OWASP Nettacker

OWASP Nettacker project was created to automate information gathering, vulnerability scanning and in general to aid penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports(in HTML/TXT/JSON/CSV format) for applications and networks, including discovering open ports, services, bugs, vulnerabilities, misconfigurations, default credentials, subdomains, etc. Nettacker can be run as a command-line utility (including running as a Docker container), API, Web GUI mode or as Maltego transforms.

OWASP Nettacker is written in 100% Python and does not rely on launching any external tools.

OWASP Nettacker can also help you find instances of critically vulnerable MOVEit Transfer, Citrix Netscaler, Ivanti ICS/EPMM/vTM/CSA services and other vulnerabilities in your network.

Latest Releases:

  • v0.4.0: On September 27th, 2024 OWASP Nettacker v0.4.0 was released with major code refactoring, PyPI package, and new modules to scan for vulnerabilities and last patched dates in Ivanti CSA/vTM, Apache OFBiz, Confluence, TeamCity, also SSL/TLS weak cipher detection, scan comparison feature, new documentation site and other improvements
  • v0.3.3: On January 20th, 2024 OWASP Nettacker v0.3.3 was released with new modules to scan for the latest Ivanti ICS CVE-2023-46805 vulnerability, Ivanti EPMM CVE-2023-35082, WordPress POST SMTP plugin CVE-2023-6875 and modules to help you find unpatched Citrix Netscaler & Ivanti devices
  • v0.3.2: On October 31st, 2023 OWASP Nettacker v0.3.2 was released with new modules to scan networks for Critical vulnerabilities such as: Adobe Coldfusion CVE-2023-26360, Atlassian Confluence CVE-2023-22515 and Citrix Netscaler CVE-2023-4966 (aka “CitrixBleed”)
  • v0.3.1 On July 5th, 2023 OWASP Nettacker v0.3.1 released with new modules to scan for MOVEit Transfer instances and the latest Citrix CVE-2023-24488:

Documentation

Code Repository

Docker Images

Contributing

Quick Demo - CLI

asciicast

Quick Demo - WebUI