Usage
By using --help/-h switch you can get the help menu (python nettacker.py --help). As you are seeing the help menu and other messages are also available in multi-languages in OWASP Nettacker. We are supporting 20 languages at the time(el, fr, en, nl, ps, tr, de, ko, it, ja, fa, hy, ar, zh-cn, vi, ru, hi, ur, id, es, iw).
- Note: Help menu is not updated in this section!
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
usage: Nettacker [-L LANGUAGE] [-v VERBOSE_LEVEL] [-V] [-c] [-o LOG_IN_FILE]
[--graph GRAPH_FLAG] [-h] [-W] [--profile PROFILE]
[-i TARGETS] [-l TARGETS_LIST] [-m SCAN_METHOD]
[-x EXCLUDE_METHOD] [-u USERS] [-U USERS_LIST] [-p PASSWDS]
[-P PASSWDS_LIST] [-g PORTS] [-T TIMEOUT_SEC] [-w TIME_SLEEP]
[-r] [-s] [-t THREAD_NUMBER] [-M THREAD_NUMBER_HOST]
[-R SOCKS_PROXY] [--retries RETRIES] [--ping-before-scan]
[--method-args METHODS_ARGS] [--method-args-list]
[--start-api] [--api-host API_HOST] [--api-port API_PORT]
[--api-debug-mode] [--api-access-key API_ACCESS_KEY]
[--api-client-white-list]
[--api-client-white-list-ips API_CLIENT_WHITE_LIST_IPS]
[--api-access-log]
[--api-access-log-filename API_ACCESS_LOG_FILENAME]
Engine:
Engine input options
-L LANGUAGE, --language LANGUAGE
select a language ['el', 'fr', 'en', 'nl', 'ps', 'tr',
'de', 'ko', 'it', 'ja', 'fa', 'hy', 'ar', 'zh-cn',
'vi', 'ru', 'hi', 'ur', 'id', 'es']
-v VERBOSE_LEVEL, --verbose VERBOSE_LEVEL
verbose mode level (0-5) (default 0)
-V, --version show software version
-c, --update check for update
-o LOG_IN_FILE, --output LOG_IN_FILE
save all logs in file (results.txt, results.html,
results.json)
--graph GRAPH_FLAG build a graph of all activities and information, you
must use HTML output. available graphs:
['d3_tree_v1_graph', 'd3_tree_v2_graph',
'jit_circle_v1_graph']
-h, --help Show Nettacker Help Menu
-W, --wizard start wizard mode
--profile PROFILE select profile ['info', 'scan', 'vulnerability',
'brute', 'vuln', 'information_gathering', 'all']
Target:
Target input options
-i TARGETS, --targets TARGETS
target(s) list, separate with ","
-l TARGETS_LIST, --targets-list TARGETS_LIST
read target(s) from file
Method:
Scan method options
-m SCAN_METHOD, --method SCAN_METHOD
choose scan method ['ftp_brute',
'http_basic_auth_brute', 'http_form_brute',
'http_ntlm_brute', 'smtp_brute', 'ssh_brute',
'telnet_brute', 'wp_xmlrpc_brute', 'admin_scan',
'cms_detection_scan', 'dir_scan', 'icmp_scan',
'joomla_template_scan', 'joomla_version_scan',
'pma_scan', 'port_scan', 'sender_policy_scan',
'subdomain_scan', 'viewdns_reverse_ip_lookup_scan',
'wappalyzer_scan', 'wordpress_version_scan',
'wp_plugin_scan', 'wp_theme_scan',
'wp_timthumbs_scan', 'wp_user_enum_scan',
'apache_struts_vuln', 'Bftpd_double_free_vuln',
'Bftpd_memory_leak_vuln',
'Bftpd_parsecmd_overflow_vuln',
'Bftpd_remote_dos_vuln', 'CCS_injection_vuln',
'clickjacking_vuln', 'content_security_policy_vuln',
'content_type_options_vuln', 'heartbleed_vuln',
'http_cors_vuln', 'options_method_enabled_vuln',
'ProFTPd_bypass_sqli_protection_vuln',
'ProFTPd_cpu_consumption_vuln',
'ProFTPd_directory_traversal_vuln',
'ProFTPd_exec_arbitary_vuln',
'ProFTPd_heap_overflow_vuln',
'ProFTPd_integer_overflow_vuln',
'ProFTPd_memory_leak_vuln',
'ProFTPd_restriction_bypass_vuln',
'self_signed_certificate_vuln', 'server_version_vuln',
'ssl_certificate_expired_vuln',
'weak_signature_algorithm_vuln',
'wordpress_dos_cve_2018_6389_vuln',
'wp_xmlrpc_bruteforce_vuln',
