OWASP OWTF Bharadwaj ‘tunnelshade’ Machiraju
Null July - OWTF - Bharadwaj Machiraju
May 08, 2015
OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
OWASP OWTFBharadwaj ‘tunnelshade’ Machiraju
#whoami
Student (B.Tech)
Core developer of OWTF
OWASP GSoC Mentor
OWASP OWTFOffensive Web Testing Framework
Written in python by Abraham Aranguren (@7a_)
Runs a bunch of tools the way you want
Highly extensible, so easy to add own plugins
Web based UI
Currently under heavy development
Funded by
OWASP
BruCon
ElearnSecurity
Present Features
Has approx 150 well categorised plugins
Botnet Mode - Allows usage of proxies and even tor network to avoid detection.
Plug-n-hack Phase-I support
Inbound proxy
and much more…..
DEMO TIME
Requirements
A linux distribution (Kali is highly recommended)
Internet connection
git, python2 & wget installed
A bit of patience
Installation
!
Clone from our github repo (https://github.com/owtf)
Development branch(lions_2014)
Run the install script (install/install.py)
Ready!!
Usage
Fire up owtf with a target (./owtf.py demo.testfire.net)
Visit the web interface (default at http://127.0.0.1:8009/ui/)
Open targets and click on your target
Run some plugins/browse using plug-n-hack
Check the report and logs
Plugins?Three main categories web, net & aux
Web
External - Help links to external resources
Passive - No traffic is sent to target
Semi passive - Non intrusive traffic is sent to target
grep - Passive analysis of transactions
active - Intrusive traffic is sent to target
Special Features (ongoing GSoC projects)
Plug-n-Hack Phase II - Cornel Punga
Sessions support - Viyat Bhalodia
Zest support - Deep Shah
Automated vulnerability rankings - Tao Sauvage
Online passive scanner (demo - lucif3rr.github.io) - Anirudh Anand
WAF Bypasser - Marios Kourtesis
How can you help?
Student? (GSoC, MWoS, Similar OWASP program)
Non-Student? You can get fame, goodies & chance to speak at conferences ;)
Lots of linksOWTF Presentations - http://www.slideshare.net/abrahamaranguren
OWASP Page - http://owtf.org
Twitter - @owtfp
Github Org - https://github.com/owtf
Wiki - https://github.com/owtf/owtf/wiki
Freenode IRC Channel - #owtf
*I am providing a sneak peek into the future owtf release ;)
You can Contact Me!
aka tunnelshade
http://blog.tunnelshade.in
@tunnelshade_
Related Documents
