owasp / nettacker Goto Github PK

Automated Penetration Testing Framework - Open-Source Vulnerability Scanner - Vulnerability Management

Home Page: https://owasp.org/www-project-nettacker/

License: Apache License 2.0

Python 56.68% CSS 29.37% JavaScript 13.84% Dockerfile 0.10%

python penetration-testing penetration-testing-framework owasp automation portscanner vulnerability-scanners information-gathering network-analysis bruteforce

nettacker's Introduction

OWASP Nettacker

DISCLAIMER

THIS SOFTWARE WAS CREATED FOR AUTOMATED PENETRATION TESTING AND INFORMATION GATHERING. CONTRIBUTORS WILL NOT BE RESPONSIBLE FOR ANY ILLEGAL USAGE.

OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP, and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.

OWASP Page: https://owasp.org/www-project-nettacker/
Wiki: https://github.com/OWASP/Nettacker/wiki
Installation: https://github.com/OWASP/Nettacker/wiki/Installation
Usage: https://github.com/OWASP/Nettacker/wiki/Usage
GitHub: https://github.com/OWASP/Nettacker
Slack: #project-nettacker on https://owasp.slack.com
Mailing List: https://groups.google.com/forum/#!forum/owasp-nettacker
Docker Image: https://hub.docker.com/r/owasp/nettacker
How to use the Dockerfile: https://github.com/OWASP/Nettacker/wiki/Installation#docker
OpenHub: https://www.openhub.net/p/OWASP-Nettacker
Donate: https://owasp.org/donate/?reponame=www-project-nettacker&title=OWASP+Nettacker
Read More: https://www.secologist.com/open-source-projects

Quick Setup & Run

$ docker-compose up -d && docker exec -it nettacker-nettacker-1 /bin/bash
# python nettacker.py -i owasp.org -s -m port_scan

Results are accessible from your (https://localhost:5000) or https://nettacker-api.z3r0d4y.com:5000/ (pointed to your localhost)
The local database is .data/nettacker.db (sqlite).
Default results path is .data/results
docker-compose will share your nettacker folder, so you will not lose any data after docker-compose down
To see the API key in you can run docker logs nettacker_nettacker_1.
More details and setup without docker https://github.com/OWASP/Nettacker/wiki/Installation

Thanks to our awesome contributors

IoT Scanner

Python Multi Thread & Multi Process Network Information Gathering Vulnerability Scanner
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and many more… )
Asset Discovery & Network Service Analysis
Services Brute Force Testing
Services Vulnerability Testing
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …
HTML, JSON, CSV and Text Outputs
API & WebUI
This project is at the moment in research and development phase
Thanks to Google Summer of Code Initiative and all the students who contributed to this project during their summer breaks:

Stargazers over time

nettacker's People

Contributors

Stargazers

Watchers

Forkers

vaginessa cys3c tobey123 samyoyo mojtaba-masoumpour theralfbrown adamnugraha rezasp expertasif ch4p34un0ir mvrhtt0x00 hwb10297 dmmcoco ehsan-nezami mehrdad-shokri vasiab camel32bit h3di zerod4y teicu ivancornejo-tech exploitcollection theanalyzer sireof arianph alpha0king grant555 sbambach minkione isouser 0thm4n3 4n6strider 5up3rc helloexp h0k5 firefalc0n khagoyos22 amorb omdmhd slowmistio taheralicyclewala subzeroking bikemaker hardlyhuman jack51706 susantaroy2002 mrmugiwara gagaltotal chukwuemelie4 ravindra1307 fb11 jacielaurelio yesihack imgkl agilee paultfh piterpentester hklcf ykankaya mjgrey inc775 shaddygarg hybridious tikam02 subc0ol alirezapci mrhacker46 siegfried5 murthysagi purplebyteone nycto-hackerone panckazzz mlynchcogent mirsamantajbakhsh prodject mrtaheramine rev-lulz vmnguyen ro9ueadmin zavke namansahore crypticace1 bharadwajyas jeckyoh maxdu92 victorsuraj nawfling adaube faizzaidi gadoi methos2016 jowasp shivammehta25 ali-razmjoo blackj0ker80 0x43f intraspeciespredator161 shantanu561993 cavemanguy andreibezdedeanu1

nettacker's Issues

Add category to events

Hello everyone,

There are 6 keys in the event. which are:

{
  "USERNAME": "",
  "DESCRIPTION": "OPEN PORT",
  "HOST": "127.0.0.1",
  "TIME": "2018-01-11 08:03:34",
  "PASSWORD": "",
  "TYPE": "tcp_connect_port_scan",
  "PORT": 1080
}

It would be better if we add CATEGORY in the event. to do this, you need to add it to all available modules in lib/scan and lib/brute.

note: please update the #4 after the task finished.

Let me know if there is any question.
Regards.

add retries to database queries

Hello,

I am working on this error [!] could not connect to the database!, it happens when multi-threads want to execute a query together.

 python nettacker.py -i 192.168.1.1,192.168.1.124 -m port_scan -t 1000



   ______          __      _____ _____
  / __ \ \        / /\    / ____|  __ \
 | |  | \ \  /\  / /  \  | (___ | |__) |
 | |  | |\ \/  \/ / /\ \  \___ \|  ___/
 | |__| | \  /\  / ____ \ ____) | |     Version 0.0.1
  \____/   \/  \/_/    \_\_____/|_|     SAME
                          _   _      _   _             _
                         | \ | |    | | | |           | |
  github.com/viraintel   |  \| | ___| |_| |_ __ _  ___| | _____ _ __
  owasp.org              | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
  viraintel.com          | |\  |  __/ |_| || (_| | (__|   <  __/ |
                         |_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|



[!] it's better to use thread number lower than 100, BTW we are continuing...
[+] Nettacker engine started ...