'wp_xmlrpc_pingback_vuln', 'XSS_protection_vuln',
'x_powered_by_vuln', 'all']
-x EXCLUDE_METHOD, --exclude EXCLUDE_METHOD
choose scan method to exclude ['ftp_brute',
'http_basic_auth_brute', 'http_form_brute',
'http_ntlm_brute', 'smtp_brute', 'ssh_brute',
'telnet_brute', 'wp_xmlrpc_brute', 'admin_scan',
'cms_detection_scan', 'dir_scan', 'icmp_scan',
'joomla_template_scan', 'joomla_version_scan',
'pma_scan', 'port_scan', 'sender_policy_scan',
'subdomain_scan', 'viewdns_reverse_ip_lookup_scan',
'wappalyzer_scan', 'wordpress_version_scan',
'wp_plugin_scan', 'wp_theme_scan',
'wp_timthumbs_scan', 'wp_user_enum_scan',
'apache_struts_vuln', 'Bftpd_double_free_vuln',
'Bftpd_memory_leak_vuln',
'Bftpd_parsecmd_overflow_vuln',
'Bftpd_remote_dos_vuln', 'CCS_injection_vuln',
'clickjacking_vuln', 'content_security_policy_vuln',
'content_type_options_vuln', 'heartbleed_vuln',
'http_cors_vuln', 'options_method_enabled_vuln',
'ProFTPd_bypass_sqli_protection_vuln',
'ProFTPd_cpu_consumption_vuln',
'ProFTPd_directory_traversal_vuln',
'ProFTPd_exec_arbitary_vuln',
'ProFTPd_heap_overflow_vuln',
'ProFTPd_integer_overflow_vuln',
'ProFTPd_memory_leak_vuln',
'ProFTPd_restriction_bypass_vuln',
'self_signed_certificate_vuln', 'server_version_vuln',
'ssl_certificate_expired_vuln',
'weak_signature_algorithm_vuln',
'wordpress_dos_cve_2018_6389_vuln',
'wp_xmlrpc_bruteforce_vuln',
'wp_xmlrpc_pingback_vuln', 'XSS_protection_vuln',
'x_powered_by_vuln']
-u USERS, --usernames USERS
username(s) list, separate with ","
-U USERS_LIST, --users-list USERS_LIST
read username(s) from file
-p PASSWDS, --passwords PASSWDS
password(s) list, separate with ","
-P PASSWDS_LIST, --passwords-list PASSWDS_LIST
read password(s) from file
-g PORTS, --ports PORTS
port(s) list, separate with ","
-T TIMEOUT_SEC, --timeout TIMEOUT_SEC
read passwords(s) from file
-w TIME_SLEEP, --time-sleep TIME_SLEEP
time to sleep between each request
-r, --range scan all IPs in the range
-s, --sub-domains find and scan subdomains
-t THREAD_NUMBER, --thread-connection THREAD_NUMBER
thread numbers for connections to a host
-M THREAD_NUMBER_HOST, --thread-hostscan THREAD_NUMBER_HOST
thread numbers for scan hosts
-R SOCKS_PROXY, --socks-proxy SOCKS_PROXY
outgoing connections proxy (socks). example socks5:
127.0.0.1:9050, socks://127.0.0.1:9050
socks5://127.0.0.1:9050 or socks4:
socks4://127.0.0.1:9050, authentication:
socks://username: password@127.0.0.1,
socks4://username:password@127.0.0.1,
socks5://username:password@127.0.0.1
--retries RETRIES Retries when the connection timeout (default 3)
--ping-before-scan ping before scan the host
--method-args METHODS_ARGS
enter methods inputs, example: ftp_brute_users=test,ad
min&ftp_brute_passwds=read_from_file:/tmp/pass.txt&ftp
_brute_port=21
--method-args-list list all methods args
API:
API options
--start-api start the API service
--api-host API_HOST API host address
--api-port API_PORT API port number
--api-debug-mode API debug mode
--api-access-key API_ACCESS_KEY
API access key
--api-client-white-list
just allow white list hosts to connect to the API
--api-client-white-list-ips API_CLIENT_WHITE_LIST_IPS
define white list hosts, separate with , (examples:
127.0.0.1, 192.168.0.1/24, 10.0.0.1-10.0.0.255)
--api-access-log generate API access log
--api-access-log-filename API_ACCESS_LOG_FILENAME
API access log filename
Please read license and agreements https://github.com/zdresearch/OWASP-Nettacker
You can also use other languages!
