Difference between revisions of "OWASP Mantra - Security Framework"

From OWASP
Jump to: navigation, search
m
(47 intermediate revisions by 2 users not shown)
Line 1: Line 1:
==== Main  ====
+
[[File:OWASP_Logo_Web.jpg|600px|center|link=http://www.owasp.org/index.php/OWASP_InfoSec_Conference_2012]]
  
= Overview  =
+
== Overview  ==
  
 
[[Image:OWASP Mantra Security Framework.jpg|right|200px|OWASP Mantra Security Framework.jpg]]<br>  
 
[[Image:OWASP Mantra Security Framework.jpg|right|200px|OWASP Mantra Security Framework.jpg]]<br>  
  
 
*Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.  
 
*Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.  
 +
<br>
 
*Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.
 
*Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.
  
= Project Goals  =
 
  
 +
'''[http://getmantra.com/download/index.html Download Mantra - Security Framework]'''<br>
 +
 +
*[http://www.youtube.com/watch?v=GBFxVAM3DLQ Conference Video 1]
 +
*[http://www.youtube.com/watch?v=bKACEDWKeyM Conference Video 2]
 +
*[http://www.youtube.com/watch?v=qpVHWVOPHTk Conference Video 3]
 +
 +
*[http://chmag.in/article/feb2011/mantra-%E2%80%93-free-and-open-source-security-framework Article/Publication ]
 +
 +
<br>
 +
 +
== Project Goals ==
 +
<br>
 
#Create an ecosystem for hackers based on browser  
 
#Create an ecosystem for hackers based on browser  
 
#To bring the attention of security people to the potential of a browser based security platform  
 
#To bring the attention of security people to the potential of a browser based security platform  
Line 19: Line 31:
 
##It can bring functions like crawler, SQL injection scanner etc by installing extensions.
 
##It can bring functions like crawler, SQL injection scanner etc by installing extensions.
  
= Main Links  =
 
  
'''[http://getmantra.com/download/index.html Download Mantra - Security Framework]'''<br>  
+
<br>  
  
*[http://www.youtube.com/watch?v=GBFxVAM3DLQ Conference Video 1]
+
== Tools ==
*[http://www.youtube.com/watch?v=bKACEDWKeyM Conference Video 2]
+
*[http://www.youtube.com/watch?v=qpVHWVOPHTk Conference Video 3]
+
  
*[http://chmag.in/article/feb2011/mantra-%E2%80%93-free-and-open-source-security-framework Article/Publication ]
+
<br/>" A sword never kills anybody; it is a tool in the killer's hand." - Lucius Annaeus Seneca<br/><br/>
 +
Mantra is a powerful set of tools to make the attacker's task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. Moreover Mantra follows the guidelines and structure of [http://firecat.fr/ FireCAT ] which makes it even more accessible. You can also always suggest any tools/ scripts that you would like see in the next release.<br/>
  
<br>  
+
[[Image:OWASP Mantra Security Framework in Ubuntu 11.png|thumb|300px|right|OWASP Mantra Security Framework running under Ubuntu 11 environment]]
 +
<br/>
 +
[[Image:OWASP Mantra Security Framework in MAC Environment.png|thumb|300px|right|OWASP Mantra Security Framework running in MAC Environment]]
 +
<br/>
 +
[[Image:OWASP Mantra Security Framework Screenshot.jpeg|thumb|300px|right|OWASP Mantra Security Framework Screenshot : under Windows 7 environment]]
  
==== Tools  ====
+
+'''Information Gathering'''
Mantra is a powerful set of tools to make the attacker's task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. Moreover Mantra follows the guidelines and structure of [http://firecat.fr/ FireCAT ] which makes it even more accessible. You can also always suggest any tools/ scripts that you would like see in the next release.
+
  
