OWTF 0.14 "London" is dedicated with special love to BSides London, its organisers and attendants!
Usual background + Disclaimer:
The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org
WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage :)
- Project page: http://owtf.org
- You will probably get the most out of this tool if you look at the Presentation Slides first.
- Download OWTF: https://github.com/7a/owtf/tree/master/releases
- Demo interactive reports (Firefox >= 8): https://github.com/7a/owtf/tree/master/demos
+ Fixed URL regexp on the link_clicker.py payload for the OWTF imap client Agent
It was missing IP-only URLs like: http://192..., regexp changed to: 'http[:0-9a-zA-Z\.\/]+'
+ Upgraded SET spear phising scripts from SET version 2.5.3 to SET version 3.2.2
+ Bug fix: Added GetFileAsList and AppendToFile convenience functions (required by some existing code)
+ Added Version information at the bottom of the OWTF banner and arranged some loading messages to suit
+ Added GetCurrentDateTimeAsStr convenience method to the Timer class
+ Added SET script for new payload (19)
+ Replaced /etc/motd by new parameter WORD_TEMPLATE in SET payload script 3, and added parameter to Spear_Phising plugin
+ Added better error handling to the Spear Phishing handler so that it aborts when a payload script is not found (instead of crashing in SET, after)
+ Fixed SET payload 15 to take advantage of the custom PDF template
+ Added a bit of SET's documentation to the readme directory
+ Commented out the Attachment name modification in the Spear Phising plugin (sometimes you may want to control this from outside the plugin)
+ Added better exception handling to OWTF's SMTP class so that failure to perform the SMTP Login assumes open relay and moves on (also sent as a patch to SET)
+ Added slightly better message to OWTF's SMTP START TLS exception handling error message
+ Added warning to SET handler when sending blank values
+ Added check to Spear Phishing module to verify the word template exists
+ Improved exception handling on the SMTP class for Targeted Phising, thanks Sam!