Friday, 17 October 2014

OWTF 1.0 "Lionheart": UI and Database

REMINDER: We just released OWTF 1.0 "Lionheart", Please try it and give us feedback!

NOTE: This blog post is a guestpost by Bharadwaj 'tunnelshade' Machiraju, who devised and implemented the UI and Database idea from conception to implementation, full props to you, my friend :)

And with that, a big welcome and THANK YOU to Bharadwaj!

OWASP OWTF - User Interface and Database support

How OWTF used to be?

OWTF initially was a CLI program, which produced an interactive html report. Though OWTF was highly configurable, its usability was limited to huge configuration files.


What was done during this project?

The project had one main goal, i.e build an interface so as to control all aspects of OWTF. This involved more than a few challenges:

  • Refactoring the codebase to make use of databases.
  • Building a RESTful api to make the interface interactive.
  • Creating a web interface using the REST api.
  • Extending control on plugin execution (or worker processes as we cal it).

The technology stack which was finalized for this project:

  • Tornado (for interface and api servers)
  • Postgresql (for database)
  • SQLAlchemy (for ORM)

How does OWTF look now?

After the completion, OWTF must be launched from the command line and then everything can be done from the web interface. The following screenshots will take you through a tour, but for detailed explainations, a visit to our user docs is required (

Target Manager

Plugin Launcher

Target Report
Plugin Report

Screen Shot 2014-09-16 at 4.38.27 am.png
Transaction Log

Worker Manager


Worklist Manager