''
+
- ''Flagfox''<br/>
+'''Information Gathering'''<br/>
+
- ''JSView''<br/>
+'''Whois'''<br/>
+
- ''PassiveRecon''<br/>
-''Flagfox''<br/>
+
- ''[http://wappalyzer.com Wappalyzer]''<br/>
+'''Location Info'''<br/>
+
- ''View Dependencies''<br/>
-''Flagfox''<br/>
+
- ''Link Sidebar''
+'''Enumeration and Fingerprint'''<br/>
+
-''Host Spy''<br/>
+
-''JSView''<br/>
+
-''PassiveRecon''<br/>
+
-''View Dependencies''<br/>
+
-''Wappalyzer''<br/>
+
+'''Data Mining'''<br/>
+
-''People Search Engine''<br/>
+
-''Facebook search''<br/>
+
+'''Editors'''<br/>
+
-''Cert Viewer Plus''<br/>
+
-''Firebug''<br/>
+
-''JSView''<br/>
+
  
+'''Network Utilities'''<br/>
+
+'''Editors'''
+'''Protocols and applications'''<br/>
+
+'''FTP'''<br/>
+
-''Fire FTP''<br/>
+
+'''DNS'''<br/>
+
-''DNS Cache''<br/>
+
+'''SQL'''<br/>
+
-''SQLite Manager''<br/>
+
+'''Sniffers'''<br/>
+
-''HTTP Fox''<br/>
+
+'''Password'''<br/>
+
-''CryptoFox 2.0''<br/>
+
  
+'''Misc'''<br/>
+
- ''JSView''<br/>
+'''Tweaks and Hacks'''<br/>
+
- ''Firebug''
-''Greasemonkey''<br/>
+
+'''Scripts'''<br/>
+
-''Greasefir''<br/>
+
+'''Malware scanner'''<br/>
+
-''Web of Trust''<br/>
+
+'''Automation'''<br/>
+
-''iMacros''<br/>
+
+'''Others'''<br/>
+
-''CacheToggle 0.6''<br/>
+
-''URL Flipper''<br/>
+
+'''Application Auditing'''<br/>
+
-''Hackbar''<br/>
+
-''JavaScript Deobfuscator''<br/>
+
-''RESTClient''<br/>
+
-''Tamper Data''<br/>
+
-''Live HTTP Headers''<br/>
+
-''RefControl''<br/>
+
-''User Agent Switcher''<br/>
+
-''Web Developer''<br/>
+
-''DOM Inspector''<br/>
+
-''Inspect This''<br/>
+
-''Formfox''<br/>
+
+'''Exploit Me'''<br/>
+
-''Access Me''<br/>
+
-''SQL Inject Me''<br/>
+
-''XSS Me''<br/>
+
+'''Cookies'''<br/>
+
-''Cookies Manager+ 1.5.1''<br/>
+
-''Firecookie''<br/>
+
  
+'''Proxy'''<br/>
+
+'''Network Utilities'''
-''FoxyProxy Standard 2.22.6''<br/>
+
-''HttpFox''<br/>''
+
  
 +
- ''FireFTP''<br/>
 +
- ''DNS Cache''<br/>
 +
- ''SQLite Manager''<br/>
 +
- ''HTTP Fox''<br/>
 +
- ''FireSSH''
  
 +
+'''Miscellaneous'''
  
==== News ====
+
- ''Greasemonkey''<br/>
 +
- ''Greasefire''<br/>
 +
- ''CacheToggle''<br/>
 +
- ''URL Flipper''<br/>
 +
- ''Event Spy''<br/>
 +
- ''Stacked Inspector''<br/>
 +
- ''Scriptish''<br/>
 +
- ''Session Manager''<br/>
 +
- ''FireEncrypter''<br/>
  
{{:Projects/OWASP Mantra - Security Framework | News}}
+
+'''Application Auditing'''
  
