OWASP OWTF 0.15 “BruCon” released!

IMPORTANT: If you are attending the “Introducing OWTF” BruCon workshop on Wednesday please download the latest OWASP OWTF and latest DEMO Report. Thank you!
Another round of GIT hell has taught me a couple of things but finally, OWASP OWTF 0.15 is here for your entertainment!
OWTF 0.15 “BruCon” is dedicated with special love to BruCon, its organisers and attendants!
Usual background + Disclaimer:
OWASP OWTF, the
Offensive (Web) Testing Framework, is an
OWASP+PTES-focused try to unite great tools and make pen testing more
efficient @owtfp http://owtf.org
WARNING:
This tool unites many great tools, websites, knowledge and their
associated power, please hack responsibly and always have permission.
That being said, happy pwnage 🙂
Some links:
– You will probably get the most out of this tool if you look at the Presentation Slides first.

Change log since OWTF 0.14 “London” (Full change log is Click to explore):
24/09/2012 – 0.15 “Brucon” pre-alpha release: Dedicated to Brucon (http://brucon.org), its organisers and attendants
+ Changed name to OWASP OWTF since this is an OWASP project now, thank you OWASP! – https://www.owasp.org/index.php/OWASP_OWTF
+ Bug fix: General clean-up of the bt5_install.sh script + OWTF’s tool locations for a smoother install experience, thanks to Xavier Mertens (@xme) for reporting!
+ Bug fix: Removed Slowloris download code from bt5_install.sh script since redistribution was allowed by RSnake and it’s packaged with OWASP OWTF
+ Bug fix: Commented out whatweb download from bt5_install.sh since the Backtrack version is now stable, default config also points to Backtrack path now
+ Bug fix: requester.py was referencing “Core.mError” which could sometimes result in the following error: “AttributeError: Core instance has no attribute ‘mError'”
+ New feature: Instead of having to use our own nikto binaries, the OWTF’s install script will now patch’s nikto’s poor default user agent (blocked by basic WAF blacklists)
+ Added to Sandro Gauci’s Webapp Exploit Payloads to the following external plugins: XSS, CSRF and Cross Site Flashing
+ Added cross-site flashing link to get swfdump from www.swftools.org
+ Added external plugin link to bAdmin project (from whitehat) for default admin interfaces passwords
+ Added xss external plugin link to Gareth’s Heyes HackVertor
+ Added xss external plugin link to Mario Heiderich’s html5sec.org
+ Changed default UA to a more believable FF15
+ Added udl filetype to blanket google hacking searches (ica and rdp were already there), thanks to Chema Alonso (@chemaalonso)!
+ Added external cross-site flashing link to Adobe’s SWFInvestigator
+ Added external xss link to Krzysztof Kotowicz’s Chrome extension exploitation framework (XSS ChEF)
+ Added external xss link to Michal Zalewski’s post-XSS ideas on XSS exploitation
+ Added external session management schema link to .NET VIEWSTATE vulnerabilities blog post
+ Added external SQLi plugin link to InfoSec Institute’s SQLi Backdoor creation article
+ Added external file extension handling + SQLi link to contagiodump.blogspot.com’s Collection of Web Backdoors & Shells
+ Added external file extension handling + SQLi link to Laudanum’s Project for shells and utilities
+ Added external Bypassing Authentication Schema plugin link to OWASP’s Password Storage Cheat Sheet
+ Added external Clickjacking plugin link to OWASP’s ClickJacking article
+ Added external Bypassing Authorisation Schema link to OWASP’s Access Control Cheat Sheet
+ Added external plugin link to bAdmin project (from whitehat) for default or guessable user accounts plugin
+ Added external plugin link to OWASP’s XSS Filter Evasion Cheat Sheet
+ Added external plugin link to OWASP’s XSS Prevention Cheat Sheet
+ Added external plugin link to OWASP’s DOM XSS Prevention Cheat Sheet
+ Added external plugin link to OWASP’s Web Service Security Cheat Sheet
+ Added external plugin link to OWASP’s Transport Layer Protection Cheat Sheet
+ Added external plugin link to OWASP’s SQL Injection Prevention Cheat Sheet
+ Added external plugin link to OWASP’s Query Parameterization Cheat Sheet (complements SQLi cheat sheet)
+ Added external plugin link to OWASP’s Session Management Cheat Sheet
+ Added external plugin link to OWASP’s Logging Cheat Sheet
+ Added external plugin link to OWASP’s JAAS Authentication Cheat Sheet
+ Added external plugin link to OWASP’s Forgot Password Cheat Sheet
+ Added external plugin link to OWASP’s Cryptographic Storage Cheat Sheet
+ Added external plugin link to OWASP’s Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet
+ Added external plugin link to OWASP’s Choosing and Using Security Questions Cheat Sheet
+ Added external plugin link to OWASP’s Authentication Cheat Sheet