OWASP Nettacker v0.3.3 releases: Automated Penetration Testing Framework

OWASP Nettacker project is created to automate information gathering, vulnerability scanning, and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanners making it one of the bests.

• Future IoT Scanner
• Python Multi Thread & Multi-Process Network Information Gathering Vulnerability Scanner
• Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… )
• Asset Discovery & Network Service Analysis
• Services Brute Force Testing
• Services Vulnerability Testing
• HTTP/HTTPS Crawling, Fuzzing, Information Gathering, and …
• HTML, JSON and Text Outputs
• API & WebUI
• This project is at the moment in the research and development phase and most of the results/codes are not published yet.

Changelog v0.3.3

• New Module: Ivanti ICS CVE-2023-46805 Vulnerability detection by @jimmy-ly00 in #786
• New Module: Ivanti EPMM CVE-2023-35082 Vulnerability detection by @securestep9 in #793
• New Module: WordPress POST SMTP Mailer Plugin CVE-2023-6875 Vulnerability detection by @Captain-T2004 in #785
• New Module: Citrix Gateway Last Patched Date Scan by @securestep9 in #790
• New Module: HTML Title Scan by @securestep9 in #791
• New Module: Ivanti ICS Last Patched Date Scan by @securestep9 in #794
• New Module: Ivanti EPMM Last Patched Date Scan by @securestep9 in #795
• Update WordPress vulnerable plugins: post-smtp (CVE-2023-6875) by @securestep9 in #787
• Update README.md by @Ali-Razmjoo in #771
• [Snyk] Security upgrade aiohttp from 3.8.5 to 3.9.0 by @Ali-Razmjoo in #770
• [Snyk] Security upgrade paramiko from 3.3.1 to 3.4.0 by @Ali-Razmjoo in #778
• Bump aiohttp from 3.8.5 to 3.9.1 by @dependabot in #769
• Bump github/codeql-action from 2 to 3 by @dependabot in #775
• Bump ipython from 8.16.1 to 8.18.1 by @dependabot in #772
• Bump numpy from 1.26.0 to 1.26.2 by @dependabot in #764
• Bump flask from 3.0.0 to 3.0.1 by @dependabot in #789

Installation

git clone https://github.com/OWASP/Nettacker.git
cd Nettacker
pip install -r requirements.txt
python nettacker.py -h

THIS SOFTWARE WAS CREATED FOR AUTOMATED PENETRATION TESTING AND INFORMATION GATHERING. CONTRIBUTORS WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.

Copyright (C) 2017 zdresearch

Source: https://github.com/viraintel/