Hello,

there is an uncompleted task in subdomain_scan module which needs to be done. I glad if anyone could help to add this two resources in this module.

      # Must add later!
        # https://censys.io/certificates?q=domain
        # https://transparencyreport.google.com/https/certificates

Regards.

Hello everyone,

if anyone would like to add some few modules to the framework, that would be great for our growing framework. some of a few ideas:

• simple udp, syn, ack port scan
• simple icmp scan (ping test)
• phpmyadmin scan
• wappalyzer scan for http
• a few more brute force modules (http (basic auth, ntlm, form), telnet, and so on)

let me know if there is any question. Regards.

OWASP-Nettacker currently lacks the power of scanning a network for running services before doing vulnerability assessment and sending payloads; hence every attack can end up useless if the service is running at a different port. Let’s take an example, when doing network scanning if a Secure Socket Layer is running on a port or if the port is using an SSL tunnel in order to protect its users from MITM attack then we first scan that service for SSL vulnerabilities like CCS injection, Heartbleed, Logjam, Poodle, and many others in order to keep the tunnel secure and the user’s data protected, this will boost the discovery rate of vulnerabilities.

For services like SSH, SMTP, FTP and other common services we will be using normal banner grabbing techniques where Python sockets will be used. A typical FTP banner gives us information about the product and version being used on FTP service that is Bftpd 1.6.6 which could enumerate multiple vulnerabilities without sending any payloads to the server.

[+] 192.168.2.1:220 bftpd 1.6.6 at 192.168.2.1 ready.

For services like HTTP/HTTPS, we will be using Python-Requests module which will be helpful for detecting the server running by header information, a typical header looks like this which gives us information about the running services & version on the port which is Nginx/1.10.3 and the OS details which is Linux Ubuntu.

({'date': 'Thu, 08 Mar 2018 14:23:48 GMT', 'connection': 'keep-alive', 'content-encoding': 'gzip', 'x-powered-by': 'Express', 'content-type': 'text/html; charset=utf-8', 'vary': 'Accept-Encoding', 'cache-control': 'public, max-age=0', 'etag': 'W/"3b51-DSUPhtrEeYNRRot/gk1jUt+PAnc"', 'server': 'nginx/1.10.3 (Ubuntu)', 'transfer-encoding': 'chunked'})

Many DNS servers are pre-configured with version information in DNS TXT records for the version bind label in the CHAOS class.

dig @dns.name.server version.bind chaos txt

Typical answers might include

;; ANSWER SECTION: version.bind. 0 CH TXT "9.8.1-P1" OR ;; ANSWER SECTION: version.bind. 1476526080 IN TXT "Microsoft DNS 6.1.7600 (1DB04228)" OR ;; ANSWER SECTION: version.bind. 0 CH TXT "dnsmasq-2.47"

Same can be implemented using nslookup ​for Windows ​system.

All the previous modules will be shifted to Service based detection instead of port-based detection after this implementation for better results.

Hello everyone,

OWASP Nettacker doesn't have any documents or wiki right now, It's best we start Developers/Users documents to make it more friendly.

I glad if anyone can help on this! (start from wiki)

Hello,

I just notice that in #47 the lib/icmp and icmp_scan need to run as root to be working, I glad if someone can give us a better solution and contribute a new lib and replace the libraries.

let me know if anyone has any idea.

Best Regards.

Checklist

• [x] I have followed the Contributor Guidelines.
• [x] I have added the relevant documentation.
• [x] My branch is up-to-date with the Upstream master branch.

Changes proposed in this pull request

• Kippo Honeypot Detection payload
• updated requirements.txt with updated modules
• New info for admin scan
• Added POP3 Service scanner signature
• Added XMPP service scanner signature
• Updated nettacker update mechanism to daily basis instead of doing it on every scan by saving and fetching previous scan data.
• header based blind sql injection payload added

Your development environment

• OS: Kali
• OS Version: 2.0
• Python Version: 2.7.3

OS: kali OS Version: 2021.3 Python Version: 3.9.7 PIP Version: 21.2.4

Traceback (most recent call last):
  File "/home/user/Desktop/Nettacker/nettacker.py", line 17, in <module>
   load()  # load and parse the ARGV
  File "/home/user/Desktop/Nettacker/core/parse.py", line 26, in load
    exit_code = start_scan_processes(options)
  File "/home/user/Desktop/Nettacker/core/scan_targers.py", line 80, in start_scan_processes
    remove_old_logs(
  File "/home/user/Desktop/Nettacker/database/db.py", line 130, in remove_old_logs
    session.query(HostsLog).filter(
AttributeError: 'bool' object has no attribute 'query'

