Python-based automated penetration testing and information-gathering framework from OWASP
- Stars5.2k
- Forks1.1k
- Open Issues228
Apache-2.0
- Python
- CSS
- JavaScript
About OWASP Nettacker
OWASP Nettacker is a Python-based framework for automated penetration testing and information gathering. It helps cybersecurity professionals and ethical hackers run reconnaissance, vulnerability assessments, and network security audits across networks, web applications, IoT devices, and APIs.
A modular architecture covers port scanning, service detection, directory discovery, subdomain enumeration, vulnerability checks, network mapping, and credential brute-force testing. It supports HTTP/HTTPS, FTP, SSH, SMB, SMTP, ICMP, TELNET, and XML-RPC, with multithreaded scans, mixed target types, configurable delays, proxy support, and randomized user agents.
Reports export to HTML, JSON, CSV, and plain text. A CLI, REST API, and web UI let you define scans and view results, and a built-in database stores past scans for search, comparison, and drift detection across CI/CD pipelines.
Key features
- Modular scans for ports, services, directories, subdomains, and vulnerabilities
- HTTP/HTTPS, FTP, SSH, SMB, SMTP, ICMP, TELNET, and XML-RPC support
- CLI, REST API, and Web UI for defining scans and viewing results
- Exports reports in HTML, JSON, CSV, and plain text
- Stores past scans for search, comparison, and drift detection
Details
- First released
- 2017
- Language
- Python
- Interfaces
- CLI · REST API · Web UI
- Storage
- Local SQLite database
- Reports
- HTML · JSON · CSV · text
- Targets
- IPv4 · CIDR · domains · URLs