OWASP OWTF

=Main=  {| class="wikitable sortable" style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 * valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |Review this project



OWTF aims to make pen testing:


 * Aligned with OWASP Testing Guide + PTES + NIST
 * More efficient
 * More comprehensive
 * More creative and fun (minimise un-creative work)

so that pentesters will have more time to


 * See the big picture and think out of the box
 * More efficiently find, verify and combine vulnerabilities
 * Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
 * Perform more tactical/targeted fuzzing on seemingly risky areas
 * Demonstrate true impact despite the short timeframes we are typically given to test.

The latest version of OWASP OWTF is OWTF 2.3b "MacinOWTF".
Project Leaders
 * [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren]
 * [mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju]
 * [mailto:viyat.bhalodia@owasp.org Viyat Bhalodia]

Links

 * OWASP OWTF Installation
 * OWASP OWTF Releases
 * OWASP OWTF Documentation
 * Try some of the OWTF features from your browser!
 * OWASP OWTF Release blog posts
 * OWASP OWTF Talk blog posts
 * OWASP OWTF Mailing List
 * OWASP OWTF IRC Channel: #owtf on Freenode
 * OWASP OWTF Gitter Channel

OWTF is taking part in the Google Summer of Code 2018 ! If you'd like to participate then see the OWASP Google Summer of Code 2018 Ideas page!
ToolsWatch Annual Best Free/Open Source Security Tool Survey:
 * 2015 10th
 * 2014 7th

Presentation and talks
The following links provide access to materials for OWTF talks (video, slides, etc.):

OWTF Talks at 7-a.org

You can see what OWASP OWTF is all about in the following video:

OWASP OWTF 1.0 "Lionheart" - Brucon 2014 5x5:

OWASP AppSec EU 2013: Introducing OWASP OWTF 5x5:

For more videos please see the YouTube channel

Licensing
LICENSE

Openhub
https://www.openhub.net/p/owasp-owtf

Classifications

 * valign="top" style="padding-left:25px;width:200px;" |

Quick Download

 * Download now

Email List
Sign Up

News and Events

 * April 6th, 2017 - OWTF 2.1a "Chicken Korma" is here!
 * May 7th, 2016 - OWTF 2.0a "Tikka Masala" is here!


 * February 29th, 2016 - OWASP is selected for GSoC 2016 - OWTF is participating!


 * July 10th, 2015 - OWTF got 3 slots in the OWASP Summer Code Sprint 2015!


 * June 19th, 2015 - OWTF is taking part in the OWASP Summer Code Sprint 2015


 * October 15, 2014 - OWTF is taking part in the OWASP Winter Code Sprint!


 * October 15, 2014 - OWTF 1.0.1 "Lionheart" released! - Fixed a major installation bug caused due to wrong handling of requirements by pip


 * October 5th 2014 - OWTF 1.0 "Lionheart" released!


 * September 26th 2014 - OWTF 1.0 "Lionheart" presented at Brucon!


 * September 4th 2014 - - OWTF participating in OWASP Winter Code Sprint


 * January 13th 2014 - OWTF 0.45.0 "Winter Blizzard" released!


 * December 11th 2013 - OWASP OWTF CFP funds contest WINNERS announced


 * September 8th 2013 - OWASP OWTF CFP funds contest open!


 * August 22nd-23rd 2013 - Introducing OWASP OWTF 5x5 @ OWASP AppSec EU


 * August 9th 2013 - OWTF 0.30 "Summer Storm II" released!


 * July 1st 2013 - OWTF 0.20 "Summer Storm I" released!


 * June 12th 2013 - OWASP OWTF GSoC Selection, Stats and Poll


 * May 24th 2013 - OWASP OWTF 0.16 "shady citizen" released, now working smoothly in Kali!


 * April 22nd - May 3rd 2013 - Call for Student Proposals: OWASP OWTF will be part of the Google Summer of Code 2013


 * April 24th 2013 - Pentesting like a Grandmaster with OWASP OWTF to be presented at BSides London 2013


 * February 26th 2013 - OWASP OWTF selected to be supported by Brucon 5x5


 * September 26th 2012 - OWASP OWTF Workshop at Brucon


 * September 24th 2012 - OWASP OWTF 0.15 BruCon released!

In Print

 * }

=FAQs=

OWTF documentation is hosted in the following resources:
 * Getting started
 * Downloading & Installation
 * OWASP OWTF Documentation
 * OWTF Playlists with Demos/Talks on Youtube
 * Join us on IRC (#owtf on Freenode)
 * Some OWTF presentation slides
 * More OWTF Talk links

= Acknowledgements =

Volunteers
OWTF is developed by a worldwide team of volunteers.

But we have also been helped by many organizations, either financially or through other means:


 * OWASP
 * eLearnSecurity
 * Google
 * BruCon
 * Browserstack for providing a platform to test OWTF on multiple devices!

= Road Map and Getting Involved = OWTF attempts to solve the "penetration testers are never given enough time to test properly" problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are:
 * To improve security testing efficiency (i.e. test more in less time)
 * To improve security testing coverage (i.e. test more)
 * Gradually integrate the best tools
 * Unite the best tools and make them work together with the security tester
 * Remove or Reduce the need to babysit security tools during security assessments
 * Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses.
 * Help penetration testers save time on report writing

Involvement in the development and promotion of OWTF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
 * Send us a pull request
 * Give us feedback / suggestions / report bugs
 * Talk to us on IRC (#owtf on Freenode)
 * Join our OWTF developers mailing list
 * Join the general OWTF mailing list

=Project About=