Qualys VMDR
Risk-based vulnerability management with automated prioritization and patching.
Open-Source Projects
Discover top open-source software, updated regularly with real-world adoption signals.
Discover top open-source software, updated regularly with real-world adoption signals.
Automated, modular framework for fast, ethical penetration testing
A Python‑based framework that automates reconnaissance, vulnerability scanning, and credential testing across multiple protocols, delivering multithreaded performance and flexible reporting for security professionals.
OWASP Nettacker is a Python‑driven automation platform for penetration testing and information gathering. It targets security analysts, red‑team operators, and DevSecOps engineers who need repeatable, scalable scans of networks, web applications, APIs, IoT devices, and cloud assets.
The tool offers a modular architecture where each task—port scanning, sub‑domain enumeration, service detection, vulnerability checks, or brute‑force attacks—is a plug‑in that can be combined via CLI, REST API, or the web UI. Multi‑protocol support (HTTP/HTTPS, FTP, SSH, SMB, SMTP, ICMP, TELNET, XML‑RPC) and multithreaded execution accelerate large‑scale assessments. Results are stored in a built‑in SQLite database, enabling drift detection and historical comparison, and can be exported as HTML, JSON, CSV, or plain text. Nettacker runs natively or inside Docker, simplifying installation and integration into CI/CD pipelines.
Whether mapping an attack surface, supporting bug‑bounty recon, or continuously monitoring compliance, Nettacker provides the flexibility and speed required for modern security workflows.
When teams consider Nettacker, these hosted platforms usually appear on the same shortlist.
Risk-based vulnerability management with automated prioritization and patching.
Vulnerability management with live dashboards, unified agent, and risk-based prioritization
Risk-based vulnerability management for continuous discovery, prioritization, and remediation
Looking for a hosted option? These are the services engineering teams benchmark against before choosing open source.
Penetration Testing
Automates reconnaissance, service discovery, and vulnerability checks to produce repeatable test reports.
Bug Bounty Recon
Scales sub‑domain enumeration, directory brute‑forcing, and credential testing to accelerate target identification.
CI/CD Compliance Monitoring
Integrates into pipelines to detect new hosts, open ports, or vulnerabilities via drift detection.
Shadow IT Asset Discovery
Uses historical scan data to uncover unmanaged hosts and services appearing in the network.
It supports HTTP/HTTPS, FTP, SSH, SMB, SMTP, ICMP, TELNET, and XML‑RPC.
Use the official Docker image (`owasp/nettacker`) and invoke scans via the container’s CLI.
Yes, the REST API and CLI can be called from CI/CD tools, and scan results can be exported for further processing.
Reports can be generated in HTML, JSON, CSV, or plain‑text.
Nettacker uses a local SQLite database to store past scans and supports drift detection for change monitoring.
Project at a glance
ActiveLast synced 4 days ago