[!] you are not using the last version of OWASP Nettacker, please update.
[+] 13 modules loaded ...
[+] target 192.168.1.124 submitted!
[+] target 192.168.1.1 submitted!
[+] start attacking 192.168.1.124, 1 of 2
[+] start attacking 192.168.1.1, 2 of 2
[+] host: 192.168.1.124 port: 22 (TCP_CONNECT) found!
[+] host: 192.168.1.1 port: 1 (TCP_CONNECT) found!
[+] host: 192.168.1.1 port: 22 (TCP_CONNECT) found!
[+] host: 192.168.1.124 port: 135 (TCP_CONNECT) found!
[+] host: 192.168.1.124 port: 139 (TCP_CONNECT) found!
[+] host: 192.168.1.1 port: 53 (TCP_CONNECT) found!
[+] host: 192.168.1.1 port: 80 (TCP_CONNECT) found!
[+] host: 192.168.1.1 port: 111 (TCP_CONNECT) found!
[+] host: 192.168.1.124 port: 445 (TCP_CONNECT) found!
[!] could not connect to the database!
[!] could not connect to the database!
[+] host: 192.168.1.124 port: 2179 (TCP_CONNECT) found!
[+] removing temp files!
[+] sorting results!
[+] building graph ...
[+] finish building graph!
[+] updating the database...
[+] inserting report to the database
[+] removing old logs from db

[+] done!

I going to solve this issue by adding a retries loop with 0.01 sleep time. let me know if you have a better idea.

Regards.

Add Documents, Improve Wiki, Add Training Videos

Hello everyone,

OWASP Nettacker doesn't have any documents or wiki right now, It's best we start Developers/Users documents to make it more friendly.

I glad if anyone can help on this! (start from wiki)

The scan methods in the readme need to be updated

The readme does not have the latest scan methods included.

Multiple imports of random in pma_scan module

The file engine.py in pma_scan module has multiple imports of random https://github.com/viraintel/OWASP-Nettacker/blob/master/lib/scan/pma/engine.py#L10 and https://github.com/viraintel/OWASP-Nettacker/blob/master/lib/scan/pma/engine.py#L12

OS: Ubuntu

OS Version: 17.10

Python Version: 2.7

Select modules for scanning by using the category

Hello everyone,

Right now we can select the modules with -m switch and it works like:

-m tcp_connect_port_scan
-m tcp_connect_port_scan,smtp_brute
-m tcp_connect_port_scan,ssh_brute,dir_scan
-m all

but it does not support the *_scan or *_brute or in future *_vuln (*_x). It's best to add the * pattern.

Just notice that, if anyone select anything, we must check if its not returning empty! (*_blabla) will return nothing!

you can develop it by adding a custom rule in check_all_required in load_all_args function. this part:

....
    if scan_method is not None and scan_method == "all":
        scan_method = module_names
        scan_method.remove("all")
...

let me know if there is any question.

Regards.

multiple bugs in the modules

Hello,

Thanks to @shaddygarg for the recent contribution on #45, now we can see all of the vuln, scan, brute module have the same bug as pma_scan. I glad if anyone would send a fix through the PR.

Best Regards.

Http Basic Authentication using port :80:80 and giving false positive results

Please Describe the issue or question and share your OS and Python version.

OS: Linux

OS Version: Linux Ubuntu

Python Version: 2.7.3

Create profile switch

Hello Everyone,

It would be great if the framework has --profile switch to auto select some modules and options for users. for example --profile port_scan to select all port scanning available modules.

just notice that we don't have many modules yet and it's different with default scanning profile. default scanning profile will be automatically selected from config.py.

Let me know if you have any question.

Regards.

Wizard Switch

Hello everyone.

I think it's great if the project has a --wizard switch for beginners. command lines maybe boring or complicated for newbie users. wizard switch may also have default values so if you just pushed the enter, the framework would set the default values. default values are saved in config.py in the main directory. (just target value can't be default!).

Let me know if there is any question.
Regards.

Index Error in http_basic_auth

Please Describe the issue or question and share your OS and Python version.

OS: Linux

OS Version: Linux ubuntu

Python Version: 2.7.3

setup.py is not working well

Hello,

@ArianPH notice me that setup.py is not working well, It seems we have some issues on macOS and ubuntu. (Arian is working on the solution right now. if anyone has some ideas we are glad to hear them.

I tested it on windows, it's working fine....

Regards.

Overflow of long texts in web

The web UI doesn't handle the overflow when large number of scan methods are present.

Create some new modules

Hello everyone,

if anyone would like to add some few modules to the framework, that would be great for our growing framework. some of a few ideas:

simple udp, syn, ack port scan
simple icmp scan (ping test)
phpmyadmin scan
wappalyzer scan for http
a few more brute force modules (http (basic auth, ntlm, form), telnet, and so on)

let me know if there is any question.
Regards.

framework false target input check

Hello,

It seems there is a bug in target types (#66), this bug came from core/targets.py [1]. feel free to contribute to this and send your PR.

Best Regards.

Develop OWASP Nettacker Languages

Hello everyone,

I just start creating messages in a Python file which is using JSON to keep the sentences.

