OWASP OWTF is always looking for contributors, feedback and new ideas. If you find a bug or have an idea about what OWTF could do, please tell us in our github issue tracker. Thank you!
This is another a very significant release which includes the continued outstanding work of:
- The 4 x OWASP OWTF GSoC 2013 projects -including post-GSoC improvements- (Sponsored by Google. Thank you!)
- Marios Kourtesis's OWASP OWTF botnet mode project (Sponsored by BruCon. Thank you!)
OWASP OWTF GSoC 2014 projects
OWASP OWTF - INBOUND PROXY WITH MiTM & CACHING CAPABILITIES by Bharadwaj Machiraju (Dedicated Mentor: Krzysztof Kotowicz, Co-Mentors: Javier Marcos de Prado, Martin Johns, Abraham Aranguren)
- Pre-implementation research document<-- FEEDBACK Welcome!
- MiTM proxy benchmarks <-- Yes, this is the fastest python proxy ever created (!!!), Bharadwaj's approach beats even twisted and mitmproxy :)
OWASP OWTF - Multiprocessing by Ankush Jindal (Dedicated Mentor: Andrés Riancho, Co-Mentor: Abraham Aranguren)
- Pre-implementation research document <-- FEEDBACK Welcome!
- Network security: My OSCP scripts (Slides 49-53) , are finally ported into OWTF, we are starting to cover the PTES.
OWASP OWTF - Reporting by Assem Chelli (Dedicated Mentor: Gareth Heyes, Co-Mentors: Johanna Curiel, Azeddine Islam Mennouchi, Hani Benhabiles, Abraham Aranguren)
OWASP OWTF - Unit Test Framework by Alessandro Fanio González (Dedicated Mentor: Andrés Morales, Co-Mentor: Abraham Aranguren)
Usual background + Disclaimer
OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org
WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage :)
- Project page
- You will probably get the most out of this tool if you look at the Presentation Slides first.
- Download the bleeding edge version of OWTF
- Download the latest stable version of OWTF
- Subscribe to the OWTF mailing list
- We're also on #owtf within freenode (IRC)
OWTF would just not be possible without all the people that contributed in one way or another. To all of you: Thank you!
Change log since OWTF 0.30 "Summer Storm II" (Full change log is here):
14/01/2014 - 0.45.0 "Winter Blizzard" alpha release: Dedicated to Alessandro Fanio Gonzalez (@alessandrofg), Ankush Jindal (@ankushjindal278), Assem Chelli (@assem-ch), Bharadwaj Machiraju (@tunnelshade), Marios Kourtesis (@marioskourtesis) & their mentors: Andrés Morales, Andrés Riancho, Gareth Heyes, Krzysztof Kotowicz, and their co-mentors: Abraham Aranguren, Azeddine Islam Mennouchi, Hani Benhabiles, Javier Marcos de Prado, Johanna Curiel, Martin Johns.
- OWTF can now be updated using a command line flag <=> Bharadwaj Machiraju (@tunnelshade)
- Few tools are proxified through OWTF inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
- Httprint signatures updated (still updating) <=> Azeddine Islam Mennouchi
- Plug-n-Hack Phase I implemented in OWTF <=> Bharadwaj Machiraju (@tunnelshade)
- Travis CI service is under usage for tests <=> Alessandro Fanio Gonzalez (@alessandrofg)
- OWTF Inbound proxy is made capable of websocket traffic proxying <=> Bharadwaj Machiraju (@tunnelshade)
- HTTP AUTH support is implemented in OWTF Inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
- User can run multiple instances of OWTF <=> Bharadwaj Machiraju (@tunnelshade)
- Outbound socks proxy support implemented <=> Marios Kourtesis (@marioskourtesis)
- Added nmap to WAF checks <=> Abraham Aranguren (@7a_)
- Tor mode added to OWTF <=> Marios Kourtesis (@marioskourtesis)
- New Installation procedure added to OWTF <=> Bharadwaj Machiraju (@tunnelshade)