OWASP Nettacker

OWASP Nettacker project was created to automate information gathering, vulnerability scanning and in general to aid penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports(in HTML/TXT/JSON/CSV format) for applications and networks, including discovering open ports, services, bugs, vulnerabilities, misconfigurations, default credentials, subdomains, etc. Nettacker can be run as a command-line utility (including running as a Docker container), API, Web GUI mode or as Maltego transforms.

OWASP Nettacker is written in 100% Python and does not rely on launching any external tools.

On July 5th 2023 OWASP Nettacker v0.3.1 was released with new modules to scan for MOVEit Transfer instances and the latest Citrix CVE-2023-24488:


Code Repository

Docker Images


Quick Demo - CLI


Quick Demo - WebUI