How should you add a new language? easy, just open the languages.py and start adding the messages. here it's an example.

Original:

 {
            "0": {
                "en": "Nettacker engine started ...\n\n"
            },
            "1": {
                "en": "python nettacker.py [options]"
            },
            "2": {
                "en": "Nettacker Help Menu"
            },
...

           "29": {
                "en": "set timeout to {0} seconds, it is too big, isn\"t it ? by the way we are continuing..."
            },
            "30": {
                "en": "this scan module [{0}] not found!"
           },
...

after adding Farsi/Persian language:

 {
            "0": {
                "en": "Nettacker engine started ...\n\n",
                "fa": "انجین Nettacker شروع به کار کرد ...\n\n"
            },
            "1": {
                "en": "python nettacker.py [options]",
                "fa": "python nettacker.py [گزینه ها]"
            },
            "2": {
                "en": "Nettacker Help Menu",
                "fa": "منو راهنمای Nettacker"
            },
...

           "29": {
                "en": "set timeout to {0} seconds, it is too big, isn\"t it ? by the way we are continuing...",
                "fa": "مهلت بر روی {0} ثانیه تنظیم شد، خیلی زیاد است، نیست ؟ به هر حال ما ادامه خواهیم داد"
            },
            "30": {
                "en": "this scan module [{0}] not found!",
                "fa": "این ماژول [{0}] پیدا نشد!"
           },
...

as you see, you need to add a cama , and then add your language and sentences.

There is also a wiki that would be great if support multi languages.

I glad if anyone can help and make the PR. Persian (Farsi), Russian, Germany, French, Chinese, Vietnamese, Spanish, Indian (Hindi), Portuguese, Japanese, Italian, Ordo, Turkish. Dutch, are the most common, please try to work on them first.

Thank you.

module http_ntlm_brute is not available

Hello,

check the latest test on TravisCI, this module having some errors.

[+] start attacking 127.0.0.1, 14 of 29
[X] this module "http_ntlm_brute" is not available
[!] unable to open http://127.0.0.1/
[+] start attacking 127.0.0.1, 16 of 29
[+] start attacking 127.0.0.1, 18 of 29
[+] start attacking 127.0.0.1, 17 of 29
[X] this module "http_form_brute" is not available
[+] start attacking 127.0.0.1, 19 of 29
[+] trying 1 of 16 in process 3 of 29 127.0.0.1:21 (telnet_brute)

Regards.

OS: Linux

OS Version: using TravisCI

Python Version: 2.x, 3.x

Create Maltego Transaction for OWASP-Nettacker (Local & Server)

Hi everyone,

I want to create Maltego transaction for the framework, first, I will create a local transaction and then develop and complete that, we may start a server-based transaction in the second phase.

Let me know if you have suggestion about this.

Regards.

Developers wiki shows core/aler instead of core/alert

In developers wiki under the Considerations heading(https://github.com/viraintel/OWASP-Nettacker/wiki/Developers#considerations) and alerts subheading, code snippets show core/aler instead of core/alert. Here is the attached screenshot :

Issue with port scan module when using --method-args port_scan_stealth=true

Please Describe the issue or question and share your OS and Python version.

OS: Linux

OS Version: Ubuntu

Python Version: 2.7.3

IPv6 Support for OWASP Nettacker Framework

Hello everyone,

Currently the framework supports 5 types of target input. IPv6, RANGE_IPv4, CIDR_IPv4, DOMAIN, HTTP.

IPv4: 127.0.0.1
RANGE_IPv4: 127.0.0.1-128.255.255.255
CIDR_IPv4: 127.0.0.1/8
Domain: owasp.org

The biggest missing feature is support IPv6. I glad if anyone can help to improve the framework to support IPv6, RANGE_IPv6 and CIDR_IPv6. target types are defined in core/targets.py.

let me know if you have any question,

Regards.

A better ICMP library

Hello,

I just notice that in #47 the lib/icmp and icmp_scan need to run as root to be working, I glad if someone can give us a better solution and contribute a new lib and replace the libraries.

let me know if anyone has any idea.

Best Regards.

the wizard looks broken!

see the image! this is what i saw when i wanted to create a video tutorial on how to use the app.
this is zsh, but i tested with normal bash and had the same result! :)
image

OS: UBUNTU 17.10

OS Version: 17.10

Python Version: 3.6.3

A better language library

Hello everyone,

As you see the framework is growing, we may need a better language library to keep our data in and also easier to develop for developers and translators. right now we keeping the language's data in the core/languages.py but I believe it needs to be separate and get a new face. I suggest XML or JSON structure. And it's better if every module has their own language library file.

Let me know if there is any question.

Regards.

Issue in stealth scan in port scan

Please Describe the issue or question and share your OS and Python version.

OS: Linux

OS Version: Linux ubuntu 3.13.0-32-generic

Python Version: 2.7.3

A better target calculation

Hello everyone,

When the framework starts, It starts processing on targets and calculate the number of them. (getting subdomains, IP ranges and etc). this process is in the core/parse.py by calling the analysis function from core/targets.py.

core/parse.py:

    for total_targets, _ in enumerate(
            analysis(targets, check_ranges, check_subdomains, subs_temp, range_temp, log_in_file, time_sleep,
                     language, verbose_level, show_version, check_update, socks_proxy, retries)):
        pass
    total_targets += 1
    total_targets = total_targets * len(scan_method)
    targets = analysis(targets, check_ranges, check_subdomains, subs_temp, range_temp, log_in_file, time_sleep,
                       language, verbose_level, show_version, check_update, socks_proxy, retries)

as you see, first it's calculating the total_targets and then it's recalling the function again to get the targets.

