OWASP Mantra - Security Framework

Overview



 * Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.
 * Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.

Download Mantra - Security Framework


 * Conference Video 1
 * Conference Video 2
 * Conference Video 3


 * Article/Publication

Project Goals

 * 1) Create an ecosystem for hackers based on browser
 * 2) To bring the attention of security people to the potential of a browser based security platform
 * 3) Provide easy to use and portable platform for demonstrating common web based attacks( read training )
 * 4) To associate with other security tools/products to make a better environment. Eg:
 * 5) It can be a nice addition to security distribution OSs like OWASP Live CD
 * 6) It can be used to solve basic levels of CTF contests
 * 7) It can associate with projects like DVWA to showcase attacks
 * 8) It can bring functions like crawler, SQL injection scanner etc by installing extensions.

Tools
" A sword never kills anybody; it is a tool in the killer's hand." - Lucius Annaeus Seneca Mantra is a powerful set of tools to make the attacker's task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. Moreover Mantra follows the guidelines and structure of FireCAT which makes it even more accessible. You can also always suggest any tools/ scripts that you would like see in the next release.



+Information Gathering

- Flagfox - JSView - PassiveRecon - Wappalyzer - View Dependencies - Link Sidebar

+Editors

- JSView - Firebug

+Network Utilities

- FireFTP - DNS Cache - SQLite Manager - HTTP Fox - FireSSH

+Miscellaneous

- Greasemonkey - Greasefire - CacheToggle - URL Flipper - Event Spy - Stacked Inspector - Scriptish - Session Manager - FireEncrypter

+Application Auditing

- Hackbar - RESTClient - Tamper Data

- Live HTTP Headers - RefControl - User Agent Switcher - Web Developer - DOM Inspector - Inspect This - Form Fox - SQL Inject Me - XSS Me - Cookies Manager+ - Firecookie - Autofill Forms - Cookie Monster - Fireforce - Groundspeed - Http Requester - Modify Headers - Poster - Ref Spoof - SeleniumExpertSeleniumIDE - SeleniumIDE - NoRedirect - Websecurify - Ra.2

+Proxy

- FoxyProxy - Http Fox '' - Proxy Tool

News
Computer Weekly Article OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release Mantra at Ekoparty Security Conference Mantra at OWASP LatamTour - Buenos Aires, Argentina Getting secure with Mantra: An open source penetration testing kit - 1. Computer World 2. CIO 3. Tech World 4. CSO Searchsecurity Screencast Mantra in Matriux Security Distribution Mantra in Backtrack 5 - Penetration Testing Distribution Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag ClubHACK 2010 Mantra release OWASP Mantra page on Secpedia, the information security encyclopedia

Contributors
"It is purpose that created us, purpose that connects us, purpose that pulls us, that guides us, that drives us, that binds us, it is purpose that defines us." - Agent Smith Project Leaders Abhi M Balakrishnan Yashartha Chaturvedi

Other Members Gokul C Gopinath Maximiliano Soler Niraj Mohite Rahul Babu R Gopu C Gopinath Thomas Mackenzie

Download
" All things are difficult before they are easy." - Thomas Fuller OWASP Mantra Security Toolkit - Beta 0.92 code named Janus

Above given download links are only for Mantra in English- for other languages please check official website at http://www.getmantra.com/download/mantra-security-toolkit.html

Resources
Project Pamphlets

Project Pamphlet 1

Project Presentations

Project Presentation 2

Text Tutorials

Introducing PassiveRecon by Justin Morehouse Introducing Groundspeed by Felipe Introducing Link Sidebar by Varun N Introducing ProxyTool by Robert Rade Introducing HttpFox by Martin Theimer How to make your own search bar item How to use MoC crawler Switching between languages and locales Running Mantra and Firefox together Login Form Bypass using Mantra Security Toolkit Advanced SQL Injection Tutorial - Complete website rooting Manual Crawling Introducing Flagfox

Video Tutorials

SearchSecurity Screencast ClubHACK 2010 - 1 2 3 Broken Authentication Demonstration Broken Session Demonstration Insecure Direct Object References Demonstration Cross Site Scripting Demonstration Introduction + How to use Mantra Security Toolkit Introduction to Mantra (Arabic) Introducing FoxyProxy (Arabic) OWASP Mantra - URL Shortener Script SQL Injection Vulnerability OWASP Mantra and LAMP Security CTF 6 OWASP Mantra and Who Wants to be a Millionaire OWASP Mantra - One File CMS - Failure to Restrict URL Access

Links
Main Website Discussion Forums Facebook Page Tumblr Twitter Vimeo Sourceforge Google Code Youtube Artworks Wallpapers