Monday, 23 April 2012

OWTF 0.14 "London" released! cc @BSidesLondon

OWTF 0.14 "London" is dedicated with special love to BSides London, its organisers and attendants!

Usual background + Disclaimer:
The Offensive (Web, etc) Testing Framework (aka OWTF) is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp
WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage :)

Some links:
- Project page:
- You will probably get the most out of this tool if you look at the Presentation Slides first.
- Demo interactive reports (Firefox >= 8):

Change log since OWTF 0.13b "HackPra" (Full change log is here):
23/04/2012 - 0.14 "London" pre-alpha release: Dedicated to BSides London (, its organisers and attendants
 + Fixed URL regexp on the payload for the OWTF imap client Agent
   It was missing IP-only URLs like: http://192..., regexp changed to: 'http[:0-9a-zA-Z\.\/]+'
 + Upgraded SET spear phising scripts from SET version 2.5.3 to SET version 3.2.2
 + Bug fix: Added GetFileAsList and AppendToFile convenience functions (required by some existing code)
 + Added Version information at the bottom of the OWTF banner and arranged some loading messages to suit
 + Added GetCurrentDateTimeAsStr convenience method to the Timer class
 + Added SET script for new payload (19)
 + Replaced /etc/motd by new parameter WORD_TEMPLATE in SET payload script 3, and added parameter to Spear_Phising plugin
 + Added better error handling to the Spear Phishing handler so that it aborts when a payload script is not found (instead of crashing in SET, after)
 + Fixed SET payload 15 to take advantage of the custom PDF template
 + Added a bit of SET's documentation to the readme directory
 + Commented out the Attachment name modification in the Spear Phising plugin (sometimes you may want to control this from outside the plugin)
 + Added better exception handling to OWTF's SMTP class so that failure to perform the SMTP Login assumes open relay and moves on (also sent as a patch to SET)
 + Added slightly better message to OWTF's SMTP START TLS exception handling error message
 + Added warning to SET handler when sending blank values
 + Added check to Spear Phishing module to verify the word template exists
 + Improved exception handling on the SMTP class for Targeted Phising, thanks Sam!