IMPORTANT NOTE: Some of the new features require the use of the “–dev” flag, please report any issues you find in our github page. Thanks!
This is another a very significant release which includes the continued outstanding work of the following Google Summer of Code Projects:
OWASP OWTF – INBOUND PROXY WITH MiTM & CACHING CAPABILITIES by Bharadwaj Machiraju (Dedicated Mentor: Krzysztof Kotowicz, Co-Mentors: Javier Marcos de Prado, Martin Johns, Abraham Aranguren)
- Pre-implementation research document<– FEEDBACK Welcome!
- MiTM proxy benchmarks <– Yes, this is the fastest python proxy ever created (!!!), Bharadwaj’s approach beats even twisted and mitmproxy :). <– FEEDBACK Welcome!
OWASP OWTF – Multiprocessing by Ankush Jindal (Dedicated Mentor: Andrés Riancho, Co-Mentor: Abraham Aranguren)
- Pre-implementation research document <– FEEDBACK Welcome!
- Network security: My OSCP scripts (Slides 49-53) , are finally ported into OWTF, we are starting to cover the PTES. <– FEEDBACK Welcome!
OWASP OWTF – Reporting by Assem Chelli (Dedicated Mentor: Gareth Heyes, Co-Mentors: Johanna Curiel, Azeddine Islam Mennouchi, Hani Benhabiles, Abraham Aranguren)
- Project Plan document <– FEEDBACK Welcome!
- The prototypes and voting poll will become public on Thursday this week, stay tuned 🙂
OWASP OWTF – Unit Test Framework by Alessandro Fanio González (Dedicated Mentor: Andrés Morales, Co-Mentor: Abraham Aranguren)
- Pre-implementation research document <– FEEDBACK Welcome!
- We hope to have something working soon
Usual background + Disclaimer:
OWASP OWTF, the Offensive (Web) Testing Framework, is an
OWASP+PTES-focused try to unite great tools and make pen testing more
efficient @owtfp http://owtf.org
WARNING: This tool unites many great tools, websites, knowledge and
their associated power, please hack responsibly and always have
permission. That being said, happy pwnage 🙂
Some links:
– Project page
– You will probably get the most out of this tool if you look at the Presentation Slides first.
– Download the bleeding edge version of OWTF
– Download the latest stable version of OWTF
– Subscribe to the OWTF mailing list
– We’re also on #owtf within freenode (IRC)
OWTF would just not be possible without all the people that contributed in one way or another. All contributors to date got a T-shirt this year, to all of you: Thank you!
(Picture above is courtesy of @an_animal (Thanks!)
Change log since OWTF 0.20 “Summer Storm I” (Full change log is here):
09/08/2013 – 0.30 “Summer Storm II” alpha release: Dedicated to Alessandro Fanio Gonzalez (@alessandrofg), Ankush Jindal (@ankushjindal278), Assem Chelli (@assem-ch), Bharadwaj Machiraju (@tunnelshade), their mentors: Andrés Morales, Andrés Riancho, Gareth Heyes, Krzysztof Kotowicz, and their co-mentors: Abraham Aranguren, Azeddine Islam Mennouchi, Hani Benhabiles, Javier Marcos de Prado, Johanna Curiel, Martin Johns.
+ Extracting the HTML generated by the reporting system from Python modules into independent Jinja2 template files <==> Assem Chelli (@assem-ch)
+ Added some features to the Testing Framework. Added tests that cover approximately the 45% of the code of the OWTF Framework. <==> Alessandro Fanio Gonzalez (@alessandrofg)
+ Added support for test coverage reports and test logs in HTML. <==> Alessandro Fanio Gonzalez (@alessandrofg)
+ Spawing multiple processes on the basis of targets and then handling the input, stopping of the targets <==> Ankush Jindal(@ankushjindal278)
+ Centerlized log function <==> Ankush Jindal(@ankushjindal278)
+ Generic messaging system with pull and push facility differently and database handler to use messaging for DB transaction in multiprocessing<==> (@ankushjindal278)
+ Draft inbound proxy is replaced by a new inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
+ Inbound proxy is capable of caching and saving the transactions <=> Bharadwaj Machiraju (@tunnelshade)
+ Inbound proxy is capable of cookie filters. <=> Bharadwaj Machiraju (@tunnelshade)
