Automated Penetration Testing Framework

Overview

OWASP Nettacker

Build Status Apache License Twitter GitHub contributors repo size

DISCLAIMER

  • THIS SOFTWARE WAS CREATED FOR AUTOMATED PENETRATION TESTING AND INFORMATION GATHERING. CONTRIBUTORS WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.

2018-01-19_0-45-07

OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.


  • *** IoT Scanner***
  • Python Multi Thread & Multi Process Network Information Gathering Vulnerability Scanner
  • Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… )
  • Asset Discovery & Network Service Analysis
  • Services Brute Force Testing
  • Services Vulnerability Testing
  • HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
  • HTML, JSON, CSV and Text Outputs
  • API & WebUI
  • This project is at the moment in research and development phase
  • Thanks to Google Summer of Code Initiative and all the students who contributed to this project during their summer breaks:

Comments
  • complete the subdomain_scan

    complete the subdomain_scan

    Hello,

    there is an uncompleted task in subdomain_scan module which needs to be done. I glad if anyone could help to add this two resources in this module.

          # Must add later!
            # https://censys.io/certificates?q=domain
            # https://transparencyreport.google.com/https/certificates
    
    

    Regards.

    enhancement help wanted priority 
    opened by Ali-Razmjoo 19
  • Create some new modules

    Create some new modules

    Hello everyone,

    if anyone would like to add some few modules to the framework, that would be great for our growing framework. some of a few ideas:

    • simple udp, syn, ack port scan
    • simple icmp scan (ping test)
    • phpmyadmin scan
    • wappalyzer scan for http
    • a few more brute force modules (http (basic auth, ntlm, form), telnet, and so on)

    let me know if there is any question. Regards.

    enhancement help wanted 
    opened by Ali-Razmjoo 19
  • Implementing Service scanning in OWASP-Nettacker

    Implementing Service scanning in OWASP-Nettacker

    OWASP-Nettacker currently lacks the power of scanning a network for running services before doing vulnerability assessment and sending payloads; hence every attack can end up useless if the service is running at a different port. Let’s take an example, when doing network scanning if a Secure Socket Layer is running on a port or if the port is using an SSL tunnel in order to protect its users from MITM attack then we first scan that service for SSL vulnerabilities like CCS injection, Heartbleed, Logjam, Poodle, and many others in order to keep the tunnel secure and the user’s data protected, this will boost the discovery rate of vulnerabilities.

    For services like SSH, SMTP, FTP and other common services we will be using normal banner grabbing techniques where Python sockets will be used. A typical FTP banner gives us information about the product and version being used on FTP service that is Bftpd 1.6.6 which could enumerate multiple vulnerabilities without sending any payloads to the server.

    [+] 192.168.2.1:220 bftpd 1.6.6 at 192.168.2.1 ready.

    For services like HTTP/HTTPS, we will be using Python-Requests module which will be helpful for detecting the server running by header information, a typical header looks like this which gives us information about the running services & version on the port which is Nginx/1.10.3 and the OS details which is Linux Ubuntu.

    ({'date': 'Thu, 08 Mar 2018 14:23:48 GMT', 'connection': 'keep-alive', 'content-encoding': 'gzip', 'x-powered-by': 'Express', 'content-type': 'text/html; charset=utf-8', 'vary': 'Accept-Encoding', 'cache-control': 'public, max-age=0', 'etag': 'W/"3b51-DSUPhtrEeYNRRot/gk1jUt+PAnc"', 'server': 'nginx/1.10.3 (Ubuntu)', 'transfer-encoding': 'chunked'})

    Many DNS servers are pre-configured with version information in DNS TXT records for the version bind label in the CHAOS class.

    dig @dns.name.server version.bind chaos txt

    Typical answers might include

    ;; ANSWER SECTION: version.bind. 0 CH TXT "9.8.1-P1" OR ;; ANSWER SECTION: version.bind. 1476526080 IN TXT "Microsoft DNS 6.1.7600 (1DB04228)" OR ;; ANSWER SECTION: version.bind. 0 CH TXT "dnsmasq-2.47"

    Same can be implemented using nslookup ​for Windows ​system.

    All the previous modules will be shifted to Service based detection instead of port-based detection after this implementation for better results.

    enhancement done 
    opened by pradeepjairamani 17
  • Add Documents, Improve Wiki, Add Training Videos

    Add Documents, Improve Wiki, Add Training Videos

    Hello everyone,

    OWASP Nettacker doesn't have any documents or wiki right now, It's best we start Developers/Users documents to make it more friendly.

