OWASP Nettacker | OWASP Foundation (original) (raw)
OWASP Nettacker project was created to automate information gathering, vulnerability scanning and in general to aid penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports(in HTML/TXT/JSON/CSV format) for applications and networks, including discovering open ports, services, bugs, vulnerabilities, misconfigurations, default credentials, subdomains, etc. Nettacker can be run as a command-line utility (including running as a Docker container), API, Web GUI mode or as Maltego transforms.
OWASP Nettacker is written in 100% Python and does not rely on launching any external tools.
OWASP Nettacker can also help you find instances of critically vulnerable MOVEit Transfer, Citrix Netscaler, Ivanti ICS/EPMM/vTM/CSA services and other vulnerabilities in your network.
Latest Releases:
- v0.4.0: On September 27th, 2024 OWASP Nettacker v0.4.0 was released with major code refactoring, PyPI package, and new modules to scan for vulnerabilities and last patched dates in Ivanti CSA/vTM, Apache OFBiz, Confluence, TeamCity, also SSL/TLS weak cipher detection, scan comparison feature, new documentation site and other improvements
- v0.3.3: On January 20th, 2024 OWASP Nettacker v0.3.3 was released with new modules to scan for the latest Ivanti ICS CVE-2023-46805 vulnerability, Ivanti EPMM CVE-2023-35082, WordPress POST SMTP plugin CVE-2023-6875 and modules to help you find unpatched Citrix Netscaler & Ivanti devices
- v0.3.2: On October 31st, 2023 OWASP Nettacker v0.3.2 was released with new modules to scan networks for Critical vulnerabilities such as: Adobe Coldfusion CVE-2023-26360, Atlassian Confluence CVE-2023-22515 and Citrix Netscaler CVE-2023-4966 (aka “CitrixBleed”)
- v0.3.1 On July 5th, 2023 OWASP Nettacker v0.3.1 released with new modules to scan for MOVEit Transfer instances and the latest Citrix CVE-2023-24488:
Documentation
Code Repository
Docker Images
Contributing
Quick Demo - CLI
Quick Demo - WebUI
