OWASP Autumn of Code 2006 - Projects: Pantera
AoC Candidate: Simon
Project Coordinator: Dinis Cruz
Project Progress: 100% Complete - Progress Page
We are happy we have completed our AOC sponsorship and we will like to thanks OWASP for their support!! However there is a long road ahead of us and we need to keep the hard work with your help :)
Thanks to OWASP help we have improved quite a lot Pantera:
- Better performanced
- More PPA scanning plugins
- New features like Import / Export data
- Tons of bug fixes :)
- and much more we will let you explore!
But keep in mind we are not going to stop here, we plan to continue with the development and support of Pantera :)
Background and Motivation
History Behind Project
Pantera was developed out of necessity, to create an easy but powerful application assessment framework. The development of Pantera started at some point in 2005 using SpikeProxy as baseline. Since then it has changed a lot by adding many cool features. Simon Roses Femerling, main developer, donated Pantera to OWASP in August 2006.
Problem to be Addressed
Where to start!! Even Pantera have been successfully used in several assessments it is far from finished. This project needs a lot of work and support from the community as it is currently being developed by just one person. Several design issues have been identified and will be addressed in future versions
Benefit to OWASP Members and Community
The benefit of Pantera is to provide a top-notch open source solution to perform professional application assessments.
Goals and Deliverables
Plan of Approach
Check out Pantera Progress Page
As described in OWASP AOC the deliverables are:
- Mature and robust framework: The purpose of Pantera is to come up with a mature framework to perform application assessments where performance, portability and usability are key elements in the design.
- Active Scanning Engine via a plug-in system: A complete vulnerability scanning engine in 3 phases (recon/spider, vulnerabilities, verify result)
- Automated Analysis Tools (Auth brute force, decompiler, etc.): Automated tools to perform repetitive tasks like authorization brute force, fuzzing, etc.
- Import data from well-known sources as Application Scanners and other Pentesting Proxies: Import all data into Pantera to replay attacks and/or correlate findings to obtain the best results possible.
- Charts and pie generation of analyzed data: Visual charts and pies to get a better picture of the vulnerabilities and obtained data from the assessment.
- Report generation with customization in different formats (HTML, XML, PDF, etc.): Generate report in different formats and able to customize to your taste.
- Improved Data Mining capabilities: Better data mining analysis.
- Assessment Timeframe: Create a timeframe of the assessment.
Risks and Rewards
- Not being able to complete the project in time.
- Monumental task for just one person.
Rewards of Successful Project
- Create a useful and professional project.
- Contributing to OWASP and the community