    I glad if anyone can help on this! (start from wiki)

    enhancement help wanted done priority 
    opened by Ali-Razmjoo 14
  • A better ICMP library

    A better ICMP library

    Hello,

    I just notice that in #47 the lib/icmp and icmp_scan need to run as root to be working, I glad if someone can give us a better solution and contribute a new lib and replace the libraries.

    let me know if anyone has any idea.

    Best Regards.

    enhancement help wanted Version 0.0.3 
    opened by Ali-Razmjoo 12
  • Kippo Honeypot Detect

    Kippo Honeypot Detect

    Checklist

    • [x] I have followed the Contributor Guidelines.
    • [x] I have added the relevant documentation.
    • [x] My branch is up-to-date with the Upstream master branch.

    Changes proposed in this pull request

    • Kippo Honeypot Detection payload
    • updated requirements.txt with updated modules
    • New info for admin scan
    • Added POP3 Service scanner signature
    • Added XMPP service scanner signature
    • Updated nettacker update mechanism to daily basis instead of doing it on every scan by saving and fetching previous scan data.
    • header based blind sql injection payload added

    Your development environment

    • OS: Kali
    • OS Version: 2.0
    • Python Version: 2.7.3
    enhancement done 
    opened by pradeepjairamani 10
  • Cannot delete old database record for the selected target and modules error while executing program

    Cannot delete old database record for the selected target and modules error while executing program

    OS: kali OS Version: 2021.3 Python Version: 3.9.7 PIP Version: 21.2.4

    Traceback (most recent call last):
      File "/home/user/Desktop/Nettacker/nettacker.py", line 17, in <module>
       load()  # load and parse the ARGV
      File "/home/user/Desktop/Nettacker/core/parse.py", line 26, in load
        exit_code = start_scan_processes(options)
      File "/home/user/Desktop/Nettacker/core/scan_targers.py", line 80, in start_scan_processes
        remove_old_logs(
      File "/home/user/Desktop/Nettacker/database/db.py", line 130, in remove_old_logs
        session.query(HostsLog).filter(
    AttributeError: 'bool' object has no attribute 'query'
    

    Get this error while running the nettacker on the target site using command: python3 nettacker.py -i example.com --profile scan -m all --verbose

    opened by murtazakan 9
  • Implementing SSL vulnerability Scanner

    Implementing SSL vulnerability Scanner

    Implementing SSL based vulnerabilities like SSL logjam, SSL drown, SSL Poodle, SSL crime, TLS fallback, SSL lucky13, Weak DH ciphers and many others by enumerating server ciphers and also by detecting which SSL/TLS versions are being used in the server.

    enhancement 
    opened by pradeepjairamani 9
  • port_scan module not working in Python 3.9

    port_scan module not working in Python 3.9

    in python 3.9.1 getting error:

    [X] this module "port_scan" is not available.

    Probably some incompatibilities in Python 3.6->3.9 are crashing the module


    OS: Kali.Linux

    OS Version: 2020.3

    Python Version: 3.9.1

    bug compatibility issue 
    opened by securestep9 8
  • I keep getting this issue after running the PMA_Scan

    I keep getting this issue after running the PMA_Scan

    Exception in thread Thread-52: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner self.run() File "/usr/lib/python2.7/threading.py", line 754, in run self.__target(*self.__args, **self.__kwargs) File "/root/OWASP-Nettacker/lib/http_fuzzer/engine.py", line 312, in request_without_data if rule_evaluator(response, condition): File "/root/OWASP-Nettacker/lib/http_fuzzer/engine.py", line 337, in rule_evaluator return eval(condition) File "", line 1, in AttributeError: 'int' object has no attribute 'status_code'

    bug done priority 
    opened by pradeepjairamani 8
  • Issue in getting results via discovery funstion in service scanner

    Issue in getting results via discovery funstion in service scanner

    I was trying to perform the same operation on my localhost and results were different everytime.

    In [1]: from lib.payload.scanner.service.engine import discovery
    
    In [2]: discovery("127.0.0.1")
    Out[2]: {443: 'UNKNOWN', 3306: 'UNKNOWN'}
    
    In [3]: discovery("127.0.0.1")
    Out[3]: 
    {80: 'http',
     443: 'UNKNOWN',
     631: 'UNKNOWN',
     3306: 'UNKNOWN',
     5432: 'UNKNOWN',
     8002: 'http'}
    
    In [4]: discovery("127.0.0.1")
    Out[4]: 
    {80: 'http',
     139: 'UNKNOWN',
     443: 'UNKNOWN',
     445: 'UNKNOWN',
     631: 'UNKNOWN',
     3306: 'UNKNOWN',
     5432: 'UNKNOWN',
     8001: 'UNKNOWN',
     8002: 'http'}
    
    In [5]: discovery("127.0.0.1")
    Out[5]: 
    {80: 'http',
     139: 'UNKNOWN',
     443: 'UNKNOWN',
     445: 'UNKNOWN',
     631: 'UNKNOWN',
     3306: 'UNKNOWN',
     5432: 'UNKNOWN',
     8001: 'UNKNOWN',
     8002: 'http'}
    

    image

    Am I doing anything wrong or is it some problem with the module!! Performing a port scan however works fine for me.