==== Contributors  ====
+
- ''Hackbar''<br/>
 +
- ''RESTClient''<br/>
 +
- ''Tamper Data''<br />
 +
- ''Live HTTP Headers''<br/>
 +
- ''RefControl''<br/>
 +
- ''User Agent Switcher''<br/>
 +
- ''Web Developer''<br/>
 +
- ''DOM Inspector''<br/>
 +
- ''Inspect This''<br/>
 +
- ''Form Fox''<br/>
 +
- ''SQL Inject Me''<br/>
 +
- ''XSS Me''<br/>
 +
- ''Cookies Manager+''<br/>
 +
- ''Firecookie''<br/>
 +
- ''Autofill Forms''<br/>
 +
- ''Cookie Monster''<br/>
 +
- ''Fireforce''<br/>
 +
- ''Groundspeed''<br/>
 +
- ''Http Requester''<br/>
 +
- ''Modify Headers''<br/>
 +
- ''Poster''<br/>
 +
- ''Ref Spoof''<br/>
 +
- ''SeleniumExpertSeleniumIDE''<br/>
 +
- ''SeleniumIDE''<br/>
 +
- ''NoRedirect''<br/>
 +
- ''Websecurify''<br/>
 +
- ''Ra.2''
  
 +
+'''Proxy'''
 +
 +
- ''FoxyProxy''<br/>
 +
- ''Http Fox''<br/>''
 +
- ''Proxy Tool''
 +
 +
 +
 +
== News ==
 +
 +
<br/>
 +
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/>
 +
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/>
 +
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/>
 +
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/>
 +
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/>
 +
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/>
 +
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/>
 +
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/>
 +
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/>
 +
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/>
 +
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]
 +
 +
== Contributors ==
 +
 +
<br/>
 +
"It is purpose that created us, purpose that connects us, purpose that pulls us, that guides us, that drives us, that binds us, it is purpose that defines us." - Agent Smith<br/><br/>
 
'''Project Leaders'''<br/>
 
'''Project Leaders'''<br/>
Abhi M Balakrishnan<br/>
+
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]]<br/>
Yashartha Chaturvedi]<br/>
+
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br/>
Gokul C Gopinath<br/><br/>
+
[[User:Gokul_C_Gopinath|Gokul C Gopinath]]<br/><br/>
  
 
'''Other Members'''<br/>
 
'''Other Members'''<br/>
 +
[[User:Maximiliano_Soler|Maximiliano Soler]]<br/>
 
Gopu C Gopinath<br/>
 
Gopu C Gopinath<br/>
Maximiliano Soler
+
Thomas Mackenzie<br/>
 +
Niraj Mohite<br/>
 +
Rahul Babu R<br/>
  
==== Download  ====
 
  
'''OWASP Mantra c0c0n 11 and AppSecLatam 11 Release ( 0.71 Beta )'''<br/>
+
== Download ==
 +
 
 +
<br/>
 +
" All things are difficult before they are easy." - Thomas Fuller <br/><br/>
 +
'''OWASP Mantra Security Toolkit - Beta 0.91 code named Lexicon'''<br/>
  
 
{|
 
{|
|Platform
+
|'''Platform'''
|Details
+
|'''Details'''
|Links
+
|'''Links'''
 
|-
 
|-
|Linux 32 bit
+
|'''Linux 32 bit'''
|MD5: 8e874e6d4e119111bf3dbcbe0f9a1c69
+
|MD5: 54784b658a0ad08ad6f7cfd18ea0a3d7
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Linux%2032%20bit/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20i686%20Release.tar.bz2/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20i686%20Release.tar.bz2 Mirror 2] [http://burnbit.com/torrent/178063/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_i686_Release_tar_bz2 Torrent]
+
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Lexicon%20-%200.91%20Beta/en-US/Mantra%20Lexicon%20Lin32%20EN.tar.bz2/download Mirror 1] [http://getmantra.googlecode.com/files/Mantra%20Lexicon%20Lin32%20EN.tar.bz2 Mirror 2] [http://burnbit.com/torrent/200586/Mantra_Lexicon_Lin32_EN_tar_bz2 Torrent]
 