- Your terminal/cmd must support Unicode to use other languages. Google "How to use Farsi on cmd/terminal"
- You can fix Persian (Farsi) and other Unicode languages RTL and Chars with bicon in terminal/windows bash.
$ python nettacker.py --help -L fa
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
usage: Nettacker [-L LANGUAGE] [-v VERBOSE_LEVEL] [-V] [-c] [-o LOG_IN_FILE]
[--graph GRAPH_FLAG] [-h] [-W] [--profile PROFILE]
[-i TARGETS] [-l TARGETS_LIST] [-m SCAN_METHOD]
[-x EXCLUDE_METHOD] [-u USERS] [-U USERS_LIST] [-p PASSWDS]
[-P PASSWDS_LIST] [-g PORTS] [-T TIMEOUT_SEC] [-w TIME_SLEEP]
[-r] [-s] [-t THREAD_NUMBER] [-M THREAD_NUMBER_HOST]
[-R SOCKS_PROXY] [--retries RETRIES] [--ping-before-scan]
[--method-args METHODS_ARGS] [--method-args-list]
انجین:
گزینه های ورودی انجین
-L LANGUAGE, --language LANGUAGE
لطفا یک زبان انتخاب کنید ['el', 'fr', 'en', 'nl',
'ps', 'tr', 'de', 'ko', 'it', 'ja', 'fa', 'hy', 'ar',
'zh-cn', 'vi', 'ru', 'hi', 'ur', 'id', 'es']
-v VERBOSE_LEVEL, --verbose VERBOSE_LEVEL
سطح حالت پرگویی (0-5) (پیشفرض 0)
-V, --version نمایش ورژن نرم افزار
-c, --update چک کردن جهت آپدیت
-o LOG_IN_FILE, --output LOG_IN_FILE
ذخیره کردن کل لاگ ها در فایل (result.txt، result.html،
results.json)
--graph GRAPH_FLAG ساخت گراف از همه فعالیت ها و اطلاعات، شما باید از
خروجی HTML استفاده کنید. گراف های در دسترس:
['d3_tree_v1_graph', 'd3_tree_v2_graph',
'jit_circle_v1_graph']
-h, --help نشان دادن منوی راهنمای Nettacker
-W, --wizard شروع به حالت ویزارد مود
--profile PROFILE انتخاب پروفایل ['vulnerabilities',
'information_gathering', 'all']
هدف:
گزینه های ورودی هدف
-i TARGETS, --targets TARGETS
لیست هدف (ها)، با "," جدا کنید
-l TARGETS_LIST, --targets-list TARGETS_LIST
خواندن هدف (ها) از فایل
Method:
گزینه های متود های اسکن
-m SCAN_METHOD, --method SCAN_METHOD
متود اسکن را انتخاب کنید ['ftp_brute', 'smtp_brute',
'ssh_brute', 'dir_scan', 'subdomain_scan',
'tcp_connect_port_scan',
'viewdns_reverse_ip_lookup_scan', 'heartbleed_vuln',
'all']
-x EXCLUDE_METHOD, --exclude EXCLUDE_METHOD
انتخاب متود اسکن استثنا ['ftp_brute', 'smtp_brute',
'ssh_brute', 'dir_scan', 'subdomain_scan',
'tcp_connect_port_scan',
'viewdns_reverse_ip_lookup_scan', 'heartbleed_vuln']
-u USERS, --usernames USERS
لیست نام کاربری (ها)، با "," جدا شود
-U USERS_LIST, --users-list USERS_LIST
خواندن نام کاربری (ها) از لیست
-p PASSWDS, --passwords PASSWDS
لیست کلمه عبور (ها)، با "," جدا شود
-P PASSWDS_LIST, --passwords-list PASSWDS_LIST
خواندن کلمه عبور (ها) از فایل
-g PORTS, --ports PORTS
لیست درگاه (ها)، با "," جدا شود
