Difference between revisions of "OWASP Mantra - Security Framework"

From OWASP
Jump to: navigation, search
(New Template Migration)
Line 1: Line 1:
[[Image:OWASP Mantra screenshot.jpg|800px|OWASP Mantra Security Framework screenshot.jpg]]<br> <br>  
+
=Main=
<div style="font-size:112%;border:none;margin: 0;color:#000">
+
 
 +
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div>
 +
 
 +
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 
 +
==OWASP Mantra - Security Framework==
 +
 
 
* A web application security testing framework built on top of a browser.  
 
* A web application security testing framework built on top of a browser.  
 
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh.  
 
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh.  
 
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.
 
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.
 
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
 
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
* Comes installed with major security distributions including BackTrack and Matriux<br><br>
+
* Comes installed with major security distributions including BackTrack and Matriux
  
'''[http://getmantra.com/download/index.html Download Mantra] | [http://www.youtube.com/user/Getmantra/videos?view=0 Watch videos] | [http://www.getmantra.com/tools.html Know about tools]<br><br>
+
==Introduction==
 +
 
 +
Free and Open Source Browser based Security Framework
 +
 
 +
 
 +
==Description==
  
== What Mantra can do==
 
<br>
 
[[Image:OWASP Mantra Security Framework.jpg|300px|right|OWASP Mantra Security Framework.jpg]]
 
 
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to  know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.
 
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to  know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.
  
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.<br><br><br>
+
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.
== Download ==
+
 
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/>
+
 
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''
+
==Licensing==
{|
+
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
|''Linux 32 bit: ''
+
 
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]
+
 
|-
+
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
|''Linux 64 bit: ''
+
 
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]
+
== What is OWASP Mantra? ==
|-
+
 
|''Windows: ''
+
OWASP XXX  provides:
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]
+
 
|-
+
* A web application security testing framework built on top of a browser.  
|''Macintosh: ''
+
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh.  
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]
+
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.
|-
+
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
|''Source: ''
+
* Comes installed with major security distributions including BackTrack and Matriux
|[http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 1]
+
 
|}<br><br>
+
 
== Team Mantra ==
+
== Presentation ==
<br>
+
 
'''Project Leaders''': [[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and [[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]<br/>
+
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] |
'''Testing and other works''': [[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie<br><br>
+
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation  2]
== News ==
+
 
 +
 
 +
== Project Leader ==
 +
 
 +
Abhi M BalaKrishnan
 +
Yashartha Chaturvedi
 +
 
 +
 
 +
== Related Projects ==
 +
 
 +
* [[OWASP Bricks]]
 +
 
 +
 
 +
 
 +
| valign="top"  style="padding-left:25px;width:200px;" |
 +
 
 +
== Quick Download ==
 +
 
 +
* http://www.getmantra.com/owasp-mantra.html
 +
 
 +
== Email List ==
 +
 
 +
https://lists.owasp.org/mailman/listinfo/owasp-mantra
 +
 
 +
== News and Events ==
 
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/>
 
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/>
 
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/>
 
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/>
Line 50: Line 83:
 
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/>
 
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/>
 
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]
 
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]
[[Category:OWASP_Download]]<br><br>
 
== Resources ==
 
'''Project Pamphlets''': [http://www.owasp.org/images/e/e4/OWASP_Mantra-An_Introduction.pdf Project Pamphlet 1]
 
  
'''Project Presentations''': [http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] |
 
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation  2]
 
  
'''Tutorials'''
+
 
{|
+
==Classifications==
|''Text Tutorials''
+
 
|
+
  {| width="200" cellpadding="2"
|''Video Tutorials''
+
  |-
|-
+
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]
+
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
+
  |-
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/>
+
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/>
+
  |-
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]
+
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
|}</div><br><br>
+
  |-
== Project About ==
+
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
{{:Projects/OWASP Mantra - Security Framework | Project About}}
+
  |}
 +
 