|-
 
|-
|Linux 64 bit
+
|'''Linux 64 bit'''
|MD5: d0ed8fce30a20ad907a97047985e8c05
+
|MD5: e4ffc6686c58e9dc3a38e89fb63e6b63
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Linux%2064%20bit/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20-%20x86_64.tar.bz2/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20-%20x86_64.tar.bz2 Mirror 2] [http://burnbit.com/torrent/178679/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_x86_64_tar_bz2 Torrent]
+
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Lexicon%20-%200.91%20Beta/en-US/Mantra%20Lexicon%20Lin64%20EN.tar.bz2/download Mirror 1] [http://getmantra.googlecode.com/files/Mantra%20Lexicon%20Lin64%20EN.tar.bz2 Mirror 2] [http://burnbit.com/torrent/200520/Mantra_Lexicon_Lin64_EN_tar_bz2 Torrent]
 
|-
 
|-
|Windows
+
|'''Windows'''
|MD5: 98517c9f61561d8c656a2d2436f2333d
+
|MD5: db7a6f4a15667965c59296663e58a343
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Windows/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20Release.exe/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20Release.exe Mirror 2] [http://burnbit.com/torrent/178065/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_Release_exe Torrent]
+
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Lexicon%20-%200.91%20Beta/en-US/Mantra%20Lexicon%20Win%20EN.exe/download Mirror 1] [http://getmantra.googlecode.com/files/Mantra%20Lexicon%20Win%20EN.exe Mirror 2] [http://burnbit.com/torrent/200339/Mantra_Lexicon_Win_EN_exe Torrent]
 
|-
 
|-
|Macintosh
+
|'''Macintosh'''
|MD5: 949808a8f75fa0bcc5730cdcf73f7844
+
|MD5: 9c69fe858fc9709156d54676072d9281
|http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Macintosh/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011.zip/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011.zip Mirror 2] [http://burnbit.com/torrent/178066/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_zip Torrent]
+
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Lexicon%20-%200.91%20Beta/en-US/Mantra%20Lexicon%20Mac%20EN.zip/download Mirror 1] [http://getmantra.googlecode.com/files/Mantra%20Lexicon%20Mac%20EN.zip Mirror 2] [http://burnbit.com/torrent/200487/Mantra_Lexicon_Mac_EN_zip Torrent]
 
|-
 
|-
|Source
+
|'''Source'''
|MD5: 6fdb5e9408261d741f24cb83df4b4066
+
|MD5: 7814e494504c4227411adb34b8fe2227
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Source/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20Release%20Source.7z/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20Release%20Source.7z Mirror 2] [http://burnbit.com/torrent/178067/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_Release_Source_7z Torrent]  
+
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Lexicon%20-%200.91%20Beta/Mantra%20Lexicon%20Source.7z/download Mirror 1] [http://getmantra.googlecode.com/files/Mantra%20Lexicon%20Source.7z Mirror 2] [http://burnbit.com/torrent/200588/Mantra_Lexicon_Source_7z Torrent]  
 
|}
 
|}
  
 +
<br/>
 +
''Above given download links are only for Mantra in English- for other languages please check official website at''<br/> http://www.getmantra.com/download/mantra-security-toolkit.html
  
==== Project About ====
+
[[Category:OWASP_Download]]
 +
 
 +
 
 +
== Project About ==
  
 
{{:Projects/OWASP Mantra - Security Framework | Project About}}  
 
{{:Projects/OWASP Mantra - Security Framework | Project About}}  
  
  
==== Resource ====
+
== Resources ==
 +
<br/>
  
{{:Projects/OWASP Mantra - Security Framework | Resources}}
+
'''Project Pamphlets'''<br/>
  
==== Links ====
+
[http://www.owasp.org/images/e/e4/OWASP_Mantra-An_Introduction.pdf Project Pamphlet 1]<br/><br/>
  
{{:Projects/OWASP Mantra - Security Framework | Links}}
+
'''Project Presentations'''<br/>
  
__NOTOC__ <headertabs />  
+
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1]<br/>
 +
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation  2]<br/><br/>
  