-T TIMEOUT_SEC, --timeout TIMEOUT_SEC
خواندن کلمه عبور (ها) از فایل
-w TIME_SLEEP, --time-sleep TIME_SLEEP
زمان مکث بین هر درخواست
-r, --range اسکن کل آی پی ها در رنج
-s, --sub-domains یافتن و اسکن کردن ساب دامین ها
-t THREAD_NUMBER, --thread-connection THREAD_NUMBER
تعداد ریسه ها برای ارتباطات با یک هاست
-M THREAD_NUMBER_HOST, --thread-hostscan THREAD_NUMBER_HOST
تعداد ریسه ها برای اسکن هاست ها
-R SOCKS_PROXY, --socks-proxy SOCKS_PROXY
پراکسی ارتباطات خروجی (socks) مثال: 127.0.0.1:9050،
socks://127.0.0.1:9050، socks5:127.0.0.1:9050 یا
socks4: socks4://127.0.0.1:9050, احراز هویت:
socks://username:password@127.0.0.1,
socks4://username:password@127.0.0.1,
socks5://username:password@127.0.0.1
--retries RETRIES سعی مجدد وقتی که ارتباط قطع شد (پیشفرض 3)
--ping-before-scan پینگ کردن هست قبل از اسکن
--method-args METHODS_ARGS
ورودی های متود ها را وارد کنید، مثال: "ftp_brute_users
=test,admin&ftp_brute_passwds=read_from_file:/tmp/pass
.txt&ftp_brute_port=21"
--method-args-list لیست کردن کل args مربوط به متود ها
لطفا مجوز و موافقت نامه را مطالعه فرمایید https://github.com/viraintel/OWASP-Nettacker
- OWASP Nettacker supports several types of targets which could be
IPv4,IPv4_Range,IPv4_CIDR,DOMAIN,HTTP(which may be useful for some of the modules)
192.168.1.1
192.168.1.1-192.168.255.255
192.168.1.1.1-192.255.255.255
192.168.1.1/24
owasp.org
http://owasp.org
https://owasp.org
- Targets can be read from a list by using
-lor--target-listcommand line or you can also split them with a,if you don't want to use a text list.
python nettacker.py -i 192.168.1.1,192.168.1.2-192.168.1.10,127.0.0.1,owasp.org,192.168.2.1/24 -m port_scan -g 20-100 -t 10
python nettacker.py -l targets.txt -m all -x port_scan -g 20-100 -t 5 -u root -p 123456,654321,123123
- Here are some more command line examples
python nettacker.py -i 192.168.1.1/24 -m port_scan -t 10 -M 35 -g 20-100 --graph d3_tree_v2_graph -o result.html
python nettacker.py -i 192.168.1.1/24 -m port_scan -t 10 -M 35 -g 20-100 -o file.html --graph jit_circle_v1_graph
python nettacker.py -i 192.168.1.1/24 -m all -t 10 -M 35 -g 20-100 -o result.json -u root,user -P passwords.txt
python nettacker.py -i 192.168.1.1/24 -m all -x ssh_brute -t 10 -M 35 -g 20-100 -o file.txt -U users.txt -P passwords.txt -T 3 -w 2
- OWASP Nettacker can also scan subdomains by using this command (
-s)
python nettacker.py -i owasp.org -s -m port_scan -t 10 -M 35 -g 20-100 --graph d3_tree_v2_graph
- If you use
-rcommand, it will scan IP range automaticlly by getting the range from RIPE database online.