 +
|}
 +
 
 +
=FAQs=
 +
 
 +
; Q1
 +
: A1
 +
 
 +
; Q2
 +
: A2
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:
 +
 
 +
* xxx
 +
* xxx
 +
 
 +
==Others==
 +
* xxx
 +
* xxx
 +
 
 +
= Road Map and Getting Involved =
 +
As of now, the priorities are:
 +
Create an ecosystem for hackers based on browser
 +
To bring the attention of security people to the potential of a browser based security platform
 +
Provide easy to use and portable platform for demonstrating common web based attacks( read training )
 +
To associate with other security tools/products to make a better environment. Eg:
 +
It can be a nice addition to OWASP Live CD
 +
It can be used to solve basic levels of CTF contests
 +
It can associate with projects like DVWA to showcase attacks
 +
It can bring functions like crawler, SQL injection scanner etc by installing extensions.
 +
 
 +
Involvement in the development and promotion of OWASP Mantra is actively encouraged!
 +
You do not have to be a security expert in order to contribute.
 +
Some of the ways you can help:
 +
* xxx
 +
* xxx
 +
 
 +
 
 +
 
 +
=Project About=
 +
{{:Projects/OWASP_Example_Project_About_Page}}
  
 
__NOTOC__ <headertabs />  
 
__NOTOC__ <headertabs />  
[[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]
+
 
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}}
+
[[Category:OWASP Project]]  [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]
 +
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]

Revision as of 06:31, 4 April 2014

[edit]

OWASP Project Header.jpg

OWASP Mantra - Security Framework

  • A web application security testing framework built on top of a browser.
  • Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
  • Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
  • Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
  • Comes installed with major security distributions including BackTrack and Matriux

Introduction

Free and Open Source Browser based Security Framework


Description

Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.


Licensing

OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is OWASP Mantra?

OWASP XXX provides:

  • A web application security testing framework built on top of a browser.
  • Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
  • Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
  • Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
  • Comes installed with major security distributions including BackTrack and Matriux


Presentation

Project Presentation 1 | Project Presentation 2


Project Leader

Abhi M BalaKrishnan Yashartha Chaturvedi


Related Projects


Quick Download

Email List

https://lists.owasp.org/mailman/listinfo/owasp-mantra

News and Events

Computer Weekly Article
OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release
Mantra at Ekoparty Security Conference
Mantra at OWASP LatamTour - Buenos Aires, Argentina
Getting secure with Mantra: An open source penetration testing kit - 1. Computer World 2. CIO 3. Tech World 4. CSO
Searchsecurity Screencast
Mantra in Matriux Security Distribution
Mantra in Backtrack 5 - Penetration Testing Distribution
Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag
ClubHACK 2010 Mantra release
OWASP Mantra page on Secpedia, the information security encyclopedia


Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg

Q1
A1
Q2
A2

Volunteers

XXX is developed by a worldwide team of volunteers. The primary contributors to date have been:

  • xxx
  • xxx

Others

  • xxx
  • xxx

As of now, the priorities are: Create an ecosystem for hackers based on browser To bring the attention of security people to the potential of a browser based security platform Provide easy to use and portable platform for demonstrating common web based attacks( read training ) To associate with other security tools/products to make a better environment. Eg: It can be a nice addition to OWASP Live CD It can be used to solve basic levels of CTF contests It can associate with projects like DVWA to showcase attacks It can bring functions like crawler, SQL injection scanner etc by installing extensions.

Involvement in the development and promotion of OWASP Mantra is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

  • xxx
  • xxx


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: Place your project name here.
Purpose: Project description goes here. Make sure to add a description that outlines how this project advances software security.
License: Place your license choice here: OWASP Recommended Licenses
who is working on this project?
Project Leader(s):
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: [This is the full link to the mailing list (e.g. https://lists.owasp.org/mailman/listinfo/owasp-example-project) Mailing List Archives]
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
Not Yet Published
last reviewed release
Not Yet Reviewed


other releases

This project is part of the OWASP Breakers community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.