OWTF 0.45.0 “Winter Blizzard” released! plz RT!

OWASP OWTF is always looking for contributors, feedback and new ideas. If you find a bug or have an idea about what OWTF could do, please tell us in our github issue tracker. Thank you!

This is another a very significant release which includes the continued outstanding work of:

  1. The 4 x OWASP OWTF GSoC 2013 projects -including post-GSoC improvements- (Sponsored by Google. Thank you!)
  2. Marios Kourtesis’s OWASP OWTF botnet mode project (Sponsored by BruCon. Thank you!)

OWASP OWTF GSoC 2014 projects

OWASP OWTF – INBOUND PROXY WITH MiTM & CACHING CAPABILITIES by Bharadwaj Machiraju (Dedicated Mentor: Krzysztof Kotowicz, Co-Mentors: Javier Marcos de Prado, Martin Johns, Abraham Aranguren)

OWASP OWTF – Multiprocessing  by Ankush Jindal (Dedicated Mentor: Andrés Riancho, Co-Mentor: Abraham Aranguren)

OWASP OWTF – Reporting by Assem Chelli (Dedicated Mentor: Gareth Heyes, Co-Mentors: Johanna Curiel, Azeddine Islam Mennouchi, Hani Benhabiles, Abraham Aranguren)

OWASP OWTF – Unit Test Framework by Alessandro Fanio González (Dedicated Mentor: Andrés Morales, Co-Mentor: Abraham Aranguren)

Usual background + Disclaimer

OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp http://owtf.org
WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage 🙂

Some links:
Project page
– You will probably get the most out of this tool if you look at the Presentation Slides first.
Download the bleeding edge version of OWTF
Download the latest stable version of OWTF
Subscribe to the OWTF mailing list
– We’re also on #owtf within freenode (IRC)

OWTF would just not be possible without all the people that contributed in one way or another. To all of you: Thank you!

Release Notes

Change log since OWTF 0.30 “Summer Storm II” (Full change log is here):

14/01/2014 – 0.45.0 “Winter Blizzard” alpha release: Dedicated to Alessandro Fanio Gonzalez (@alessandrofg), Ankush Jindal (@ankushjindal278), Assem Chelli (@assem-ch), Bharadwaj Machiraju (@tunnelshade), Marios Kourtesis (@marioskourtesis) & their mentors: Andrés Morales, Andrés Riancho, Gareth Heyes, Krzysztof Kotowicz, and their co-mentors: Abraham Aranguren, Azeddine Islam Mennouchi, Hani Benhabiles, Javier Marcos de Prado, Johanna Curiel, Martin Johns.

Features :

  • OWTF can now be updated using a command line flag <=> Bharadwaj Machiraju (@tunnelshade)
  • Few tools are proxified through OWTF inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
  • Httprint signatures updated (still updating) <=> Azeddine Islam Mennouchi
  • Plug-n-Hack Phase I implemented in OWTF <=> Bharadwaj Machiraju (@tunnelshade)
  • Travis CI service is under usage for tests <=> Alessandro Fanio Gonzalez (@alessandrofg)
  • OWTF Inbound proxy is made capable of websocket traffic proxying <=> Bharadwaj Machiraju (@tunnelshade)
  • HTTP AUTH support is implemented in OWTF Inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
  • User can run multiple instances of OWTF <=> Bharadwaj Machiraju (@tunnelshade)
  • Outbound socks proxy support implemented <=> Marios Kourtesis (@marioskourtesis)
  • Added nmap to WAF checks <=> Abraham Aranguren (@7a_)
  • Tor mode added to OWTF <=> Marios Kourtesis (@marioskourtesis)
  • New Installation procedure added to OWTF <=> Bharadwaj Machiraju (@tunnelshade)

Enhancements :

  • Spiders, Robots and Crawlers grep plugin added <=> Bharadwaj Machiraju (@tunnelshade)
  • Web Services passive discovery plugin improved <=> Bharadwaj Machiraju (@tunnelshade)
  • Added and fixed some tests for plugins <=> Alessandro Fanio Gonzalez (@alessandrofg)
  • 40+ Bug fixes