I know it's wrong but It's working! I glad if someone provides a better method!

let me know if you have any question.

Regards.

Create more categories for the framework

Hello everyone,

The framework already has scan and brute category. It's best if we can add more categories like vuln to check the vulnerabilities and exploits or fuzz to create some fuzzer or something! (I don't have ideas for fuzzers).

for the beginning, heartbleed_vuln or ethernal_blue_vuln would be great!

let me know if there is any question.
Regards.

prevent collision while writing logs

Hello everyone,

While I was testing the frameworks, I notice that sometimes when the modules are writing the logs some collision happens.

save = open(log_in_file, 'a')
save.write(
    json.dumps({'HOST': target, 'USERNAME': user, 'PASSWORD': passwd, 'PORT': port, 'TYPE': 'ssh_brute',
                'DESCRIPTION': messages(language, 66), 'TIME': now(), 'CATEGORY': "brute",
                'SCAN_ID': scan_id, 'SCAN_CMD': scan_cmd}) + '\n')
save.close()

it's best to add a function to the core and use it for locking the file and waiting for unlocking and replace all logging with this function.

sample function:

def __log_to_file(filename, mode="a")
	while 1:
		if file not lock:
			lock the file
			write.filename.mode
			unlock the file
			break
		else 
			sleep x.x
	return True

Let me know if anyone can help with this.

Regards.

OWASP Nettacker API

Hello everyone,

OWASP Nettacker doesn't have any API at the moment so It's best to develop one! The purpose to design an API is that we can provide more user interfaces and controllers.

where are the events? all events that we'd show to users are using core.alert to print on the command line in one of these types: info, warn, error, write. also, every thread and events will save in the output file with JSON structure. output filename by default is like results/results_date_random_chars.html -> results_2018_01_11_08_05_56_mkjiyjxklc.html and it's stored in log_in_file variable in the framework (even if users change it with -o switch it's still in that variable).
example of a tcp_connect_port_scan event:

{
  "USERNAME": "",
  "CATEGORY": "scan",
  "HOST": "127.0.0.1",
  "DESCRIPTION": "OPEN PORT",
  "TIME": "2018-01-11 11:47:05",
  "PASSWORD": "",
  "TYPE": "tcp_connect_port_scan",
  "PORT": 1080
}

this JSON has 7 keys which are HOST, PORT, USERNAME, PASSWORD, DESCRIPTION, CATEGORY, TIME, TYPE. TYPE is the module name. I should notice that the keys are changing depend on the language, so if somone select Persian language, HOST will change to هاست and these replacements are available in core/languages.py.

{
  "درگاه": 1080,
  "هاست": "127.0.0.1",
  "کلمه عبور": "",
  "دسته": "scan",
  "نوع": "tcp_connect_port_scan",
  "زمان": "2018-01-11 11:47:36",
  "نام کاربری": "",
  "توضیحات": "درگاه باز"
}

replacements:

_HOST = messages(language, 53)
_USERNAME = messages(language, 54)
_PASSWORD = messages(language, 55)
_PORT = messages(language, 56)
_TYPE = messages(language, 57)
_DESCRIPTION = messages(language, 58)
_TIME = messages(language, 115)
_CATEGORY = messages(language, 116)

to check the replacements you can open the core/languages.py and look for the keys. _HOST key is53 so it's (default: "en"):

{
  "53": {
    "ru": "хозяин",
    "fr": "HÔTE",
    "en": "HOST",
    "nl": "HOST",
    "el": "ΠΛΗΘΟΣ",
    "vi": "HOST",
    "de": "GASTGEBER",
    "tr": "HOST",
    "ps": "HOST",
    "ur": "HOST",
    "fa": "هاست",
    "ja": "ホスト",
    "hi": "मेज़बान",
    "zh-cn": "主办",
    "ko": "숙주",
    "it": "OSPITE",
    "hy": "HOST",
    "ar": "مضيف",
    "id": "TUAN RUMAH",
    "es": "ANFITRIÓN"
  }
}

at the end, I should mention that the default language is always "en" except if a user changes it with command line or config file. the language value stores in language variable in the framework. if a value doesn't have any replacement in other languages, you may use en.

let me know if there is any question.

Regards.

Create GUI Based on the API

Hello everyone,

After completing the API, It's best to add create a GUI for the project. Right now I am thinking about Qt but let me know if you have a better idea.

Let me know if there is any question.
Regards.

A better multi threaded framework!

Hello everyone.

Right now OWASP Nettacker has two kinds of multi-threading/processing. the first one is -M switch which is the number of hosts to scan together. It's using multiprocessing module. another one is the number of threads to a host -t switch. It's using the threading module.

the problem is when the threading number is too high, and we want to count the active threads! for example, check the core/parse.py.

    for target in targets:
        for sm in scan_method:
            trying += 1
            p = multiprocessing.Process(target=start_attack, args=(
                str(target).rsplit()[0], trying, total_targets, sm, users, passwds, timeout_sec, thread_number,
                ports, log_in_file, time_sleep, language, verbose_level, show_version, check_update, socks_proxy,
                retries, ping_flag, methods_args))
            p.start()
            while 1:
                n = 0
                processes = multiprocessing.active_children()
                for process in processes:
                    if process.is_alive() is True:
                        n += 1
                    else:
                        processes.remove(process)
                if n >= thread_number_host:
                    time.sleep(0.01)
                else:
                    break

there is a for to check if the process is still alive and count it, otherwise remove the process from the array and if array length would be smaller than thread number, then add a new process.