python nettacker.py -i owasp.org -s -r -m port_scan -t 10 -M 35 -g 20-100 --graph d3_tree_v2_graph
python nettacker.py -i nettackerwebsiteblabla.com,owasp.org,192.168.1.1 -s -r -m all -t 10 -M 35 -g 20-100 -o file.txt -u root,user -P passwords.txt
- Notice: if host scan was finished, and couldn't get any result nothing will be listed in result output file unless you change verbosity mod to 1-5
python nettacker.py -i 192.168.1.1/24 -m all -t 10 -M 35 -g 20-100 -o file.txt -u root,user -P passwords.txt -v 1
- use
*pattern for selecting modules
python nettacker.py -i 192.168.1.1/24 -m *_scan
python nettacker.py -i 192.168.1.1/24 -m *_scan,*_vuln
- use profiles for using all modules inside a given profile
python nettacker.py -i 192.168.1.1/24 --profile information_gathering
python nettacker.py -i 192.168.1.1/24 --profile information_gathering,vulnerabilities
python nettacker.py -i 192.168.1.1/24 --profile all
- use
-W,--wizardto use the framework in an easy way! (Pressenterto choose default answer`)
$ python nettacker.py -W
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
[+] please enter the targets | Default[None] > 127.0.0.1
[+] please enter the thread number | Default[100] >
[+] please enter the thread numbers for scan hosts | Default[30] >
[+] please enter the output filename | Default[results/results_2018_01_15_13_04_49_zctsvejskf.html] >
[+] please enter the scan methods | choices[ftp_brute, smtp_brute, ssh_brute, dir_scan, subdomain_scan, tcp_connect_port_scan, viewdns_reverse_ip_lookup_scan, heartbleed_vuln, all] | Default[None] > tcp_connect_port_scan
[+] please enter the scan methods to exclude | choices[ftp_brute, smtp_brute, ssh_brute, dir_scan, subdomain_scan, tcp_connect_port_scan, viewdns_reverse_ip_lookup_scan, heartbleed_vuln] | Default[None] >
[+] please enter the usernames | Default[None] >
[+] please enter the passwords | Default[None] >
[+] please enter the timeout seconds | Default[3.0] >
[+] please enter the port numbers | Default[None] >
[+] please enter the verbose level | Default[0] >
[+] please enter the socks proxy | Default[None] >
[+] please enter the retries number | Default[3] >
[+] please enter a graph | choices[d3_tree_v1_graph, d3_tree_v2_graph, jit_circle_v1_graph] | Default[d3_tree_v1_graph] >
[+] Nettacker engine started ...
...
- Use socks proxy for outgoing connections (default socks version is 5)
python nettacker.py -i 192.168.1.1 -m tcp_connect_port_scan -T 5 --socks-proxy socks://127.0.0.1:9050
python nettacker.py -i 192.168.1.1 -m tcp_connect_port_scan -T 5 --socks-proxy socks4://127.0.0.1:9050
python nettacker.py -i 192.168.1.1 -m tcp_connect_port_scan -T 5 --socks-proxy socks5://127.0.0.1:9050
python nettacker.py -i 192.168.1.1 -m tcp_connect_port_scan -T 5 --socks-proxy socks://username:password@127.0.0.1:9050
python nettacker.py -i 192.168.1.1 -m tcp_connect_port_scan -T 5 --socks-proxy socks4://username:password@127.0.0.1:9050
python nettacker.py -i 192.168.1.1 -m tcp_connect_port_scan -T 5 --socks-proxy socks5://username:password@127.0.0.1:9050
- separate inputs for every module by using
--method-args, get the list with--method-args-list
python nettacker.py --method-args-list
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
[+] tcp_connect_port_scan --> tcp_connect_port_scan_ports
[+] viewdns_reverse_ip_lookup_scan -->
[+] dir_scan --> dir_scan_ports, dir_scan_random_agent, dir_scan_http_method, dir_scan_list
[+] ssh_brute --> ssh_brute_users, ssh_brute_passwds, ssh_brute_ports
[+] smtp_brute --> smtp_brute_ports, smtp_brute_split_user_set_pass, smtp_brute_users, smtp_brute_split_user_set_pass_prefix, smtp_brute_passwds
[+] subdomain_scan --> subdomain_scan_use_ptrarchive, subdomain_scan_use_comodo_crt, subdomain_scan_use_dnsdumpster, subdomain_scan_use_virustotal, subdomain_scan_use_netcraft, subdomain_scan_use_threatcrowd
[+] heartbleed_vuln --> heartbleed_vuln_ports
[+] ftp_brute --> ftp_brute_users, ftp_brute_passwds, ftp_brute_ports
- and then use them.
