This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Nettacker"

From OWASP
Jump to: navigation, search
(add new contributors)
(offseconf2017)
Line 104: Line 104:
 
== News and Events ==
 
== News and Events ==
  
 +
* [https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 OWASP Nettacker was introduced in OFFSECONF 2017]
  
 
== Docs ==
 
== Docs ==

Revision as of 16:12, 1 December 2017

OWASP Project Header.jpg

OWASP Nettacker Project

What is OWASP Nettacker ?

Nettacker_Demp.png

OWASP Nettacker is an open source software in Python language which lets you automated penetration testing and automated Information Gathering. This software can be run on Windows/Linux/OSX under Python.


Description

Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.


DISCLAIMER

This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.

The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.

IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.


Features

IoT Scanner
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )
Network Service Analysis
Services Brute Force Testing
Services Vulnerability Testing
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
HTML and Text Outputs
This project is at the moment in research and development phase and most of results/codes are not published yet.

Licensing

Apache License Version 2.0, January 2004

The OWASP Nettacker is free to use and is licensed under the Apache 2 License. Click to see the full license


The OWASP Security Principles are free to use. In fact, it is encouraged!!! Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.

The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


Project Leaders

Contributors & Main Developers

Links

Be an OWASP Nettacker developer

Related links

Quick Download

Github Page.

[Download Page.]

News and Events

Docs


Classifications

New projects.png Owasp-breakers-small.png
Project Type Files TOOL.jpg

To see full guides please visit our wiki page.


Installation You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.


Roadmap

As of October, 2017, the highest priorities for the next one year are:

  • Planning for activating features
  • Build Nettacker API
  • Find developers to get better performance, quality, optimizing and best improvement in minimum possible time
  • Get other people to review the OWASP Nettacker Project provide feedback
  • Incorporate feedback into changes in the Project and the features
  • Keep test, developing and updating with best new methods
  • Build and update documents in several languages for developers/users guiding

Subsequent Releases will add

  • Internationalization Support
  • Additional Unit Tests
  • Automated Regression tests


Project Leaders

  • Ali Razmjoo
  • Mohammad Reza Espargham

Contributors

  • Vahid Behzadan
  • Mojtaba MasoumPour

Be an OWASP Nettacker developer

Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in HERE.

After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3. If you have any question you can open an issue or just mail us. do not forget to register on our mailing list.