nettacker

List all available modules

$ nettacker --show-all-modules

$ nettacker [[-m|--modules]] port_scan [[-i|--targets]] [192.168.0.1/24,owasp.org,scanme.org,...]

$ nettacker [[-m|--modules]] port_scan [[-g|--ports]] [22,80,443,...] [[-l|--targets-list]] [path/to/targets.txt]

$ nettacker --ping-before-scan [[-m|--modules]] [port_scan,subdomain_scan,waf_scan,...] [[-g|--ports]] [80,443] [[-i|--targets]] [owasp.org]

nettacker [options]

-i, --targets
    Specifies the target(s) for the scan. This can be an IP address, CIDR range, hostname, URL, or a path to a file containing a list of targets (one per line).

-m, --module-name
    Defines the scan module to be used. Examples include port_scan, web_info, xss_scan, sql_injection_scan, ftp_bruteforce, whois, etc. Multiple modules can often be specified, separated by commas.

-s, --scan-method
    Similar to --module-name, specifies the specific scan method to execute. This can be a single method or a comma-separated list of methods to run sequentially.

-t, --threads
    Sets the number of threads (concurrent workers) to use for scanning, affecting scan speed. Default values vary per module.

--ports
    A comma-separated list of ports or port ranges to scan (e.g., '80,443,21-23'). Primarily used with network scanning modules.

--timeout
    Sets the timeout for network requests in seconds.

--time-sleep
    Specifies the time to sleep between requests in seconds, useful for avoiding rate limiting or detection.

--retries
    Number of retries for failed requests.

-l, --log-path
    Specifies the directory where log files should be saved. Nettacker generates detailed logs of its operations.

-o, --output-path
    Specifies the directory where scan results will be saved. Results are often saved in JSON or HTML format for easy viewing.

--users
    Path to a file containing a list of usernames to be used with bruteforcing modules (e.g., FTP, SSH, HTTP).

--passwords
    Path to a file containing a list of passwords to be used with bruteforcing modules.

--proxy
    Specifies a proxy server (e.g., 'http://127.0.0.1:8080', 'socks5://127.0.0.1:9050') for all network requests.

--user-agent
    Sets a custom User-Agent string for HTTP requests, useful for evading detection or mimicking specific browsers.

--cookie
    Sets custom cookie headers for HTTP requests in the format 'name=value;'. Useful for authenticated scans.

--headers
    Additional custom HTTP headers in 'Name:Value,' format (e.g., 'X-Forwarded-For:127.0.0.1').

--verbose
    Enables verbose output, showing more details about the ongoing scan processes and results directly to the console.

--version
    Displays the current version of the Nettacker framework and exits.

--help
    Displays the help message, listing all available options and basic usage examples.

Nettacker is an open-source, automated penetration testing framework designed to streamline and simplify various security assessment tasks. It provides a comprehensive suite of modules for information gathering, vulnerability scanning, and bruteforcing, making it a versatile tool for security researchers, penetration testers, and system administrators.

The tool supports a wide range of functionalities including network scanning (e.g., port scanning, service detection), web application vulnerability assessments (e.g., XSS, SQL Injection, LFI, RFI, SSRF), CMS detection and vulnerability checks, and various information gathering techniques (e.g., Whois, DNS enumeration, subdomain discovery). Nettacker can identify common misconfigurations and vulnerabilities across different protocols and services, helping users to quickly pinpoint potential security weaknesses. Its modular design allows for flexible usage, enabling users to combine different scan methods to achieve specific assessment goals. Written primarily in Python, it's cross-platform and extensible.

Nettacker is a powerful penetration testing tool that can generate significant network traffic and potentially disrupt services if misused. It should only be used on systems for which you have explicit authorization. Unauthorized scanning or testing is illegal and unethical. Users must ensure proper network connectivity and a correctly configured Python environment (Python 3.x is required) for optimal performance. Some modules may require specific external libraries or dependencies.

Nettacker can be installed via Python's package manager `pip` (e.g., `pip3 install nettacker`) which places the `nettacker` executable directly in your system's PATH. Alternatively, it can be installed by cloning its official GitHub repository and running it directly with Python (e.g., `git clone https://github.com/nettacker/nettacker.git && cd nettacker && python3 nettacker.py`). The `pip` installation is generally recommended for ease of use and updates.

Nettacker organizes its functionalities into various modules, each specializing in a different type of assessment:
Information Gathering Modules: such as whois, dns_lookup, subdomain_finder, and reverse_ip to collect intelligence.
Network Scanning Modules: including port_scan, banner_grabbing, arp_scan, and dhcp_scan for network reconnaissance.
Web Vulnerability Scanning Modules: covering a wide range of web application vulnerabilities like xss_scan, sql_injection_scan, lfi_scan, rfi_scan, ssrf_scan, open_redirect_scan, cms_scan, and header_security_scan.
Bruteforce Modules: for protocols like ftp_bruteforce, ssh_bruteforce, http_bruteforce, and smtp_bruteforce.
Users can select specific modules or combine them to perform comprehensive assessments tailored to their needs.

Nettacker is an active open-source project primarily developed and maintained by a community of security researchers and developers. It is hosted on GitHub, where its development history, including bug fixes, feature additions, and module expansions, can be traced through its commit logs and releases. Its continuous development aims to integrate new vulnerability checks and improve efficiency in automated security assessments. It has gained popularity due to its modular design and Python-based implementation, making it accessible and extensible for many users in the cybersecurity community.

nmap(1), nikto(1), sqlmap(1), metasploit(1), openvas(1)