- Notice: don't use
-gcommand in the command line if you want change ports.
python nettacker.py -i 127.0.0.1 -m tcp_connect_port_scan,dir_scan --method-args "dir_scan_ports=443"
python nettacker.py -i 127.0.0.1 -m tcp_connect_port_scan,dir_scan --method-args "dir_scan_list=read_from_file:/tmp/list.txt"
python nettacker.py -i 127.0.0.1 -m subdomain_scan,dir_scan --method-args "subdomain_scan_use_ptrarchive=False&subdomain_scan_use_netcraft=False&dir_scan_http_method=HEAD"
- Some more command line examples:
python nettacker.py -i 192.168.1.1 -m tcp_connect_port_scan --profile vulnerabilities
python nettacker.py -W --profile information_gathering
- You may want to create a new profile. To do that, edit the
core/config.pyin the main directory and add your profiles to theget_profilesfunction in JSON style.
def get_profiles():
return {
"information_gathering": ["tcp_connect_port_scan"],
"vulnerabilities": ["heartbleed_vuln"],
"mycustomprofile": ["subdomain_scan", "dir_scan"]
}- You may want to change the default values (
timeout,socks proxy,target,ports) or anything that could be set with the command line.To do that, you will have to edit them in config.pyget_configfunction in the main directory in JSON style.
def get_config():
return { # OWASP Nettacker Default Configuration
"language": "fa",
"verbose_level": 0,
"show_version": False,
"check_update": False,
"log_in_file": "results.json",
"graph_flag": None,
"help_menu_flag": False,
"targets": "127.0.0.1,192.168.1.1",
"targets_list": None,
"scan_method": None,
"exclude_method": None,
"users": "user1,user2",
"users_list": None,
"passwds": "pass1,pass2",
"passwds_list": None,
"ports": "1-65535",
"timeout_sec": 3.0,
"time_sleep": 0.0,
"check_ranges": True,
"check_subdomains": True,
"thread_number": 1000,
"thread_number_host": 30,
"socks_proxy": "socks://127.0.0.1:9050",
"retries": 3,
"ping_flag": True,
"methods_args": None,
"method_args_list": False,
"startup_check_for_update": True,
"wizard_mode": False,
"profile": "information_gathering"
}API and WebUI are new interfaces through which you can send your commands to Nettacker. Technically WebUI was developed based on the present API to demonstrate an example of the current API and can be used as another easier interface. To start using this feature, simply run python nettacker.py --start-api.
______ __ _____ _____
/ __ \ \ / /\ / ____| __ \
| | | \ \ /\ / / \ | (___ | |__) |
| | | |\ \/ \/ / /\ \ \___ \| ___/
| |__| | \ /\ / ____ \ ____) | | Version 0.0.1
\____/ \/ \/_/ \_\_____/|_| SAME
_ _ _ _ _
| \ | | | | | | | |
github.com/viraintel | \| | ___| |_| |_ __ _ ___| | _____ _ __
owasp.org | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
viraintel.com | |\ | __/ |_| || (_| | (__| < __/ |
|_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|
* API Key: 203c113633fdd806d0316fdcb09f9daf
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
You can modify the default API config by editing the core.config.py.
def _api_config():
"""
API Config (could be modified by the user)
Returns:
a JSON with API configuration
"""
return { # OWASP Nettacker API Default Configuration
"api_host": "127.0.0.1",
"api_port": 5000,
"api_debug_mode": False,
"api_access_key": "".join(random.choice("0123456789abcdef") for x in range(32)),
"api_client_white_list": {
"enabled": False,
"ips": ["127.0.0.1", "10.0.0.0/24", "192.168.1.1-192.168.1.255"]
},
"api_access_log": {
"enabled": False,
"filename": "nettacker_api_access.log"
},
"api_db_name": _paths()["home_path"] + "/database.sqlite3"
}As you can see, the API key will be a random MD5 everytime you run the API, to change options through the commandline, it's not necessary to modify this config, just run the command!
