This is a very significant release which includes the initial outstanding work of the following Google Summer of Code Projects:
OWASP OWTF – INBOUND PROXY WITH MiTM & CACHING CAPABILITIES by Bharadwaj Machiraju (Dedicated Mentor: Krzysztof Kotowicz, Co-Mentors: Javier Marcos de Prado, Martin Johns, Abraham Aranguren)
- Pre-implementation research document<– FEEDBACK Welcome!
- MiTM proxy benchmarks <– Yes, this is the fastest python proxy ever created (!!!), Bharadwaj’s approach beats even twisted and mitmproxy :). <– FEEDBACK Welcome!
OWASP OWTF – Multiprocessing by Ankush Jindal (Dedicated Mentor: Andrés Riancho, Co-Mentor: Abraham Aranguren)
- Pre-implementation research document <– FEEDBACK Welcome!
- Network security: My OSCP scripts (Slides 49-53) , are finally ported into OWTF, we are starting to cover the PTES. <– FEEDBACK Welcome!
OWASP OWTF – Reporting by Assem Chelli (Dedicated Mentor: Gareth Heyes, Co-Mentors: Johanna Curiel, Azeddine Islam Mennouchi, Hani Benhabiles, Abraham Aranguren)
- Project Plan document <– FEEDBACK Welcome!
- The prototypes and voting poll will become public on Thursday this week, stay tuned 🙂
OWASP OWTF – Unit Test Framework by Alessandro Fanio González (Dedicated Mentor: Andrés Morales, Co-Mentor: Abraham Aranguren)
- Pre-implementation research document <– FEEDBACK Welcome!
- We hope to have something working soon
Usual background + Disclaimer:
OWASP OWTF, the Offensive (Web) Testing Framework, is an
OWASP+PTES-focused try to unite great tools and make pen testing more
efficient @owtfp http://owtf.org
WARNING: This tool unites many great tools, websites, knowledge and
their associated power, please hack responsibly and always have
permission. That being said, happy pwnage 🙂
Some links:
– Project page
– You will probably get the most out of this tool if you look at the Presentation Slides first.
– Download the bleeding edge version of OWTF
– Download the latest stable version of OWTF
– Subscribe to the OWTF mailing list
– We’re also on #owtf within freenode (IRC)
OWTF got some publicity last week thanks to Alessandro, thank you!
Change log since OWTF 0.16 “shady citizen” (Full change log is here):
28/06/2013 – 0.20 “Summer Storm I” alpha release: Dedicated to Alessandro Fanio Gonzalez (@alessandrofg), Ankush Jindal (@ankushjindal278), Assem Chelli (@assem-ch) and Bharadwaj Machiraju (@tunnelshade)
+ Port of Abraham Aranguren’s network security OSCP scripts into OWASP OWTF <=> Ankush Jindal (@ankushjindal278)
+ Fixed a small bug in the calling of metagoofil, thanks to Adi Mutu (@an_animal) for reporting <=> Bharadwaj Machiraju (@tunnelshade)
+ Added w3af and it’s dependencies to install script <=> Bharadwaj Machiraju (@tunnelshade)
+ Fixed scripts/run_arachni.sh to save arachni output files into relevant owtf_review directory – https://github.com/7a/owtf/issues/41 <=> Abraham Aranguren (@7a_)
+ Fixed release name in framework/config/framework_config.cfg <=> Abraham Aranguren (@7a_)
+ Fixed the installation of phply ( a dependency of w3af ) <=> Bharadwaj Machiraju (@tunnelshade)
+ Fixed most PEP standard warnings on owtf.py <=> Abraham Aranguren (@7a_)
+ Fixed most PEP standard warnings on framework/config/health_check.py <=> Abraham Aranguren (@7a_)
+ Minor README fix replacing references from backtrack to Kali <=> Abraham Aranguren (@7a_)
+ Added arachni to install script along with some minor fixes, thanks to @fataku for reporting <=> Bharadwaj Machiraju (@tunnelshade)
+ Fixed unicode urls for dirbuster combined dictionaries <=> Bharadwaj Machiraju (@tunnelshade)
+ Fixed ssl-cipher-check bug Issue – https://github.com/7a/owtf/issues/38 <=> Abraham Aranguren (@7a_)