 +
'''Text Tutorials'''<br/>
  
 +
[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>
 +
[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>
 +
[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>
 +
[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>
 +
[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>
 +
[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>
 +
[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>
 +
[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>
 +
[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>
 +
[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>
 +
[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>
 +
[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>
 +
[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]<br/><br/>
  
 +
'''Video Tutorials'''<br/>
 +
 +
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>
 +
ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>
 +
[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>
 +
[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>
 +
[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>
 +
[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>
 +
[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>
 +
[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/>
 +
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>
 +
[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>
 +
[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/>
 +
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>
 +
[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]
 +
 +
 +
==== Links ====
 +
<br/>
 +
[http://www.getmantra.com/index.html Main Website]<br/>
 +
[http://www.getmantra.com/forums/ Discussion Forums]<br/>
 +
[http://www.facebook.com/getmantra/ Facebook Page]<br/>
 +
[http://getmantra.tumblr.com/ Tumblr]<br/>
 +
[http://twitter.com/getmantra Twitter]<br/>
 +
[http://vimeo.com/getmantra Vimeo]<br/>
 +
[http://sourceforge.net/projects/getmantra/ Sourceforge]<br/>
 +
[http://code.google.com/p/getmantra/ Google Code]<br/>
 +
[http://www.youtube.com/getmantra Youtube]
 +
[http://mantralooks.blogspot.in/ Artworks]
 +
[http://mantragallery.blogspot.com/ Wallpapers]
 +
 +
 +
__NOTOC__ <headertabs />
  
[[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:OWASP_Alpha_Quality_Tool]] [[Category:OWASP_Project|Mantra - Security Framework]]
+
[[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool]] [[Category:OWASP_Project|Mantra - Security Framework]]
]]
+
[[Category:OWASP Download]]{{OWASP Breakers}}

Revision as of 17:43, 26 September 2012

OWASP Logo Web.jpg

Overview

OWASP Mantra Security Framework.jpg

  • Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.


  • Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.


Download Mantra - Security Framework


Project Goals


  1. Create an ecosystem for hackers based on browser
  2. To bring the attention of security people to the potential of a browser based security platform
  3. Provide easy to use and portable platform for demonstrating common web based attacks( read training )
  4. To associate with other security tools/products to make a better environment. Eg:
    1. It can be a nice addition to security distribution OSs like OWASP Live CD
    2. It can be used to solve basic levels of CTF contests
    3. It can associate with projects like DVWA to showcase attacks
    4. It can bring functions like crawler, SQL injection scanner etc by installing extensions.



Tools


" A sword never kills anybody; it is a tool in the killer's hand." - Lucius Annaeus Seneca

Mantra is a powerful set of tools to make the attacker's task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. Moreover Mantra follows the guidelines and structure of FireCAT which makes it even more accessible. You can also always suggest any tools/ scripts that you would like see in the next release.

OWASP Mantra Security Framework running under Ubuntu 11 environment


OWASP Mantra Security Framework running in MAC Environment


OWASP Mantra Security Framework Screenshot : under Windows 7 environment

+Information Gathering

- Flagfox
- JSView
- PassiveRecon
- Wappalyzer
- View Dependencies
- Link Sidebar

+Editors

- JSView
- Firebug

+Network Utilities

- FireFTP
- DNS Cache
- SQLite Manager
- HTTP Fox
- FireSSH

+Miscellaneous

- Greasemonkey
- Greasefire
- CacheToggle
- URL Flipper
- Event Spy
- Stacked Inspector
- Scriptish
- Session Manager
- FireEncrypter

+Application Auditing

- Hackbar
- RESTClient
- Tamper Data
- Live HTTP Headers
- RefControl
- User Agent Switcher
- Web Developer
- DOM Inspector
- Inspect This
- Form Fox
- SQL Inject Me
- XSS Me
- Cookies Manager+
- Firecookie
- Autofill Forms
- Cookie Monster
- Fireforce
- Groundspeed
- Http Requester
- Modify Headers
- Poster
- Ref Spoof
- SeleniumExpertSeleniumIDE
- SeleniumIDE
- NoRedirect
- Websecurify
- Ra.2