or you can check one of the modules to see how the count with threading works.

        for port in ports:
            port = int(port)
            t = threading.Thread(target=connect,
                                 args=(target, int(port), timeout_sec, log_in_file, language, time_sleep,
                                       thread_tmp_filename, socks_proxy))
            threads.append(t)
            t.start()
            trying += 1
            if verbose_level is not 0:
                info(messages(language, 72).format(trying, total_req, num, total, target, port))
            while 1:
                try:
                    n = 0
                    for thread in threads:
                        if thread.isAlive() is True:
                            n += 1
                        else:
                            threads.remove(thread)
                    if n >= max:
                        time.sleep(0.01)
                    else:
                        break
                except KeyboardInterrupt:
                    break
                    break

it's the same!

if set the thread number in tcp_connect_port_scan as 1000. it takes more than "1 sec" to check all the dead threads and add new threads. and if we remove the time.sleep the CPU usage will go high! So we need a better counting algorithm and thread control!

Let me know if there is any question!

Regards.

Module http form brute not available

Please Describe the issue or question and share your OS and Python version.

OS: `Linux'

OS Version: Linux Ubuntu

Python Version: `2.7.3

args_loader upgrade

Hello,

according to #60 issue, the core/args_loader.py is not working well and does not consider all possible commands. we can add a task to replace --method-args port_scan_stealth with --method-args port_scan_stealth=True. the default values for any key would be True.

e.g. --method-args port_scan_stealth&port_scan_ports=1,2,3&dir_scan_random_agent would be equal to --method-args port_scan_stealth=True&port_scan_ports=1,2,3&dir_scan_random_agent=True

let me know if anyone would like to work on this.

Best Regards.

New language library

Hello,

As the framework is growing, I think the existing language library I created to keep the message is not good enough for a bigger framework, using numbers make conflicts in PRs. I think it's better to change it before framework gets bigger.

my idea is, use the same libs structure, but use messages instead of numbers.

#!/usr/bin/env python
# -*- coding: utf-8 -*-


def all_messages():
    """
    keep all messages in en
    Returns:
        all messages in JSON
    """
    return \
        {
            "start_message": "Nettacker engine started ...\n\n",
            "help_options": "python nettacker.py [options]",
            "help_menu": "Show Nettacker Help Menu",
             etc...
        }

let me know if anyone would like to work on this. it has priority to fix and update documentation.

Best Regards.

Stealth Flag referenced before assignment

Please Describe the issue or question and share your OS and Python version.

OS: Linu

OS Version: Ubuntu

Python Version: 2.7.3

add a filepath function

Hello,

in the #31 PR, I've seen using filepath = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) many times, It would be great if we add a function for it in the core.load_modules and every time we need the path we just call the function. Let me know if anyone would like to work on this.

Regards.

Version upgrade file showing errors

Please Describe the issue or question and share your OS and Python version.

http://nettacker.z3r0d4y.com/version.py
the link which is used for checking the latest version of nettacker is throwing an error!

Header Info-
User-Agent : OWASP Nettacker

i can make video tutorials in both english and persian, but need help!

so, i have been following the project for a few month's now and always wanted to contribute, but have no clue what this is and what it does. im just watching the code, i know part's of it and how it works, but since i have no background on security and what all these security terms mean, i can't figure it out.
if there was a helping content that i could use, like how to setup a lab and test the best of it, i could make detailed video tutorials for it. i actually really look forward for code contributions too, but have no spare time for that yet.

OS: Ubuntu

OS Version: 17.10

Python Version: 2.7 - 3.6

bug in new function "core.log.__log_into_file"

Hello,

I was testing the framework with -t 1000 -M 1000 threads and I've seen sometimes there is a deadlock in this function. Now the framework has a small SQLite database which I used for the web interface and the API. To prevent the deadlock we must remove flock and write the logs directly to the database hosts_log table. we may use the threads for inserting them (to avoid decreasing speed) and this part of core/log.py and do it while inserting logs in the database. we may use scan_id hash for selecting the logs and create the report log file too.

# this part must move into __log_into_file
if api_flag is 0:
        info(messages(language, 171))
    hosts = []
    for log in JSON_Data:
        if log["HOST"] not in hosts:
            hosts.append(log["HOST"])
    for host in hosts:
        for sm in scan_method.rsplit(','):
            remove_old_logs(host, sm, scan_id, language, api_flag)
    if api_flag is 0:
        info(messages(language, 170))
    for log in JSON_Data:
        submit_logs_to_db(language, api_flag, log)

__log_into_file also should be renamed to __log_into_db. and locate in api.__database file.
let me know if anyone has time to work on this.

