https://github.com/owasp/nettacker
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
https://github.com/owasp/nettacker
automation bruteforce cve hacking-tools information-gathering network-security owasp penetration-testing penetration-testing-framework pentesting pentesting-tools portscanner python recon scanner security security-tools vulnerability-management vulnerability-scanner vulnerability-scanners
Last synced: about 2 months ago
JSON representation
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
- Host: GitHub
- URL: https://github.com/owasp/nettacker
- Owner: OWASP
- License: apache-2.0
- Created: 2017-04-21T12:14:35.000Z (about 8 years ago)
- Default Branch: master
- Last Pushed: 2025-05-08T21:41:36.000Z (about 2 months ago)
- Last Synced: 2025-05-12T13:08:46.307Z (about 2 months ago)
- Topics: automation, bruteforce, cve, hacking-tools, information-gathering, network-security, owasp, penetration-testing, penetration-testing-framework, pentesting, pentesting-tools, portscanner, python, recon, scanner, security, security-tools, vulnerability-management, vulnerability-scanner, vulnerability-scanners
- Language: Python
- Homepage: https://owasp.org/nettacker
- Size: 8.7 MB
- Stars: 3,996
- Watchers: 110
- Forks: 849
- Open Issues: 46
-
Metadata Files:
- Readme: README.md
- Contributing: CONTRIBUTING.md
- Funding: .github/FUNDING.yml
- License: LICENSE
- Code of conduct: CODE_OF_CONDUCT.md
- Codeowners: .github/CODEOWNERS
- Security: SECURITY.md
Awesome Lists containing this project
README
OWASP Nettacker
=========
[](https://github.com/OWASP/Nettacker/actions/workflows/ci_cd.yml/badge.svg?branch=master)
[](https://github.com/OWASP/Nettacker/blob/master/LICENSE)
[](https://twitter.com/iotscan)
[](https://nettacker.readthedocs.io/en/latest/?badge=latest)
[](https://github.com/OWASP/Nettacker)
[](https://hub.docker.com/r/owasp/nettacker)
**DISCLAIMER**
* ***THIS SOFTWARE WAS CREATED FOR AUTOMATED PENETRATION TESTING AND INFORMATION GATHERING. YOU MUST USE THIS SOFTWARE IN A RESPONSIBLE AND ETHICAL MANNER. DO NOT TARGET SYSTEMS OR APPLICATIONS WITHOUT OBTAINING PERMISSIONS OR CONSENT FROM THE SYSTEM OWNERS OR ADMINISTRATORS. CONTRIBUTORS WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.***
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software **will** utilize TCP SYN, ACK, ICMP, and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanners making it one of the best.
* OWASP Page: https://owasp.org/www-project-nettacker/
* Wiki: https://github.com/OWASP/Nettacker/wiki
* Slack: #project-nettacker on https://owasp.slack.com
* Installation: https://github.com/OWASP/Nettacker/wiki/Installation
* Usage: https://github.com/OWASP/Nettacker/wiki/Usage
* GitHub: https://github.com/OWASP/Nettacker
* Docker Image: https://hub.docker.com/r/owasp/nettacker
* How to use the Dockerfile: https://github.com/OWASP/Nettacker/wiki/Installation#docker
* OpenHub: https://www.openhub.net/p/OWASP-Nettacker
* **Donate**: https://owasp.org/donate/?reponame=www-project-nettacker&title=OWASP+Nettacker
* **Read More**: https://www.secologist.com/open-source-projects
____________
Quick Setup & Run
============
```bash
$ docker-compose up -d && docker exec -it nettacker-nettacker-1 /bin/bash
# poetry run python nettacker.py -i owasp.org -s -m port_scan
```
* Results are accessible from your (https://localhost:5000) or https://nettacker-api.z3r0d4y.com:5000/ (pointed to your localhost)
* The local database is `.data/nettacker.db` (sqlite).
* Default results path is `.data/results`
* `docker-compose` will share your nettacker folder, so you will not lose any data after `docker-compose down`
* To see the API key in you can run `docker logs nettacker_nettacker_1`.
* More details and setup without docker https://github.com/OWASP/Nettacker/wiki/Installation
_____________
Thanks to our awesome contributors
============
## Adopters
We’re grateful to the organizations, community projects, and individuals who adopt and rely on OWASP Nettacker for their security workflows.
If you’re using OWASP Nettacker in your organization or project, we’d love to hear from you! Feel free to add your details to the [ADOPTERS.md](ADOPTERS.md) file by submitting a pull request or reach out to us via GitHub issues. Let’s showcase how Nettacker is making a difference in the security community!
See [ADOPTERS.md](ADOPTERS.md) for details.
_____________
## ***IoT Scanner***
* Python Multi Thread & Multi Process Network Information Gathering Vulnerability Scanner
* Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… )
* Asset Discovery & Network Service Analysis
* Services Brute Force Testing
* Services Vulnerability Testing
* HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
* HTML, JSON, CSV and Text Outputs
* API & WebUI
* This project is at the moment in research and development phase
* Thanks to Google Summer of Code Initiative and all the students who contributed to this project during their summer breaks:
_____________
## Stargazers over time
[](https://starchart.cc/OWASP/Nettacker)