    OS: Ubuntu

    OS Version: 16.04

    Python Version: 2.7.12

    enhancement possible bug 
    opened by shaddygarg 8
  • Bump pyopenssl from 22.1.0 to 23.0.0

    Bump pyopenssl from 22.1.0 to 23.0.0

    Bumps pyopenssl from 22.1.0 to 23.0.0.

    Changelog

    Sourced from pyopenssl's changelog.

    23.0.0 (2023-01-01)

    Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

    Deprecations: ^^^^^^^^^^^^^

    Changes: ^^^^^^^^

    • Add OpenSSL.SSL.X509StoreFlags.PARTIAL_CHAIN constant to allow for users to perform certificate verification on partial certificate chains. [#1166](https://github.com/pyca/pyopenssl/issues/1166) <https://github.com/pyca/pyopenssl/pull/1166>_
    • cryptography maximum version has been increased to 39.0.x.
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • Bump flake8 from 5.0.4 to 6.0.0

    Bump flake8 from 5.0.4 to 6.0.0

    Bumps flake8 from 5.0.4 to 6.0.0.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    dependencies python 
    opened by dependabot[bot] 0
  • imap brute force

    imap brute force

    Checklist

    • [x] I have followed the Contributor Guidelines.
    • [x] The code has been thoroughly tested in my local development environment with flake8 and pylint.
    • [x] The code is Python 3 compatible.
    • [x] The code follows the PEP8 styling guidelines with 4 spaces indentation.
    • [x] This Pull Request relates to only one issue or only one feature
    • [x] I have referenced the corresponding issue number in my commit message
    • [x] I have added the relevant documentation.
    • [x] My branch is up-to-date with the Upstream master branch.

    Changes proposed in this pull request

    imap brute force module

    Your development environment

    • OS: x
    • OS Version: x
    • Python Version: x
    opened by Mrinank-Bhowmick 0
  • AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'

    AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'

    ➜ Nettacker git:(issue/609) ✗ python3 nettacker.py -i google.com --profile http -t 1100 -M 5

    AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
        self._remove_reader(self._ssock.fileno())
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 92, in close
        self._remove_reader(self._ssock.fileno())
    AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
        self._remove_reader(self._ssock.fileno())
    AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
        self._remove_reader(self._ssock.fileno())
        self._remove_reader(self._ssock.fileno())
    AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
        self._close_self_pipe()
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
    AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
    AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
        self._remove_reader(self._ssock.fileno())
      File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
    
    opened by Ali-Razmjoo 1
Releases(0.0.3.6)
  • 0.0.3.6(Sep 24, 2022)

    What's Changed

    • bug534 fix by @itsdivyanshjain in https://github.com/OWASP/Nettacker/pull/535
    • Fix typo by @tristanlatr in https://github.com/OWASP/Nettacker/pull/556
    • Bump numpy from 1.21.4 to 1.23.1 by @dependabot in https://github.com/OWASP/Nettacker/pull/576
    • Bump flask from 2.0.2 to 2.2.2 by @dependabot in https://github.com/OWASP/Nettacker/pull/583
    • Bump paramiko from 2.8.1 to 2.11.0 by @dependabot in https://github.com/OWASP/Nettacker/pull/566
    • Bump ipython from 7.30.1 to 8.5.0 by @dependabot in https://github.com/OWASP/Nettacker/pull/587
    • Updated readme.md with OWASP official DockerHub link by @securestep9 in https://github.com/OWASP/Nettacker/pull/589
    Source code(tar.gz)
    Source code(zip)
  • 0.0.3.5(Dec 23, 2021)

  • v0.0.3.3(Oct 2, 2021)

  • 0.0.3.2(Sep 14, 2021)

  • 0.0.3.1(Sep 12, 2021)

  • 0.0.3(Sep 12, 2021)

  • 0.0.2(Jun 10, 2021)

    Many bugs fixed in this release and we are aiming to stop supporting Python 2.7 after this release and restructure our framework to be faster and better.