--start-api start the API service
--api-host API_HOST API host address
--api-port API_PORT API port number
--api-debug-mode API debug mode
--api-access-key API_ACCESS_KEY
API access key
--api-client-white-list
just allow white list hosts to connect to the API
--api-client-white-list-ips API_CLIENT_WHITE_LIST_IPS
define white list hosts, separate with , (examples:
127.0.0.1, 192.168.0.1/24, 10.0.0.1-10.0.0.255)
--api-access-log generate API access log
--api-access-log-filename API_ACCESS_LOG_FILENAME
API access log filename
python nettacker.py --start-api --api-access-key mysecretkey
python nettacker.py --start-api --api-client-white-list
python nettacker.py --start-api --api-client-white-list --api-client-white-list-ips 127.0.0.1,192.168.0.1/24,10.0.0.1-10.0.0.255
python nettacker.py --start-api --api-access-log
python nettacker.py --start-api --api-access-log --api-access-log-filename log.txt
python nettacker.py --start-api --api-access-key mysecretkey --api-client-white-list --api-access-log
python nettacker.py --start-api --api-access-key mysecretkey --api-client-white-list --api-access-log
python nettacker.py --start-api --api-access-key mysecretkey --api-host 192.168.1.2 --api-port 80
python nettacker.py --start-api --api-access-log --api-port 8080 --api-debug-mode
- For further information on how to use the RESTful API please visit the API page.
OWASP Nettacker, currently supports two databases:
- SQLite
- MySQL The default database is SQLite. You can, however, configure the db to your liking.
The SQLite database can be configured in core/config.py file under the _database_config() function. Here is a sample configuration:
return {
"DB": "sqlite",
"DATABASE": _paths()["home_path"] + "/nettacker.db", # This is the location of your db
"USERNAME": "",
"PASSWORD": "",
"HOST": "",
"PORT": ""
}
The MySQL database can be configured in core/config.py file under the _database_config() function. Here is a sample configuration:
return {
"DB": "mysql",
"DATABASE": "nettacker", # This is the name of your db
"USERNAME": "username",
"PASSWORD": "password",
"HOST": "localhost or some other host",
"PORT": "3306 or some other custom port"
}
After this configuration,
- Open the configuration file of mysql(
/etc/mysql/my.cnfin case of linux) as a sudo user - Add this to the end of the file :
[mysqld]
sql_mode = "STRICT_TRANS_TABLES,NO_ZERO_IN_DATE,NO_ZERO_DATE,ERROR_FOR_DIVISION_BY_ZERO,NO_AUTO_CREATE_USER,NO_ENGINE_SUBSTITUTION"
- Restart MySQL
Nettacker currently supports local maltego transforms. We have the support for all the scanning, vulnerability scans and brute force transforms that are currently available in nettacker module. The usage is pretty easy and the transforms are pretty intuitive. Maltego is an awesome tool gathers information and displays it in a format, which is conducive to the human eyes pattern spotting. Maltego is based around entities (email address, domain name, person, phone number, etc) and transforms (queries) to pull information and match up the connections.
- To use nettacker local transforms, we need the maltego software. You can download it from the official website.
- In the
OWASP-Nettacker/lib/transactions/maltego/nettacker_transforms/src/nettacker_transforms.conffile please specify your directory forOWASP-Nettackerashome-directory. Here is an example:
home-directory = /home/wizard/OWASP-Nettacker/
- After this you need to import the entities into your maltego software. Click here
. - After this in the menu select the
entities.mtzfile located inOWASP-Nettacker/lib/transactions/maltego/nettacker_transforms/src/nettacker_transforms/resources/maltego
- Once the entities are imported, you need to create all the entities. From the
OWASP-Nettacker/lib/transactions/maltego/nettacker_transforms/src/folder run the following commandcanari create-profile nettacker_transforms -w {ABSOLUTE PATH OF DIRECTORY}/OWASP-Nettacker/lib/transactions/maltego/nettacker_transforms/src. This will create anettacker_transforms.mtzfile insideOWASP-Nettacker/lib/transactions/maltego/nettacker_transforms/src/.
- After this import this file into the maltego software.
- Click here:
\ - Select the file:
\ - Select all the options or less if you want to exclude some modules
\ - Click finish to finish import.
- Click here:
- After this drag and drop the nettacker scan or brute entity to an empty graph (can be opened by CTRL+T).
- Double click the entity to open this menu:
Enter the corresponding inputs into the menu. - Right click the graph to see this menu:
- Select whatever operation you want to perform and it will perform the operation for you.
- Here is an example of subdomain scan:
Let me know if you have any more questions.