OWASP Developer Guide


6.2.4 Nettacker

OWASP Nettacker is a command line utility for automated network and vulnerability scanning. It can be used during penetration testing for both internal and external security assessments of networks.

The Nettacker breaker/tool project is an OWASP Incubator Project; the latest version can be downloaded from the project’s github repository.

What is Nettacker?

Nettacker is an automated penetration testing tool. It is used to scan a network to discover nodes and servers on the network including subdomains. Nettacker can then identify servers, services and port numbers in use.

Nettacker is a modular python application that that can be extended with other scanning functions. The many modules available are grouped into domains:

Nettacker runs on Windows, Linux and MacOS.

Why use it?

Nettacker is easy to use from the command line, making it easy to use in scripts, and also comes with a web browser interface for easy navigation of the results. This makes it a quick and reliable way to gain information from a network.

Nettacker can be used both for auditing purposes and also for penetration testing.

How to use it

The OWASP Spotlight series provides an overview of attack surface management using Nettacker: ‘Project 11 - Nettacker’.

The documentation for Nettacker is provided in the repository wiki pages; follow these instructions to install it.

Nettacker is a flexible and modular scanning tool that can be used in many ways and with many options. The best way to start using it is by following the introduction video and then taking it from there.

The OWASP Developer Guide is a community effort; if there is something that needs changing then submit an issue or edit on GitHub.