    Source code(tar.gz)
    Source code(zip)
  • 0.0.1(Jun 17, 2020)

    First Release - drawing a line before adding new features and modules. This release still contains known bugs and is compatible with both Python 2.7 and python 3.6

    Source code(tar.gz)
    Source code(zip)
Owner
OWASP
The OWASP Foundation
OWASP
fsociety Hacking Tools Pack – A Penetration Testing Framework

Fsociety Hacking Tools Pack A Penetration Testing Framework, you will have every script that a hacker needs. Works with Python 2. For a Python 3 versi

Manisso 8.2k Jan 3, 2023
A Modular Penetration Testing Framework

fsociety A Modular Penetration Testing Framework Install pip install fsociety Update pip install --upgrade fsociety Usage usage: fsociety [-h] [-i] [-

fsociety-team 802 Dec 31, 2022
WEB PENETRATION TESTING TOOL 💥

N-WEB ADVANCE WEB PENETRATION TESTING TOOL Features ?? Admin Panel Finder Admin Scanner Dork Generator Advance Dork Finder Extract Links No Redirect H

null 56 Dec 23, 2022
Active Directory Penetration Testing methods with simulations

AD penetration Testing Project By Ruben Enkaoua - GL4Di4T0R Based on the TCM PEH course (Heath Adams) Index 1 - Setting Up the Lab Intallation of a Wi

GL4DI4T0R 3 Aug 12, 2021
Python tools for penetration testing

pyTools_PT python tools for penetration testing Please don't use these tool for illegal purposes. These tools is meant for penetration testing for leg

Gourab 1 Dec 1, 2021
Penetration testing

Penetration testing

null 3 Jan 11, 2022
An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.

mitmproxy mitmproxy is an interactive, SSL/TLS-capable intercepting proxy with a console interface for HTTP/1, HTTP/2, and WebSockets. mitmdump is the

mitmproxy 29.7k Jan 2, 2023
RAT-el is an open source penetration test tool that allows you to take control of a windows machine.

To prevent RATel from being detected by antivirus, please do not upload the payload to TOTAL VIRUS. Each month I will test myself if the payload gets detected by antivirus. So you’ll have a photo every month to prove RAtel’s discretion.

null 218 Dec 16, 2022
PyBuster A directory busting tool for web application penetration tester, written in python

PyBuster A directory busting tool for web application penetration tester, written in python. Supports custom wordlist,recursive search. Screenshots Pr

Anukul Pandey 4 Jan 30, 2022
pytest plugin for distributed testing and loop-on-failures testing modes.

xdist: pytest distributed testing plugin The pytest-xdist plugin extends pytest with some unique test execution modes: test run parallelization: if yo

pytest-dev 1.1k Dec 30, 2022
PacketPy is an open-source solution for stress testing network devices using different testing methods

PacketPy About PacketPy is an open-source solution for stress testing network devices using different testing methods. Currently, there are only two c

null 4 Sep 22, 2022
A command-line tool and Python library and Pytest plugin for automated testing of RESTful APIs, with a simple, concise and flexible YAML-based syntax

1.0 Release See here for details about breaking changes with the upcoming 1.0 release: https://github.com/taverntesting/tavern/issues/495 Easier API t

null 909 Dec 15, 2022
Automated Security Testing For REST API's

Astra REST API penetration testing is complex due to continuous changes in existing APIs and newly added APIs. Astra can be used by security engineers

Flipkart Incubator 2.1k Dec 31, 2022
AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.

AutoExploitSwagger is an automated API security testing exploit tool that can be combined with xray, BurpSuite and other scanners.

null 6 Jan 28, 2022
Automated testing tool developed in python for Advanced mathematical operations.

Advanced-Maths-Operations-Validations Automated testing tool developed in python for Advanced mathematical operations. Requirements Python 3.5 or late

Nikhil Repale 1 Nov 16, 2021
Avocado is a set of tools and libraries to help with automated testing.

Welcome to Avocado Avocado is a set of tools and libraries to help with automated testing. One can call it a test framework with benefits. Native test

Ana Guerrero Lopez 1 Nov 19, 2021
Minimal example of how to use pytest with automated 'devops' style automated test runs

Pytest python example with automated testing This is a minimal viable example of pytest with an automated run of tests for every push/merge into the m

Karma Computing 2 Jan 2, 2022
Generic automation framework for acceptance testing and RPA

Robot Framework Introduction Installation Example Usage Documentation Support and contact Contributing License Introduction Robot Framework is a gener

Robot Framework 7.7k Jan 7, 2023
Sixpack is a language-agnostic a/b-testing framework

Sixpack Sixpack is a framework to enable A/B testing across multiple programming languages. It does this by exposing a simple API for client libraries

null 1.7k Dec 24, 2022