Monday, 13 January 2014

OWTF 0.45.0 "Winter Blizzard" released! plz RT!

OWASP OWTF is always looking for contributors, feedback and new ideas. If you find a bug or have an idea about what OWTF could do, please tell us in our github issue tracker. Thank you!

This is another a very significant release which includes the continued outstanding work of:

  1. The 4 x OWASP OWTF GSoC 2013 projects -including post-GSoC improvements- (Sponsored by Google. Thank you!)
  2. Marios Kourtesis's OWASP OWTF botnet mode project (Sponsored by BruCon. Thank you!)

OWASP OWTF GSoC 2014 projects

OWASP OWTF - INBOUND PROXY WITH MiTM & CACHING CAPABILITIES by Bharadwaj Machiraju (Dedicated Mentor: Krzysztof Kotowicz, Co-Mentors: Javier Marcos de Prado, Martin Johns, Abraham Aranguren)

OWASP OWTF - Multiprocessing  by Ankush Jindal (Dedicated Mentor: Andrés Riancho, Co-Mentor: Abraham Aranguren)

OWASP OWTF - Reporting by Assem Chelli (Dedicated Mentor: Gareth Heyes, Co-Mentors: Johanna Curiel, Azeddine Islam Mennouchi, Hani Benhabiles, Abraham Aranguren)

OWASP OWTF - Unit Test Framework by Alessandro Fanio González (Dedicated Mentor: Andrés Morales, Co-Mentor: Abraham Aranguren)

Usual background + Disclaimer

OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient @owtfp
WARNING: This tool unites many great tools, websites, knowledge and their associated power, please hack responsibly and always have permission. That being said, happy pwnage :)

Some links:
- Project page
- You will probably get the most out of this tool if you look at the Presentation Slides first.
- Download the bleeding edge version of OWTF
- Download the latest stable version of OWTF
- Subscribe to the OWTF mailing list
- We're also on #owtf within freenode (IRC)

OWTF would just not be possible without all the people that contributed in one way or another. To all of you: Thank you!

Release Notes

Change log since OWTF 0.30 "Summer Storm II" (Full change log is here):

14/01/2014 - 0.45.0 "Winter Blizzard" alpha release: Dedicated to Alessandro Fanio Gonzalez (@alessandrofg), Ankush Jindal (@ankushjindal278), Assem Chelli (@assem-ch), Bharadwaj Machiraju (@tunnelshade), Marios Kourtesis (@marioskourtesis) & their mentors: Andrés Morales, Andrés Riancho, Gareth Heyes, Krzysztof Kotowicz, and their co-mentors: Abraham Aranguren, Azeddine Islam Mennouchi, Hani Benhabiles, Javier Marcos de Prado, Johanna Curiel, Martin Johns.

Features :

  • OWTF can now be updated using a command line flag <=> Bharadwaj Machiraju (@tunnelshade)
  • Few tools are proxified through OWTF inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
  • Httprint signatures updated (still updating) <=> Azeddine Islam Mennouchi
  • Plug-n-Hack Phase I implemented in OWTF <=> Bharadwaj Machiraju (@tunnelshade)
  • Travis CI service is under usage for tests <=> Alessandro Fanio Gonzalez (@alessandrofg)
  • OWTF Inbound proxy is made capable of websocket traffic proxying <=> Bharadwaj Machiraju (@tunnelshade)
  • HTTP AUTH support is implemented in OWTF Inbound proxy <=> Bharadwaj Machiraju (@tunnelshade)
  • User can run multiple instances of OWTF <=> Bharadwaj Machiraju (@tunnelshade)
  • Outbound socks proxy support implemented <=> Marios Kourtesis (@marioskourtesis)
  • Added nmap to WAF checks <=> Abraham Aranguren (@7a_)
  • Tor mode added to OWTF <=> Marios Kourtesis (@marioskourtesis)
  • New Installation procedure added to OWTF <=> Bharadwaj Machiraju (@tunnelshade)

Enhancements :

  • Spiders, Robots and Crawlers grep plugin added <=> Bharadwaj Machiraju (@tunnelshade)
  • Web Services passive discovery plugin improved <=> Bharadwaj Machiraju (@tunnelshade)
  • Added and fixed some tests for plugins <=> Alessandro Fanio Gonzalez (@alessandrofg)
  • 40+ Bug fixes