+Proxy

- FoxyProxy
- Http Fox
- Proxy Tool


News


Computer Weekly Article
OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release
Mantra at Ekoparty Security Conference
Mantra at OWASP LatamTour - Buenos Aires, Argentina
Getting secure with Mantra: An open source penetration testing kit - 1. Computer World 2. CIO 3. Tech World 4. CSO
Searchsecurity Screencast
Mantra in Matriux Security Distribution
Mantra in Backtrack 5 - Penetration Testing Distribution
Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag
ClubHACK 2010 Mantra release
OWASP Mantra page on Secpedia, the information security encyclopedia

Contributors


"It is purpose that created us, purpose that connects us, purpose that pulls us, that guides us, that drives us, that binds us, it is purpose that defines us." - Agent Smith

Project Leaders
Abhi M Balakrishnan
Yashartha Chaturvedi
Gokul C Gopinath

Other Members
Maximiliano Soler
Gopu C Gopinath
Thomas Mackenzie
Niraj Mohite
Rahul Babu R


Download


" All things are difficult before they are easy." - Thomas Fuller

OWASP Mantra Security Toolkit - Beta 0.91 code named Lexicon

Platform Details Links
Linux 32 bit MD5: 54784b658a0ad08ad6f7cfd18ea0a3d7 Mirror 1 Mirror 2 Torrent
Linux 64 bit MD5: e4ffc6686c58e9dc3a38e89fb63e6b63 Mirror 1 Mirror 2 Torrent
Windows MD5: db7a6f4a15667965c59296663e58a343 Mirror 1 Mirror 2 Torrent
Macintosh MD5: 9c69fe858fc9709156d54676072d9281 Mirror 1 Mirror 2 Torrent
Source MD5: 7814e494504c4227411adb34b8fe2227 Mirror 1 Mirror 2 Torrent


Above given download links are only for Mantra in English- for other languages please check official website at
http://www.getmantra.com/download/mantra-security-toolkit.html


Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Mantra - Security Framework (home page)
Purpose: Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges,maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.
License: GNU Free Documentation 1.2 for documents & GPL v3 for source code
who is working on this project?
Project Leader(s):
Project Maintainer(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
OWASP Mantra Janus - Beta 0.92 - 22 January 2013 - (download)
Release description: Sixth public beta release of OWASP Mantra Security Toolkit - Beta 0.92 code named Janus
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases


Resources


Project Pamphlets

Project Pamphlet 1

Project Presentations

Project Presentation 1
Project Presentation 2

Text Tutorials

Introducing PassiveRecon by Justin Morehouse
Introducing Groundspeed by Felipe
Introducing Link Sidebar by Varun N
Introducing ProxyTool by Robert Rade
Introducing HttpFox by Martin Theimer
How to make your own search bar item
How to use MoC crawler
Switching between languages and locales
Running Mantra and Firefox together
Login Form Bypass using Mantra Security Toolkit
Advanced SQL Injection Tutorial - Complete website rooting
Manual Crawling
Introducing Flagfox

Video Tutorials

SearchSecurity Screencast
ClubHACK 2010 - 1 2 3
Broken Authentication Demonstration
Broken Session Demonstration
Insecure Direct Object References Demonstration
Cross Site Scripting Demonstration
Introduction + How to use Mantra Security Toolkit
Introduction to Mantra (Arabic)
Introducing FoxyProxy (Arabic)
OWASP Mantra - URL Shortener Script SQL Injection Vulnerability
OWASP Mantra and LAMP Security CTF 6
OWASP Mantra and Who Wants to be a Millionaire
OWASP Mantra - One File CMS - Failure to Restrict URL Access


Links


Main Website
Discussion Forums
Facebook Page
Tumblr
Twitter
Vimeo
Sourceforge
Google Code
Youtube Artworks Wallpapers


This project is part of the OWASP Breakers community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.