OWASP Nettacker

OWASP Nettacker project was created to automate information gathering, vulnerability scanning and in general to aid penetration testing engagements. Nettacker is able to run various scans using a variety of methods and generate scan reports(in HTML/TXT/JSON/CSV format) for applications and networks, including discovering open ports, services, bugs, vulnerabilities, misconfigurations, default credentials, subdomains, etc. Nettacker can be run as a command-line utility (including running as a Docker container), API, Web GUI mode or as Maltego transforms.

OWASP Nettacker is written in 100% Python and does not rely on launching any external tools.

OWASP Nettacker can also help you find instances of critically vulnerable MOVEit Transfer, Citrix Netscaler, Ivanti ICS/EPMM services and other vulnerabilities in your network.

Latest Releases:

  • v0.3.3: On January 20th, 2024 OWASP Nettacker v0.3.3 was released with new modules to scan for the latest Ivanti ICS CVE-2023-46805 vulnerability, Ivanti EPMM CVE-2023-35082, WordPress POST SMTP plugin CVE-2023-6875 and modules to help you find unpatched Citrix Netscaler & Ivanti devices
  • v0.3.2: On October 31st, 2023 OWASP Nettacker v0.3.2 was released with new modules to scan networks for Critical vulnerabilities such as: Adobe Coldfusion CVE-2023-26360, Atlassian Confluence CVE-2023-22515 and Citrix Netscaler CVE-2023-4966 (aka “CitrixBleed”)
  • v0.3.1 On July 5th, 2023 OWASP Nettacker v0.3.1 released with new modules to scan for MOVEit Transfer instances and the latest Citrix CVE-2023-24488:


Code Repository

Docker Images


Quick Demo - CLI


Quick Demo - WebUI