Regards.

slow calculation in graphs

Hello,

In general, we have 3 types of graph, which 2 of them are unique. I used a very bad algorithm to convert the JSON logs of the framework to the JSON graph type.

our JSON structure:

[
  {
    "USERNAME": "",
    "CATEGORY": "scan",
    "SCAN_ID": "09561c27ba0220ed95fe872801c63002",
    "DESCRIPTION": "OPEN PORT",
    "SCAN_CMD": "nettacker.py -i 127.0.0.1 -m all -t 1000 -u root -p root -o ff.json --exclude viewdns_reverse_ip_lookup_scan",
    "HOST": "127.0.0.1",
    "TIME": "2018-02-03 20:00:45",
    "PASSWORD": "",
    "TYPE": "tcp_connect_port_scan",
    "PORT": 22
  },
  {
    "USERNAME": "",
    "CATEGORY": "scan",
    "SCAN_ID": "09561c27ba0220ed95fe872801c63002",
    "DESCRIPTION": "OPEN PORT",
    "SCAN_CMD": "nettacker.py -i 127.0.0.1 -m all -t 1000 -u root -p root -o ff.json --exclude viewdns_reverse_ip_lookup_scan",
    "HOST": "127.0.0.1",
    "TIME": "2018-02-03 20:00:45",
    "PASSWORD": "",
    "TYPE": "tcp_connect_port_scan",
    "PORT": 135
  },
  {
    "USERNAME": "",
    "CATEGORY": "scan",
    "SCAN_ID": "09561c27ba0220ed95fe872801c63002",
    "DESCRIPTION": "OPEN PORT",
    "SCAN_CMD": "nettacker.py -i 127.0.0.1 -m all -t 1000 -u root -p root -o ff.json --exclude viewdns_reverse_ip_lookup_scan",
    "HOST": "127.0.0.1",
    "TIME": "2018-02-03 20:00:45",
    "PASSWORD": "",
    "TYPE": "tcp_connect_port_scan",
    "PORT": 1001
  },
  {
    "USERNAME": "",
    "CATEGORY": "scan",
    "SCAN_ID": "09561c27ba0220ed95fe872801c63002",
    "DESCRIPTION": "OPEN PORT",
    "SCAN_CMD": "nettacker.py -i 127.0.0.1 -m all -t 1000 -u root -p root -o ff.json --exclude viewdns_reverse_ip_lookup_scan",
    "HOST": "127.0.0.1",
    "TIME": "2018-02-03 20:00:45",
    "PASSWORD": "",
    "TYPE": "tcp_connect_port_scan",
    "PORT": 1080
  },
  {
    "USERNAME": "",
    "CATEGORY": "scan",
    "SCAN_ID": "09561c27ba0220ed95fe872801c63002",
    "DESCRIPTION": "OPEN PORT",
    "SCAN_CMD": "nettacker.py -i 127.0.0.1 -m all -t 1000 -u root -p root -o ff.json --exclude viewdns_reverse_ip_lookup_scan",
    "HOST": "127.0.0.1",
    "TIME": "2018-02-03 20:00:45",
    "PASSWORD": "",
    "TYPE": "tcp_connect_port_scan",
    "PORT": 445
  },
  {
    "USERNAME": "",
    "CATEGORY": "scan",
    "SCAN_ID": "09561c27ba0220ed95fe872801c63002",
    "DESCRIPTION": "OPEN PORT",
    "SCAN_CMD": "nettacker.py -i 127.0.0.1 -m all -t 1000 -u root -p root -o ff.json --exclude viewdns_reverse_ip_lookup_scan",
    "HOST": "127.0.0.1",
    "TIME": "2018-02-03 20:00:45",
    "PASSWORD": "",
    "TYPE": "tcp_connect_port_scan",
    "PORT": 2179
  }
]

d3 JSON structure

{
  "name": "Started Attack",
  "children": [
    {
      "name": "127.0.0.1",
      "children": [
        {
          "name": "tcp_connect_port_scan",
          "children": [
            {
              "name": "HOST: 127.0.0.1 PORT: \"22\" DESCRIPTION: \"OPEN PORT\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"445\" DESCRIPTION: \"OPEN PORT\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"1001\" DESCRIPTION: \"OPEN PORT\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"1080\" DESCRIPTION: \"OPEN PORT\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"135\" DESCRIPTION: \"OPEN PORT\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"2179\" DESCRIPTION: \"OPEN PORT\" USERNAME: \"\" PASSWORD: \"\""
            }
          ]
        },
        {
          "name": "viewdns_reverse_ip_lookup_scan",
          "children": [
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0-0fx.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0000003.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0000004.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0000005.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"000002.org\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00001111.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"000105.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"000156.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0001tea.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0003a.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"000888000.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"000niu.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001007.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001019.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001chuanqi.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001daogo.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001gww.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001pxw.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001rxjh.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001sp.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001tb.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001ty.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"001zf.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"003.szflw.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"003222.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0033555.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0033666.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0033777.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00362.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"003gp.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"005505.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0055222.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00583911.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"005ctv.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"005hj.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"005y.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0066000.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0066777.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"006ctv.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"006job.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0077666.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007dig.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007hygs.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007jhjp.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007lunt.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007m.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007qc.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007tianqi.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007ysl.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"007zeus.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0082pifa.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00852buy.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00852net.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0086asha.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0086sf.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0086xinxi.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0086yiwu.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0086zf.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00883.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0088sf.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"008c.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"008ctv.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"008dvd.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"008fb.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"008jyw.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"008pay.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"008wool.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"009er.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00disney.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00logo.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00mr.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00too.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00u.mobi\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00ux.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"00zhifu.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010-bj56.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010-elong.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010-sjh.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010004.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0100354.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010101000100110001000011.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0101118.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0101280.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01013800138.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0101ngn.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0101pc.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0102228.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01022law.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0104588.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0105000.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01055555.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0105557.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010577.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010583.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010595.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010699.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01089151064.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0109595.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010cxhs.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010elong.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010gk.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010gwk.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010hdzs.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010huaying.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010hyjc.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010jwtx188.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010pf.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010pifa.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010qiche.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010quna.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010sapt10086.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010smgw.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010sunshineclub.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010tvsky.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010ty.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010xdtd.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010xtkj10086.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010yc.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010yuai.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"010ywyj.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0112803579.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0123cad.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0123zone.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0127tuan.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"012csol.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"012paopao.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"016088.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01679.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0168yi.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"017018.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"017088.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"018098.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"018123.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"0185sf.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"018tk.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01bb.net\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01bluetooth.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01cloud.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01elong.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01hualian.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01hysj.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01kxy.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01lyw.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01mysf.com\" USERNAME: \"\" PASSWORD: \"\""
            },
            {
              "name": "HOST: 127.0.0.1 PORT: \"\" DESCRIPTION: \"01qqvip.com\" USERNAME: \"\" PASSWORD: \"\""
            }
          ]
        }
      ]
    }
  ]
}

