Friday, 17 October 2014

OWTF 1.0 "Lionheart": UI and Database

REMINDER: We just released OWTF 1.0 "Lionheart", Please try it and give us feedback!

NOTE: This blog post is a guestpost by Bharadwaj 'tunnelshade' Machiraju, who devised and implemented the UI and Database idea from conception to implementation, full props to you, my friend :)

And with that, a big welcome and THANK YOU to Bharadwaj!


OWASP OWTF - User Interface and Database support


How OWTF used to be?



OWTF initially was a CLI program, which produced an interactive html report. Though OWTF was highly configurable, its usability was limited to huge configuration files.


console_view.png


What was done during this project?



The project had one main goal, i.e build an interface so as to control all aspects of OWTF. This involved more than a few challenges:


  • Refactoring the codebase to make use of databases.
  • Building a RESTful api to make the interface interactive.
  • Creating a web interface using the REST api.
  • Extending control on plugin execution (or worker processes as we cal it).


The technology stack which was finalized for this project:


  • Tornado (for interface and api servers)
  • Postgresql (for database)
  • SQLAlchemy (for ORM)


How does OWTF look now?



After the completion, OWTF must be launched from the command line and then everything can be done from the web interface. The following screenshots will take you through a tour, but for detailed explainations, a visit to our user docs is required (http://docs.owtf.org/en/latest/usage.html).


target_manager.png
Target Manager


plugin_launcher.png
Plugin Launcher


rated_target_report.png
Target Report
plugin_report.png
Plugin Report


Screen Shot 2014-09-16 at 4.38.27 am.png
Transaction Log


worker_manager_1.png
Worker Manager


worklist_manager_2.png

Worklist Manager


Resources!