OWASP/Nettacker/wiki/Installation
Usage: https://github.com/OWASP/Nettacker/wiki/Usage
GitHub: https://github.com/OWASP/Nettacker
Docker Image: https://hub.docker.com/r/owasp/nettacker
How to use the Dockerfile: https://github.com/OWASP/Nettacker/wiki/Installation#docker
OpenHub: https://www.openhub.net/p/OWASP-Nettacker
Donate: https://owasp.org/donate/?reponame=www-project-nettacker&title=OWASP+Nettacker
Read More: https://www.secologist.com/open-source-projects

Quick Setup & Run

$ docker-compose up -d && docker exec -it nettacker-nettacker-1 /bin/bash
# poetry run python nettacker.py -i owasp.org -s -m port_scan

Results are accessible from your (https://localhost:5000) or https://nettacker-api.z3r0d4y.com:5000/ (pointed to your localhost)
The local database is .nettacker/data/nettacker.db (sqlite).
Default results path is .nettacker/data/results
docker-compose will share your nettacker folder, so you will not lose any data after docker-compose down
To see the API key in you can run docker logs nettacker_nettacker_1.
More details and setup without docker https://github.com/OWASP/Nettacker/wiki/Installation

Thanks to our awesome contributors

Adopters

We’re grateful to the organizations, community projects, and individuals who adopt and rely on OWASP Nettacker for their security workflows.

If you’re using OWASP Nettacker in your organization or project, we’d love to hear from you! Feel free to add your details to the ADOPTERS.md file by submitting a pull request or reach out to us via GitHub issues. Let’s showcase how Nettacker is making a difference in the security community!

See ADOPTERS.md for details.

IoT Scanner

Python Multi Thread & Multi Process Network Information Gathering Vulnerability Scanner
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… )
Asset Discovery & Network Service Analysis
Services Brute Force Testing
Services Vulnerability Testing
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
HTML, JSON, CSV and Text Outputs
API & WebUI
This project is at the moment in research and development phase
Thanks to Google Summer of Code Initiative and all the students who contributed to this project during their summer breaks:

README.md Unescape Escape