Difference between revisions of "OWASP Mantra - Security Framework"

From OWASP
Jump to: navigation, search
(11 intermediate revisions by one user not shown)
Line 1: Line 1:
 
[[Image:OWASP Mantra screenshot.jpg|800px|OWASP Mantra Security Framework screenshot.jpg]]<br> <br>  
 
[[Image:OWASP Mantra screenshot.jpg|800px|OWASP Mantra Security Framework screenshot.jpg]]<br> <br>  
<div style="font-size:132%;border:none;margin: 0;color:#000">
+
<div style="font-size:112%;border:none;margin: 0;color:#000">
 
* A web application security testing framework built on top of a browser.  
 
* A web application security testing framework built on top of a browser.  
 
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh.  
 
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh.  
 
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.
 
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.
 
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
 
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
* Comes installed with major security distributions including BackTrack and Matriux
+
* Comes installed with major security distributions including BackTrack and Matriux<br><br>
  
'''[http://getmantra.com/download/index.html Download Mantra] | [http://www.youtube.com/user/Getmantra/videos?view=0 Watch videos] | [http://www.getmantra.com/tools.html Know about tools] | [http://www.getmantra.com/forums/ Questions and Answers]''' | [http://mantralooks.blogspot.in/ Artworks]
+
'''[http://getmantra.com/download/index.html Download Mantra] | [http://www.youtube.com/user/Getmantra/videos?view=0 Watch videos] | [http://www.getmantra.com/tools.html Know about tools]<br><br>
 
+
Connect with Mantra on: [http://blog.getmantra.com/ Blog] | [https://plus.google.com/117884295017194528715/posts Google+] | [http://twitter.com/getmantra Twitter] | [http://www.facebook.com/getmantra Facebook] | [http://myowasp.ning.com/group/owasp-mantra Ning]
+
 
+
Track development on: [http://sourceforge.net/projects/getmantra/ Sourceforge] | [http://code.google.com/p/getmantra/ Google Code]
+
  
 
== What Mantra can do==
 
== What Mantra can do==
[[Image:OWASP Mantra Security Framework in Ubuntu 11.png|thumb|300px|right|OWASP Mantra Security Framework running under Ubuntu 11 environment]]
+
<br>
[[Image:OWASP Mantra Security Framework in MAC Environment.png|thumb|300px|right|OWASP Mantra Security Framework running in MAC Environment]]
+
[[Image:OWASP Mantra Security Framework.jpg|300px|right|OWASP Mantra Security Framework.jpg]]
[[Image:OWASP Mantra Security Framework Screenshot.jpeg|thumb|300px|right|OWASP Mantra Security Framework Screenshot : under Windows 7 environment]]
+
 
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to  know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.
 
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to  know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.
  
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.
+
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br><br><br>
 
== Download ==
 
== Download ==
<br/>
+
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/>
 
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''
 
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''
 
{|
 
{|
Line 38: Line 33:
 
|''Source: ''  
 
|''Source: ''  
 
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]
 
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]
|}
+
|}<br><br>
 
== Team Mantra ==
 
== Team Mantra ==
 +
<br>
 
'''Project Leaders''': [[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and [[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br/>
 
'''Project Leaders''': [[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and [[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br/>
'''Testing and other works''': [[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie
+
'''Testing and other works''': [[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br><br>
 
== News ==
 
== News ==
 
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/>
 
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/>
Line 54: Line 50:
 
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/>
 
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/>
 
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]
 
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]
[[Category:OWASP_Download]]
+
[[Category:OWASP_Download]]<br><br>
 
== Resources ==
 
== Resources ==
 
'''Project Pamphlets''': [http://www.owasp.org/images/e/e4/OWASP_Mantra-An_Introduction.pdf Project Pamphlet 1]
 
'''Project Pamphlets''': [http://www.owasp.org/images/e/e4/OWASP_Mantra-An_Introduction.pdf Project Pamphlet 1]
Line 72: Line 68:
 