Get this error while running the nettacker on the target site using command: python3 nettacker.py -i example.com --profile scan -m all --verbose

Implementing SSL based vulnerabilities like SSL logjam, SSL drown, SSL Poodle, SSL crime, TLS fallback, SSL lucky13, Weak DH ciphers and many others by enumerating server ciphers and also by detecting which SSL/TLS versions are being used in the server.

in python 3.9.1 getting error:

[X] this module "port_scan" is not available.

Probably some incompatibilities in Python 3.6->3.9 are crashing the module

OS: Kali.Linux

OS Version: 2020.3

Python Version: 3.9.1

Exception in thread Thread-52: Traceback (most recent call last): File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner self.run() File "/usr/lib/python2.7/threading.py", line 754, in run self.__target(*self.__args, **self.__kwargs) File "/root/OWASP-Nettacker/lib/http_fuzzer/engine.py", line 312, in request_without_data if rule_evaluator(response, condition): File "/root/OWASP-Nettacker/lib/http_fuzzer/engine.py", line 337, in rule_evaluator return eval(condition) File "", line 1, in AttributeError: 'int' object has no attribute 'status_code'

I was trying to perform the same operation on my localhost and results were different everytime.

In [1]: from lib.payload.scanner.service.engine import discovery

In [2]: discovery("127.0.0.1")
Out[2]: {443: 'UNKNOWN', 3306: 'UNKNOWN'}

In [3]: discovery("127.0.0.1")
Out[3]: 
{80: 'http',
 443: 'UNKNOWN',
 631: 'UNKNOWN',
 3306: 'UNKNOWN',
 5432: 'UNKNOWN',
 8002: 'http'}

In [4]: discovery("127.0.0.1")
Out[4]: 
{80: 'http',
 139: 'UNKNOWN',
 443: 'UNKNOWN',
 445: 'UNKNOWN',
 631: 'UNKNOWN',
 3306: 'UNKNOWN',
 5432: 'UNKNOWN',
 8001: 'UNKNOWN',
 8002: 'http'}

In [5]: discovery("127.0.0.1")
Out[5]: 
{80: 'http',
 139: 'UNKNOWN',
 443: 'UNKNOWN',
 445: 'UNKNOWN',
 631: 'UNKNOWN',
 3306: 'UNKNOWN',
 5432: 'UNKNOWN',
 8001: 'UNKNOWN',
 8002: 'http'}

Am I doing anything wrong or is it some problem with the module!! Performing a port scan however works fine for me.

OS: Ubuntu

OS Version: 16.04

Python Version: 2.7.12

Bumps pyopenssl from 22.1.0 to 23.0.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Bumps flake8 from 5.0.4 to 6.0.0.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Checklist

• [x] I have followed the Contributor Guidelines.
• [x] The code has been thoroughly tested in my local development environment with flake8 and pylint.
• [x] The code is Python 3 compatible.
• [x] The code follows the PEP8 styling guidelines with 4 spaces indentation.
• [x] This Pull Request relates to only one issue or only one feature
• [x] I have referenced the corresponding issue number in my commit message
• [x] I have added the relevant documentation.
• [x] My branch is up-to-date with the Upstream master branch.

Changes proposed in this pull request

imap brute force module

Your development environment

• OS: x
• OS Version: x
• Python Version: x

➜ Nettacker git:(issue/609) ✗ python3 nettacker.py -i google.com --profile http -t 1100 -M 5

AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
    self._remove_reader(self._ssock.fileno())
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 92, in close
    self._remove_reader(self._ssock.fileno())
AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
    self._remove_reader(self._ssock.fileno())
AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
    self._remove_reader(self._ssock.fileno())
    self._remove_reader(self._ssock.fileno())
AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
    self._close_self_pipe()
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
AttributeError: '_UnixSelectorEventLoop' object has no attribute '_ssock'
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe
    self._remove_reader(self._ssock.fileno())
  File "/Library/Developer/CommandLineTools/Library/Frameworks/Python3.framework/Versions/3.9/lib/python3.9/asyncio/selector_events.py", line 99, in _close_self_pipe