{
  "data": [],
  "children": [
    {
      "children": [
        {
          "data": {
            "band": "OPEN PORT",
            "relation": [
              [
                "PORT: \"22\"",
                "DESCRIPTION: \"OPEN PORT\"",
                "USERNAME: \"\"",
                "PASSWORD: \"\""
              ],
              [
                "PORT: \"135\"",
                "DESCRIPTION: \"OPEN PORT\"",
                "USERNAME: \"\"",
                "PASSWORD: \"\""
              ],
              [
                "PORT: \"1001\"",
                "DESCRIPTION: \"OPEN PORT\"",
                "USERNAME: \"\"",
                "PASSWORD: \"\""
              ],
              [
                "PORT: \"1080\"",
                "DESCRIPTION: \"OPEN PORT\"",
                "USERNAME: \"\"",
                "PASSWORD: \"\""
              ],
              [
                "PORT: \"445\"",
                "DESCRIPTION: \"OPEN PORT\"",
                "USERNAME: \"\"",
                "PASSWORD: \"\""
              ],
              [
                "PORT: \"2179\"",
                "DESCRIPTION: \"OPEN PORT\"",
                "USERNAME: \"\"",
                "PASSWORD: \"\""
              ]
            ]
          },
          "children": [
            {
              "data": {
                "band": "DESCRIPTION: \"OPEN PORT\"",
                "relation": [
                  [
                    "PORT: \"22\"",
                    "DESCRIPTION: \"OPEN PORT\"",
                    "USERNAME: \"\"",
                    "PASSWORD: \"\""
                  ]
                ]
              },
              "children": [],
              "name": "22",
              "id": "b5Yh0Bq7LZLBTN0007KP"
            },
            {
              "data": {
                "band": "DESCRIPTION: \"OPEN PORT\"",
                "relation": [
                  [
                    "PORT: \"135\"",
                    "DESCRIPTION: \"OPEN PORT\"",
                    "USERNAME: \"\"",
                    "PASSWORD: \"\""
                  ]
                ]
              },
              "children": [],
              "name": "135",
              "id": "MpdUK8KecRI02rgRtVcM"
            },
            {
              "data": {
                "band": "DESCRIPTION: \"OPEN PORT\"",
                "relation": [
                  [
                    "PORT: \"1001\"",
                    "DESCRIPTION: \"OPEN PORT\"",
                    "USERNAME: \"\"",
                    "PASSWORD: \"\""
                  ]
                ]
              },
              "children": [],
              "name": "1001",
              "id": "PwS0qzqmds1aU8XUkLUg"
            },
            {
              "data": {
                "band": "DESCRIPTION: \"OPEN PORT\"",
                "relation": [
                  [
                    "PORT: \"1080\"",
                    "DESCRIPTION: \"OPEN PORT\"",
                    "USERNAME: \"\"",
                    "PASSWORD: \"\""
                  ]
                ]
              },
              "children": [],
              "name": "1080",
              "id": "SgKxAcUGTg0MtygEz0lD"
            },
            {
              "data": {
                "band": "DESCRIPTION: \"OPEN PORT\"",
                "relation": [
                  [
                    "PORT: \"445\"",
                    "DESCRIPTION: \"OPEN PORT\"",
                    "USERNAME: \"\"",
                    "PASSWORD: \"\""
                  ]
                ]
              },
              "children": [],
              "name": "445",
              "id": "AW7mrKih1qUrqgKCrbFx"
            },
            {
              "data": {
                "band": "DESCRIPTION: \"OPEN PORT\"",
                "relation": [
                  [
                    "PORT: \"2179\"",
                    "DESCRIPTION: \"OPEN PORT\"",
                    "USERNAME: \"\"",
                    "PASSWORD: \"\""
                  ]
                ]
              },
              "children": [],
              "name": "2179",
              "id": "04K4OMbYnLl2oCcp9rH8"
            }
          ],
          "name": "tcp_connect_port_scan",
          "id": "6xu7zgljItr0VfZF2YgU"
        }
      ],
      "data": {
        "relation": "Start Attacking"
      },
      "id": "1",
      "name": "127.0.0.1"
    }
  ],
  "id": "0",
  "relation": "",
  "name": "Start Attacking"
}

the existing must be changed specially d3. let me know if anyone has time to work on this.

regards.

Problem in run from other Directories

Hello everyone,

While running this framework on my machine (in MacOS) I've been notice that there is a different between running from "Working Directory" and from other Directories.

I think its because the framework can't read (find) its own files when "Working Directory" & "Location of Framework" are different; and when framework run from directories which are NOT the working directory, it can't find its own files and causes this problem.

Let me know if anyone have idea about that.

