OWASP Mantra - Security Framework

=Main=



{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |

OWASP Mantra - Security Framework

 * A web application security testing framework built on top of a browser.
 * Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
 * Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
 * Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
 * Comes installed with major security distributions including BackTrack and Matriux

Introduction
Free and Open Source Browser based Security Framework

Description
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.

Licensing
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


 * valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |

What is OWASP Mantra?
OWASP XXX provides:


 * A web application security testing framework built on top of a browser.
 * Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
 * Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
 * Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
 * Comes installed with major security distributions including BackTrack and Matriux

Presentation
| Project Presentation 2

Project Leader
Abhi M BalaKrishnan Yashartha Chaturvedi

Related Projects

 * OWASP Bricks


 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download

 * http://www.getmantra.com/owasp-mantra.html

Email List
https://lists.owasp.org/mailman/listinfo/owasp-mantra

News and Events
Computer Weekly Article OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release Mantra at Ekoparty Security Conference Mantra at OWASP LatamTour - Buenos Aires, Argentina Getting secure with Mantra: An open source penetration testing kit - 1. Computer World 2. CIO 3. Tech World 4. CSO Searchsecurity Screencast Mantra in Matriux Security Distribution Mantra in Backtrack 5 - Penetration Testing Distribution Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag ClubHACK 2010 Mantra release OWASP Mantra page on Secpedia, the information security encyclopedia

Classifications

 * }

=FAQs=


 * Q1
 * A1


 * Q2
 * A2

= Acknowledgements =

Volunteers
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:


 * xxx
 * xxx

Others

 * xxx
 * xxx

= Road Map and Getting Involved = As of now, the priorities are: Create an ecosystem for hackers based on browser To bring the attention of security people to the potential of a browser based security platform Provide easy to use and portable platform for demonstrating common web based attacks( read training ) To associate with other security tools/products to make a better environment. Eg: It can be a nice addition to OWASP Live CD It can be used to solve basic levels of CTF contests It can associate with projects like DVWA to showcase attacks It can bring functions like crawler, SQL injection scanner etc by installing extensions.

Involvement in the development and promotion of OWASP Mantra is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
 * xxx
 * xxx

=Project About=