OWASP_Nettacker – Network Automated penetration testing framework

Introduction

OWASP Nettacker is an open source software in Python language which lets you automated penetration testing and automated Information Gathering. This software can be run on Windows/Linux/OSX under Python.

Nettacker is an automated tool that collects information, scans for vulnerabilities and ultimately generates a report for the network, including services, errors, vulnerabilities, misconfigurations, and information. This software can use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass firewalls / IDS / IPS and other devices. By using a single solution in Nettacker to find protected services like SCADA We can make a point to be one of the bests of scanners.

Features

  • IoT Scanner
  • Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner
  • Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )
  • Network Service Analysis
  • Services Brute Force Testing
  • Services Vulnerability Testing
  • HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
  • HTML and Text Outputs
  • This project is at the moment in research and development phase and most of results/codes are not published yet.

Installation

git clone https://github.com/Nettacker/Nettacker.git
cd Nettacker
pip install -r requirements.txt
./nettacker.py -h

Usage

– Exploit single target or multi targets:

Target input options

-i TARGETS, –targets TARGETS

            target(s) list, separate with ","

-l TARGETS_LIST, –targets-list TARGETS_LIST

            read target(s) from file

– Using multi scans, exploits:

-m SCAN_METHOD, –method SCAN_METHOD

            choose scan method ['port_scan', 'subdomain_scan',
            'admin_scan', 'wappalyzer_scan', 'dir_scan',
            'viewdns_reverse_ip_lookup_scan', 'pma_scan',
            'icmp_scan', 'ProFTPd_cpu_consumption_vuln',
            'Bftpd_memory_leak_vuln',
            'self_signed_certificate_vuln',
            'ProFTPd_directory_traversal_vuln',
            'ProFTPd_exec_arbitary_vuln',
            'wordpress_dos_cve_2018_6389_vuln',
            'weak_signature_algorithm_vuln',
            'ProFTPd_bypass_sqli_protection_vuln',
            'CCS_injection_vuln', 'heartbleed_vuln',
            'Bftpd_parsecmd_overflow_vuln',
            'ssl_certificate_expired_vuln',
            'Bftpd_double_free_vuln', 'Bftpd_remote_dos_vuln',
            'content_security_policy_vuln', 'smtp_brute',
            'http_form_brute', 'ssh_brute', 'http_ntlm_brute',
            'ftp_brute', 'telnet_brute', 'http_basic_auth_brute',
            'all']

– Running multithreading attack and connection

-t THREAD_NUMBER, –thread-connection THREAD_NUMBER

            thread numbers for connections to a host

-M THREAD_NUMBER_HOST, –thread-hostscan THREAD_NUMBER_HOST

            thread numbers for scan hosts

Examples:

./nettacker.py -i TARGET -m SCAN_METHOD -t 100

Port scanning
./nettacker.py -i vulnweb.com -m port_scan -t 100

wappalyzer scan
./nettacker.py -i testphp.vulnweb.com -m wappalyzer_scan -t 100

subdomain scan
./nettacker.py -i testphp.vulnweb.com -m subdomain_scan -t 100

Leave a Reply