OWTF 2.1a “Chicken Korma” released, plz RT!

Yes folks, it is that time again, a new release of the Offensive Web Testing Framework, OWASP OWTF, one of several OWASP Flagship projects:
We find OWTF most useful in large assessment where you have little time to evaluate a large number of targets. The ability to launch plugins selectively and dynamically as well as removing work from the load, pause and resume, etc. makes OWTF shine where most other tools struggle 🙂

We are moving to the much anticipated OWTF v2.1 release: in the meantime, OWTF v2.1a “Chicken Korma” is here!


Recent releases have been a small tribute to delicious Indian food,  but especially dedicated to all those hard working Indian contributors who have continuously demonstrated their passion, professionalism, brainpower and incredible performance, without which OWTF would not be the awesome tool it is today. This release is named after all of you, thank you!


IMPORTANT: The support for 1.x releases has now ended and you should pull in the latest changes or download the latest release! Therefore, if you are coming from an old OWTF version, please run the following commands after downloading OWTF 2.0:


WARNING: This will delete everything in your OWTF database!

  • bash scripts/db_setup.sh clean
  • bash scripts/db_setup.sh init
New to OWTF? No problem!
Get it here! –  https://owtf.github.io/#download  🙂
This release includes many stability and bug fixes. The entire codebase has been refactored to PEP8 (with some custom checks and modified requirements) standards.
New features
  • A revamped installation process, using virtualenv.
  • Moved all user configuration to ~/.owtf/.
  • Added a Dockerfile to test OWTF on unsupported systems (macOS and Windows).
Bug fixes
  • Removes old / unused / dead code.
  • Lots of PEP-8 changes.
  • Resolves an old proxy bug in e1ba544.
  • Resolves many proxy SSL errors
  • Fixed severity labels in the UI
  • Improved helper scripts for setting up OWTF
  • Fixed Debian installation scripts to point to Kali rolling.
  • Fixed SIGINT errors in SSL testing scripts.
  • Deprecate support for SamuraiWTF distribution.
View the full changelog here.