OWASP OWTF is always looking for contributors, feedback and new ideas. If you find a bug or have an idea about what OWTF could do, please tell us in our github issue tracker. Thank you!
This is another a very significant release which includes the continued outstanding work of:
- The 4 x OWASP OWTF GSoC 2013 projects -including post-GSoC improvements- (Sponsored by Google. Thank you!)
- Marios Kourtesis’s OWASP OWTF botnet mode project (Sponsored by BruCon. Thank you!)
OWASP OWTF GSoC 2014 projects
OWASP OWTF – INBOUND PROXY WITH MiTM & CACHING CAPABILITIES by Bharadwaj Machiraju (Dedicated Mentor: Krzysztof Kotowicz, Co-Mentors: Javier Marcos de Prado, Martin Johns, Abraham Aranguren)
- Pre-implementation research document<– FEEDBACK Welcome!
- MiTM proxy benchmarks <– Yes, this is the fastest python proxy ever created (!!!), Bharadwaj’s approach beats even twisted and mitmproxy 🙂
OWASP OWTF – Multiprocessing by Ankush Jindal (Dedicated Mentor: Andrés Riancho, Co-Mentor: Abraham Aranguren)
- Pre-implementation research document <– FEEDBACK Welcome!
- Network security: My OSCP scripts (Slides 49-53) , are finally ported into OWTF, we are starting to cover the PTES.
OWASP OWTF – Reporting by Assem Chelli (Dedicated Mentor: Gareth Heyes, Co-Mentors: Johanna Curiel, Azeddine Islam Mennouchi, Hani Benhabiles, Abraham Aranguren)
OWASP OWTF – Unit Test Framework by Alessandro Fanio González (Dedicated Mentor: Andrés Morales, Co-Mentor: Abraham Aranguren)
Usual background + Disclaimer
OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org
WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage 🙂
Some links:
– Project page
– You will probably get the most out of this tool if you look at the Presentation Slides first.
– Download the bleeding edge version of OWTF
– Download the latest stable version of OWTF
– Subscribe to the OWTF mailing list
– We’re also on #owtf within freenode (IRC)
OWTF would just not be possible without all the people that contributed in one way or another. To all of you: Thank you!
Release Notes
Change log since OWTF 0.30 “Summer Storm II” (Full change log is here):
Features :
- OWTF can now be updated using a command line flag <=> Bharadwaj Machiraju (@tunnelshade)
- Few tools are proxified through OWTF inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
- Httprint signatures updated (still updating) <=> Azeddine Islam Mennouchi
- Plug-n-Hack Phase I implemented in OWTF <=> Bharadwaj Machiraju (@tunnelshade)
- Travis CI service is under usage for tests <=> Alessandro Fanio Gonzalez (@alessandrofg)
- OWTF Inbound proxy is made capable of websocket traffic proxying <=> Bharadwaj Machiraju (@tunnelshade)
- HTTP AUTH support is implemented in OWTF Inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
- User can run multiple instances of OWTF <=> Bharadwaj Machiraju (@tunnelshade)
- Outbound socks proxy support implemented <=> Marios Kourtesis (@marioskourtesis)
- Added nmap to WAF checks <=> Abraham Aranguren (@7a_)
- Tor mode added to OWTF <=> Marios Kourtesis (@marioskourtesis)
- New Installation procedure added to OWTF <=> Bharadwaj Machiraju (@tunnelshade)
Enhancements :
- Spiders, Robots and Crawlers grep plugin added <=> Bharadwaj Machiraju (@tunnelshade)
- Web Services passive discovery plugin improved <=> Bharadwaj Machiraju (@tunnelshade)
- Added and fixed some tests for plugins <=> Alessandro Fanio Gonzalez (@alessandrofg)
- 40+ Bug fixes
