Thursday, 4 July 2013

OWASP OWTF report prototype voting, please contribute! plz RT!

A common complaint for OWTF was that the report was "ugly", now it's your turn to change that: This project has a community voting phase, so we need your help to choose the upcoming OWASP OWTF report default style, layout and skin:

OWASP OWTF - Reporting by Assem Chelli (Dedicated Mentor: Gareth Heyes, Co-Mentors: Johanna Curiel, Azeddine Islam Mennouchi, Hani Benhabiles, Abraham Aranguren)

Thank you!

Monday, 1 July 2013

OWTF 0.20 "Summer Storm I" released! plz RT!

This is a very significant release which includes the initial outstanding work of the following Google Summer of Code Projects:

OWASP OWTF - INBOUND PROXY WITH MiTM & CACHING CAPABILITIES by Bharadwaj Machiraju (Dedicated Mentor: Krzysztof Kotowicz, Co-Mentors: Javier Marcos de Prado, Martin Johns, Abraham Aranguren)

OWASP OWTF - Multiprocessing  by Ankush Jindal (Dedicated Mentor: Andrés Riancho, Co-Mentor: Abraham Aranguren)

OWASP OWTF - Reporting by Assem Chelli (Dedicated Mentor: Gareth Heyes, Co-Mentors: Johanna Curiel, Azeddine Islam Mennouchi, Hani Benhabiles, Abraham Aranguren)
  • Project Plan document <-- FEEDBACK Welcome!
  • The prototypes and voting poll will become public on Thursday this week, stay tuned :)

OWASP OWTF - Unit Test Framework by Alessandro Fanio González (Dedicated Mentor: Andrés Morales, Co-Mentor: Abraham Aranguren)

Usual background + Disclaimer:
OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp
WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage :)

Some links:
- Project page
- You will probably get the most out of this tool if you look at the Presentation Slides first.
- Download the bleeding edge version of OWTF
- Download the latest stable version of OWTF
- Subscribe to the OWTF mailing list
- We're also on #owtf within freenode (IRC)

OWTF got some publicity last week thanks to Alessandro, thank you!

Change log since OWTF 0.16 "shady citizen" (Full change log is here):

28/06/2013 - 0.20 "Summer Storm I" alpha release: Dedicated to Alessandro Fanio Gonzalez (@alessandrofg), Ankush Jindal (@ankushjindal278), Assem Chelli (@assem-ch) and Bharadwaj Machiraju (@tunnelshade)
+ Port of Abraham Aranguren's network security OSCP scripts into OWASP OWTF <=> Ankush Jindal (@ankushjindal278)
+ Fixed a small bug in the calling of metagoofil, thanks to Adi Mutu (@an_animal) for reporting <=> Bharadwaj Machiraju (@tunnelshade)
+ Added w3af and it's dependencies to install script <=> Bharadwaj Machiraju (@tunnelshade)
+ Fixed scripts/ to save arachni output files into relevant owtf_review directory - <=> Abraham Aranguren (@7a_)
+ Fixed release name in framework/config/framework_config.cfg <=> Abraham Aranguren (@7a_)
+ Fixed the installation of phply ( a dependency of w3af ) <=> Bharadwaj Machiraju (@tunnelshade)
+ Fixed most PEP standard warnings on <=> Abraham Aranguren (@7a_)
+ Fixed most PEP standard warnings on framework/config/ <=> Abraham Aranguren (@7a_)
+ Minor README fix replacing references from backtrack to Kali <=> Abraham Aranguren (@7a_)
+ Added arachni to install script along with some minor fixes, thanks to @fataku for reporting <=> Bharadwaj Machiraju (@tunnelshade)
+ Fixed unicode urls for dirbuster combined dictionaries <=> Bharadwaj Machiraju (@tunnelshade)
+ Fixed ssl-cipher-check bug Issue - <=> Abraham Aranguren (@7a_)