Regards.

OS: MacOS

OS Version: MacOS Sierra

Python Version: 2.7.10

A better HTML report

Hello everyone,

Right now the framework supports three types of outputs. JSON, Text and HTML. the HTML can handle a graph also. d3_tree_v1_graph, d3_tree_v2_graph, jit_circle_v1_graph. But it's not nice at all! I glad if someone could help me with a better HTML output.

To see how the framework is creating an HTML report, check the core/log.py.

Let me know if there is any question.

Regards.

No margin between various labels in firefox

The margin doesn't seem to work in Firefox but it works fine in chrome.

Implement a subdomain scanner

Hello everyone,

The framework subdomain scanner (-s, --sub-domains switch) is using sublist3r. we will need to add a subdomain_scan in our module in future BTW it would be great if we could remove this tool from lib/sublist3r and replace it with our own subdomain scanner. or if anyone has a better idea?

if you look into core/targets.py, you will see these codes.

                    tmp_exec = os.popen(
                        'python lib/sublist3r/sublist3r.py -d {0} -o {1} '.format(target, subs_temp)).read()
                    tmp_exec = list(set(open(subs_temp, 'r').read().replace(' ', '').rsplit()))

the problem is, sometimes this tool is too slow!

let me know if you have any question.

Regards.

complete the subdomain_scan

Hello,

there is an uncompleted task in subdomain_scan module which needs to be done. I glad if anyone could help to add this two resources in this module.

      # Must add later!
        # https://censys.io/certificates?q=domain
        # https://transparencyreport.google.com/https/certificates

Regards.

Feature Enhancement

Hi,
How about developing Web Application Scanner? If you are looking to have and isn't already available, I am ready to develop it.

OS: Ubuntu

OS Version: 16.04

Python Version: 3.5

Python3 ssh_brute error

Hello,

There is a bug in the ssh_brute module. I glad if anyone could help!

$ python3 nettacker.py -i 127.0.0.1 -m ssh_brute



   ______          __      _____ _____
  / __ \ \        / /\    / ____|  __ \
 | |  | \ \  /\  / /  \  | (___ | |__) |
 | |  | |\ \/  \/ / /\ \  \___ \|  ___/
 | |__| | \  /\  / ____ \ ____) | |     Version 0.0.1
  \____/   \/  \/_/    \_\_____/|_|     SAME
                          _   _      _   _             _
                         | \ | |    | | | |           | |
  github.com/viraintel   |  \| | ___| |_| |_ __ _  ___| | _____ _ __
  owasp.org              | . ` |/ _ \ __| __/ _` |/ __| |/ / _ \ '__|
  viraintel.com          | |\  |  __/ |_| || (_| | (__|   <  __/ |
                         |_| \_|\___|\__|\__\__,_|\___|_|\_\___|_|



[+] Nettacker engine started ...


[!] you are not using the last version of OWASP Nettacker, please update.
[+] 12 modules loaded ...
[+] target 127.0.0.1 submitted!
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/mnt/c/Users/Zombie/Documents/GitHub/OWASP-Nettacker/lib/brute/ssh/engine.py", line 116, in __connect_to_port
    ssh.connect(target, username='', password='', timeout=timeout_sec, port=port)
  File "/usr/local/lib/python3.5/dist-packages/paramiko/client.py", line 424, in connect
    passphrase,
  File "/usr/local/lib/python3.5/dist-packages/paramiko/client.py", line 714, in _auth
    raise saved_exception
  File "/usr/local/lib/python3.5/dist-packages/paramiko/client.py", line 701, in _auth
    self._transport.auth_password(username, password)
  File "/usr/local/lib/python3.5/dist-packages/paramiko/transport.py", line 1381, in auth_password
    return self.auth_handler.wait_for_response(my_event)
  File "/usr/local/lib/python3.5/dist-packages/paramiko/auth_handler.py", line 226, in wait_for_response
    raise e
paramiko.ssh_exception.AuthenticationException: Authentication failed.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.5/threading.py", line 914, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.5/threading.py", line 862, in run
    self._target(*self._args, **self._kwargs)
  File "/mnt/c/Users/Zombie/Documents/GitHub/OWASP-Nettacker/lib/brute/ssh/engine.py", line 122, in __connect_to_port
    if 'Authentication failed.' in ssherr:
TypeError: argument of type 'AuthenticationException' is not iterable

Regards.

Module Wappalyzer Scan is not Available

Please Describe the issue or question and share your OS and Python version.

OS: Linux

OS Version: Linux ubuntu

Python Version: 2.7.3

Create a local database and explorer (networks explorer)

Hello everyone,

It's awesome if OWASP Nettacker could provide a local database of every scan. We can add a new key in config.py named save_results_in_local_database and set default value as True .

what are the local DB and explorer is all about? I've seen some websites (shodan.io, censys.io) and opensource project ivre. They are a great explorer for the internet networks (internet/...). It would be supreme if we add one to the project. we may also do it right after finishing the API.

Let me know if there is any question.
Regards.

Adding more data to vuln modules

Proposed additional data to be added in vulnerability modules:

Name
Description
Risk rating
CVE
Solution
References

owasp / nettacker Goto Github PK

nettacker's Introduction

OWASP Nettacker

Quick Setup & Run

Thanks to our awesome contributors

IoT Scanner

Stargazers over time

nettacker's People

Contributors

Stargazers

Watchers

Forkers

nettacker's Issues

Recommend Projects

Recommend Topics

Recommend Org