-
-
Notifications
You must be signed in to change notification settings - Fork 792
Modules
Sam Stepanyan edited this page Jan 4, 2020
·
19 revisions
Nettacker Modules can be of type Scan (scan for something), Vuln (check for some vulnerability) and Brute (Brute force)
- 'admin_scan' - Scan the target for various Admin folders such as /admin /phpmyadmin /cmsadmin /wp-admin etc
- 'cms_detection_scan' - Scan the target and try to detect the CMS (Wordpress, Drupal or Joomla) using response figerprinting
- 'dir_scan' - Scan the target for well-known directories
- 'drupal_modules_scan' - Scan the target for popular Drupal modules
- 'drupal_theme_scan' - Scan the target for popular Drupal themes
- 'drupal_version_scan' - Scan the target and identify the Drupal version
- 'icmp_scan' - Ping the target and log the response if it responds. Useful for checking pingable hosts
- 'joomla_template_scan' - Scan the target for Joomla templates (identify Joomla sites)
- 'joomla_user_enum_scan' - Scan the target and enumerate Joomla users
- 'joomla_version_scan' - Scan the target and identify the Joomla version
- 'pma_scan' - Scan the target for PHP MyAdmin presence
- 'port_scan' - Scan the target for open ports identifying the popular services using signatures (.e.g SSH on port 2222)
- 'sender_policy_scan' - Scan the target domains/subdomains for SPF policy settings
- 'subdomain_scan' - Scan the target for subdomains (target must be a domain e.g. owasp.org)
- 'viewdns_reverse_ip_lookup_scan' - Identify which sites/domains are hosted on the target host using ViewDNS.info
- 'wappalyzer_scan' - Scan the target and try to identify the technologies and libraries used using Wappalyzer
- 'wordpress_version_scan' - Scan the target and identify the WordPress version
- 'wp_plugin_scan' - Scan the target for popular WordPress Plugins
- 'wp_theme_scan' - Scan the target for popular WordPress themes
- 'wp_timthumbs_scan' - Scan the target for WordPress TimThumb.php script in various possible locations
- 'wp_user_enum_scan' - Scan the target WordPress site and Enumerate Users
- 'apache_struts_vuln' - check for CVE-2017-5638
- 'Bftpd_double_free_vuln' - check for CVE-2007-2010
- 'Bftpd_memory_leak_vuln' - check for CVE-2017-16892
- 'Bftpd_parsecmd_overflow_vuln'- check for CVE-2007-2051
- 'Bftpd_remote_dos_vuln' - check for CVE-2009-4593
- 'CCS_injection_vuln'
- 'clickjacking_vuln'
- 'content_security_policy_vuln'
- 'content_type_options_vuln'
- 'heartbleed_vuln'
- 'http_cors_vuln'
- 'options_method_enabled_vuln'
- 'ProFTPd_bypass_sqli_protection_vuln'
- 'ProFTPd_cpu_consumption_vuln'
- 'ProFTPd_directory_traversal_vuln'
- 'ProFTPd_exec_arbitary_vuln'
- 'ProFTPd_heap_overflow_vuln'
- 'ProFTPd_integer_overflow_vuln'
- 'ProFTPd_memory_leak_vuln'
- 'ProFTPd_restriction_bypass_vuln'
- 'self_signed_certificate_vuln'
- 'server_version_vuln'
- 'ssl_certificate_expired_vuln'
- 'weak_signature_algorithm_vuln'
- 'wordpress_dos_cve_2018_6389_vuln'
- 'wp_xmlrpc_bruteforce_vuln'
- 'wp_xmlrpc_pingback_vuln'
- 'x_powered_by_vuln'
- 'xdebug_rce_vuln'
- 'XSS_protection_vuln'
- 'ftp_brute',
- 'http_basic_auth_brute'
- 'http_form_brute',
- 'http_ntlm_brute'
- 'smtp_brute'
- 'ssh_brute',
- 'telnet_brute'
- 'wp_xmlrpc_brute'
- 'wp_xmlrpc_bruteforce_vuln'