Nettacker
by OWASP
OWASP Nettacker is an automated penetration testing framework that performs comprehensive vulnerability scanning and information gathering to identify network security issues.
Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management
Primary Use Case
This tool is designed for security professionals and penetration testers to automate the process of discovering vulnerabilities, misconfigurations, and exposed services within a network. It helps organizations identify security weaknesses by scanning networks and generating detailed reports, facilitating proactive vulnerability management.
- Automated information gathering and vulnerability scanning
- Supports multiple network protocols including TCP SYN, ACK, and ICMP
- Bypasses Firewall/IDS/IPS devices using unique detection methods
- Targets protected services and devices such as SCADA
- Generates detailed vulnerability and misconfiguration reports
- Docker support for easy deployment and execution
- Local database storage using SQLite
- Web interface and API for accessing scan results
Installation
- Install Docker and Docker Compose
- Run `docker-compose up -d` to start the container
- Execute `docker exec -it nettacker-nettacker-1 /bin/bash` to access the container shell
- Run Nettacker using `poetry run python nettacker.py` inside the container
- Refer to the Wiki for alternative installation methods without Docker
Usage
>_ poetry run python nettacker.py -i owasp.org -s -m port_scanRuns a port scan on the target domain owasp.org using the specified scanning module
>_ docker-compose up -dStarts the Nettacker service in detached mode using Docker Compose
>_ docker exec -it nettacker-nettacker-1 /bin/bashOpens an interactive bash shell inside the running Nettacker Docker container
>_ docker logs nettacker_nettacker_1Displays logs from the Nettacker container, including the API key
- Can be chained with Metasploit for automated exploitation workflows to streamline red team operations.
- Ideal for integration into CI/CD pipelines for continuous vulnerability scanning and early detection.
- Use the web interface and API to automate reporting and share findings with blue teams for faster remediation.
- Leverages unique firewall/IDS/IPS bypass techniques, enhancing stealth during penetration tests.
- Supports targeting of specialized devices like SCADA, expanding coverage to OT environments.
Docs Take 2 Hours. AI Takes 10 Seconds.
Ask anything about Nettacker. Installation? Config? Troubleshooting? Get answers trained on real docs and GitHub issues—not generic ChatGPT fluff.
3 free chats per tool • Instant responses • No credit card
Related Tools
trivy
aquasecurity/trivy
Find vulnerabilities, misconfigurations, secrets, SBOM in containers, Kubernetes, code repositories, clouds and more
nuclei
projectdiscovery/nuclei
Nuclei is a fast, customizable vulnerability scanner powered by the global security community and built on a simple YAML-based DSL, enabling collaboration to tackle trending vulnerabilities on the internet. It helps you find vulnerabilities in your applications, APIs, networks, DNS, and cloud configurations.
lynis
CISOfy/lynis
Lynis - Security auditing tool for Linux, macOS, and UNIX-based systems. Assists with compliance testing (HIPAA/ISO27001/PCI DSS) and system hardening. Agentless, and installation optional.
vuls
future-architect/vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
oss-fuzz
google/oss-fuzz
OSS-Fuzz - continuous fuzzing for open source software.
nuclei-templates
projectdiscovery/nuclei-templates
Community curated list of templates for the nuclei engine to find security vulnerabilities.