OWASP-Nettacker – Automated Penetration Testing Framework

OWASP-Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information.

This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.

OWASP-Nettacker - Automated Penetration Testing Framework

OWASP-Nettacker – Automated Penetration Testing Framework

Current features include:

    • IoT Scanner
    • Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner
    • Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH,FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )
    • Network Service Analysis
    • Services Brute Force Testing
    • Services Vulnerability Testing
    • HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
    • HTML and Text Outputs

There is a large list of scanning method in case you are familiar with the target and you have information about what it is running you can select required option or just use all:

  1. ProFTPd heap overflow vuln
  2. ProFTPd cpu consumption vuln
  3. ProFTPd restriction bypass vuln
  4. CCS injection vuln
  5. ProFTPd bypass sqli protection vuln
  6. wp_xmlrpc bruteforce vuln
  7. server version vuln
  8. ProFTPd exec arbitary vuln
  9. Bftpd parsecmd overflow vuln
  10. wordpress dos cve 2018 6389 vuln
  11. heartbleed vuln
  12. smtp brute, ftp brute, wp_xmlrpc brute

You can read more and download this tool over here: https://github.com/zdresearch/

Notify of
Inline Feedbacks
View all comments