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/>
 
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/>
 
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]
 
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]
|}</div>
+
|}</div><br><br>
 
== Project About ==
 
== Project About ==
 
{{:Projects/OWASP Mantra - Security Framework | Project About}}
 
{{:Projects/OWASP Mantra - Security Framework | Project About}}
  
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
[[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool]] [[Category:OWASP_Project|Mantra - Security Framework]]
+
[[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]
[[Category:OWASP Download]]{{OWASP Breakers}}
+
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}}

Revision as of 11:51, 12 February 2013

OWASP Mantra Security Framework screenshot.jpg

  • A web application security testing framework built on top of a browser.
  • Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
  • Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
  • Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
  • Comes installed with major security distributions including BackTrack and Matriux

Download Mantra | Watch videos | Know about tools

What Mantra can do


OWASP Mantra Security Framework.jpg

Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.


Download

OWASP Mantra cross platform.jpg
OWASP Mantra Security Toolkit - Beta 0.92 code named Janus

Linux 32 bit: Mirror 1 Mirror 2 Torrent
Linux 64 bit: Mirror 1 Mirror 2 Torrent
Windows: Mirror 1 Mirror 2 Torrent
Macintosh: Mirror 1 Mirror 2 Torrent
Source: Mirror 1


Team Mantra


Project Leaders: Abhi M Balakrishnan and Yashartha Chaturvedi
Testing and other works: Gokul C Gopinath, Maximiliano Soler, Niraj Mohite, Rahul Babu R, Gopu C Gopinath and Thomas Mackenzie

News

Computer Weekly Article
OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release
Mantra at Ekoparty Security Conference
Mantra at OWASP LatamTour - Buenos Aires, Argentina
Getting secure with Mantra: An open source penetration testing kit - 1. Computer World 2. CIO 3. Tech World 4. CSO
Searchsecurity Screencast
Mantra in Matriux Security Distribution
Mantra in Backtrack 5 - Penetration Testing Distribution
Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag
ClubHACK 2010 Mantra release
OWASP Mantra page on Secpedia, the information security encyclopedia

Resources

Project Pamphlets: Project Pamphlet 1

Project Presentations: Project Presentation 1 | Project Presentation 2

Tutorials

Text Tutorials Video Tutorials
Introducing PassiveRecon by Justin Morehouse
Introducing Groundspeed by Felipe
Introducing Link Sidebar by Varun N
Introducing ProxyTool by Robert Rade
Introducing HttpFox by Martin Theimer
How to make your own search bar item
How to use MoC crawler
Switching between languages and locales
Running Mantra and Firefox together
Login Form Bypass using Mantra Security Toolkit
Advanced SQL Injection Tutorial - Complete website rooting
Manual Crawling
Introducing Flagfox
         SearchSecurity Screencast
ClubHACK 2010 - 1 2 3
Broken Authentication Demonstration
Broken Session Demonstration
Insecure Direct Object References Demonstration
Cross Site Scripting Demonstration
Introduction + How to use Mantra Security Toolkit
Introduction to Mantra (Arabic)

Introducing FoxyProxy (Arabic)
OWASP Mantra - URL Shortener Script SQL Injection Vulnerability
OWASP Mantra and LAMP Security CTF 6
OWASP Mantra and Who Wants to be a Millionaire
OWASP Mantra - One File CMS - Failure to Restrict URL Access



Project About

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Mantra - Security Framework (home page)
Purpose: Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges,maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.
License: GNU Free Documentation 1.2 for documents & GPL v3 for source code
who is working on this project?
Project Leader(s):
Project Maintainer(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
OWASP Mantra Janus - Beta 0.92 - 22 January 2013 - (download)
Release description: Sixth public beta release of OWASP Mantra Security Toolkit - Beta 0.92 code named Janus
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases
This project is part of the OWASP Breakers community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.