OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanners making it one of the best.

• OWASP Page: https://owasp.org/www-project-nettacker/
• Wiki: https://github.com/OWASP/Nettacker/wiki
• Slack: #project-nettacker on https://owasp.slack.com
• Installation: https://github.com/OWASP/Nettacker/wiki/Installation
• Usage: https://github.com/OWASP/Nettacker/wiki/Usage
• GitHub: https://github.com/OWASP/Nettacker
• Docker Image: https://hub.docker.com/r/owasp/nettacker
• How to use the Dockerfile: https://github.com/OWASP/Nettacker/wiki/Installation#docker
• OpenHub: https://www.openhub.net/p/OWASP-Nettacker
• Donate: https://owasp.org/donate/?reponame=www-project-nettacker&title=OWASP+Nettacker
• Read More: https://www.secologist.com/open-source-projects

$ docker-compose up -d && docker exec -it nettacker-nettacker-1 /bin/bash
# poetry run python nettacker.py -i owasp.org -s -m port_scan

• Results are accessible from your (https://localhost:5000) or https://nettacker-api.z3r0d4y.com:5000/ (pointed to your localhost)
• The local database is .data/nettacker.db (sqlite).
• Default results path is .data/results
• docker-compose will share your nettacker folder, so you will not lose any data after docker-compose down
• To see the API key in you can run docker logs nettacker_nettacker_1.
• More details and setup without docker https://github.com/OWASP/Nettacker/wiki/Installation

• Python Multi Thread & Multi Process Network Information Gathering Vulnerability Scanner
• Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… )
• Asset Discovery & Network Service Analysis
• Services Brute Force Testing
• Services Vulnerability Testing
• HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
• HTML, JSON, CSV and Text Outputs
• API & WebUI
• This project is at the moment in research and development phase
• Thanks to Google Summer of Code Initiative and all the students who contributed to this project during their summer breaks: