You must be signed in to change notification settings - Fork 822
Sam Stepanyan edited this page Jan 4, 2020
20 revisions
OWASP Nettacker Modules can be of type Scan (scan for something), Vuln (check for some vulnerability) and Brute (Brute force)
- 'admin_scan' - Scan the target for various Admin folders such as /admin /phpmyadmin /cmsadmin /wp-admin etc
- 'cms_detection_scan' - Scan the target and try to detect the CMS (Wordpress, Drupal or Joomla) using response figerprinting
- 'dir_scan' - Scan the target for well-known directories
- 'drupal_modules_scan' - Scan the target for popular Drupal modules
- 'drupal_theme_scan' - Scan the target for popular Drupal themes
- 'drupal_version_scan' - Scan the target and identify the Drupal version
- 'icmp_scan' - Ping the target and log the response time if it responds.
- 'joomla_template_scan' - Scan the target for Joomla templates (identify Joomla sites)
- 'joomla_user_enum_scan' - Scan the target and enumerate Joomla users
- 'joomla_version_scan' - Scan the target and identify the Joomla version
- 'pma_scan' - Scan the target for PHP MyAdmin presence
- 'port_scan' - Scan the target for open ports identifying the popular services using signatures (.e.g SSH on port 2222)
- 'sender_policy_scan' - Scan the target domains/subdomains for SPF policy settings
- 'subdomain_scan' - Scan the target for subdomains (target must be a domain e.g. owasp.org)
- 'viewdns_reverse_ip_lookup_scan' - Identify which sites/domains are hosted on the target host using ViewDNS.info
- 'wappalyzer_scan' - Scan the target and try to identify the technologies and libraries used using Wappalyzer
- 'wordpress_version_scan' - Scan the target and identify the WordPress version
- 'wp_plugin_scan' - Scan the target for popular WordPress Plugins
- 'wp_theme_scan' - Scan the target for popular WordPress themes
- 'wp_timthumbs_scan' - Scan the target for WordPress TimThumb.php script in various possible locations
- 'wp_user_enum_scan' - Scan the target WordPress site and Enumerate Users
- 'apache_struts_vuln' - check Apache Struts for CVE-2017-5638
- 'Bftpd_double_free_vuln' - check bftpd for CVE-2007-2010
- 'Bftpd_memory_leak_vuln' - check bftpd for CVE-2017-16892
- 'Bftpd_parsecmd_overflow_vuln'- check bftpd for CVE-2007-2051
- 'Bftpd_remote_dos_vuln' - check bftpd for CVE-2009-4593
- 'CCS_injection_vuln' - check SSL for Change Cipher Spec (CCS Injection) CVE-2014-0224
- 'clickjacking_vuln' - check the web server for missing 'X-Frame-Options' header (clickjacking protection)
- 'content_security_policy_vuln' - check the web server for missing 'Content-Security-Policy' header
- 'content_type_options_vuln' - check the web server for missing 'X-Content-Type-Options'=nosniff header
- 'heartbleed_vuln' - check SSL for Heartbleed vulnerability (CVE-2014-0160)
- 'http_cors_vuln' - check the web server for overly-permissive CORS (header 'Access-Control-Allow-Origin'=*)
- 'options_method_enabled_vuln' - check if OPTIONS method is enabled on the web server
- 'ProFTPd_bypass_sqli_protection_vuln' - check ProFTPd for CVE-2009-0543
- 'ProFTPd_cpu_consumption_vuln' - check ProFTPd for CVE-2008-7265
- 'ProFTPd_directory_traversal_vuln' - check ProFTPd for CVE-2010-3867
- 'ProFTPd_exec_arbitary_vuln' - check ProFTPd for CVE-2011-4130
- 'ProFTPd_heap_overflow_vuln' - check ProFTPd for CVE-2010-4652
- 'ProFTPd_integer_overflow_vuln' - check ProFTPd for CVE-2011-1137
- 'ProFTPd_memory_leak_vuln' - check ProFTPd for CVE-2001-0136
- 'ProFTPd_restriction_bypass_vuln' - check ProFTPd for CVE-2009-3639
- 'self_signed_certificate_vuln' - check for self-signed SSL certificate
- 'server_version_vuln' - check if the web server is leaking server banner in 'Server' response header
- 'ssl_certificate_expired_vuln' - check if SSL certificate has expired
- 'weak_signature_algorithm_vuln'- check if SSL certificate is signed using SHA-1
- 'wordpress_dos_cve_2018_6389_vuln' - check if Wordpress is vulnerable to CVE-2018-6389 Denial Of Service (DOS)
- 'wp_xmlrpc_bruteforce_vuln' - check if Wordpress is vulnerable to credential Brute Force via XMLRPC wp.getUsersBlogs
- 'wp_xmlrpc_pingback_vuln' - check if Wordpress is vulnerable to XMLRPC pingback
- 'x_powered_by_vuln' - check if the web server is leaking server configuration in 'X-Powered-By' response header
- 'xdebug_rce_vuln' - checks if web server is running XDebug version 2.5.5 vulnerable to RCE
- 'XSS_protection_vuln' - check if header 'X-XSS-Protection' header is set to '1; mode=block'
If no extra users/passwords parameters are specified the following default usernames will be used or brute force checks: ["admin", "root", "test", "ftp", "anonymous", "user", "support", "1"] with the following passwords: ["admin", "root", "test", "ftp", "anonymous", "user", "1", "12345",123456", "124567", "12345678", "123456789", "1234567890", "admin1", "password!@#", "support", "1qaz2wsx", "qweasd", "qwerty", "!QAZ2wsx","password1", "1qazxcvbnm", "zxcvbnm", "iloveyou", "password", "p@ssw0rd","admin123", ""]
- 'ftp_brute' - try to brute force FTP users.
- 'http_basic_auth_brute' - try to brute for HTTP Basic Auth users.
- 'http_form_brute' - try to brute force using HTTP form - assuming that the form has 'username' and 'password' fields
- 'http_ntlm_brute' - try to brute force using NTML
- 'smtp_brute' - - try to brute force SMTP (ports ["25", "465", "587"])
- 'ssh_brute' - try to brute force SSH (port 22)
- 'telnet_brute' - try to brute force via telnet (port23) (expects "login" and "Password" prompt)
- 'wp_xmlrpc_brute' - try to brute force Wordpress users using XMLRPC and wp.getUsersBlogs method