Difference between revisions of "OWASP OWTF"

From OWASP
Jump to: navigation, search
m (The latest version of OWASP OWTF is OWTF 2.1a "Chicken Korma".)
 
(80 intermediate revisions by 5 users not shown)
Line 1: Line 1:
 +
=Main=
 +
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: flagship_big.jpg|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]</div>
 +
{| class="wikitable sortable" style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |
 +
 +
==OWASP OWTF==
 +
[[Image:OWTFLogo.png|right]]
 +
 +
OWTF aims to make pen testing:
 +
 +
* Aligned with OWASP Testing Guide + PTES + NIST
 +
* More efficient
 +
* More comprehensive
 +
* More creative and fun (minimise un-creative work)
 +
 +
so that pentesters will have more time to
 +
 +
* See the big picture and think out of the box
 +
* More efficiently find, verify and combine vulnerabilities
 +
* Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
 +
* Perform more tactical/targeted fuzzing on seemingly risky areas
 +
* Demonstrate true impact despite the short timeframes we are typically given to test.
 +
 +
=== '''The latest version of OWASP OWTF is [https://github.com/owtf/owtf/releases/tag/v2.1a OWTF 2.1a "Chicken Korma"].''' ===
 +
 +
Project Leaders
 +
* [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren]
 +
* [mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju]
 +
* [mailto:viyat.bhalodia@owasp.org Viyat Bhalodia]
 +
 +
== Links ==
 +
* [https://owtf.github.io#download OWASP OWTF Installation]
 +
* [https://github.com/owtf/owtf/releases OWASP OWTF Releases]
 +
* [http://docs.owtf.org OWASP OWTF Documentation]
 +
* [https://owtf.github.io/online-passive-scanner/ Try some of the OWTF features from your browser!]
 +
* [http://blog.7-a.org/search/label/OWTF%20Release OWASP OWTF Release blog posts]
 +
* [http://blog.7-a.org/search/label/OWTF%20Talks OWASP OWTF Talk blog posts]
 +
* [https://lists.owasp.org/mailman/listinfo/owasp_owtf OWASP OWTF Mailing List]
 +
* [http://webchat.freenode.net/?channels=owtf OWASP OWTF IRC Channel: #owtf on Freenode]
 +
* [https://gitter.im/owtf/owtf OWASP OWTF Gitter Channel]
 
{{Social Media Links}}
 
{{Social Media Links}}
= Main =
+
 
[[Image:OWTFLogoSmall.png|right]]
+
====OWTF is taking part in the OWASP Summer Code Sprint 2017! If you'd like to participate then see the [https://www.owasp.org/index.php/GSOC_2017_for_Students Summer Code Sprint 2017 wiki page]!====
<div style="font-size:142%;border:none;margin: 0;color:#000">
+
 
OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.
+
ToolsWatch Annual Best Free/Open Source Security Tool Survey:
 +
* 2015 [http://www.toolswatch.org/2016/02/2015-top-security-tools-as-voted-by-toolswatch-org-readers/ 10th]
 +
* 2014 [http://www.toolswatch.org/2015/01/2014-top-security-tools-as-voted-by-toolswatch-org-readers/ 7th]
 +
 
 +
==Presentation and talks==
 +
 
 +
The following links provide access to materials for OWTF talks (video, slides, etc.):
 +
 
 +
[http://blog.7-a.org/search/label/OWTF%20Talks OWTF Talks at 7-a.org]
  
 
You can see what OWASP OWTF is all about in the following video:{{#ev:youtube|H6Ut8U9a5KE}}
 
You can see what OWASP OWTF is all about in the following video:{{#ev:youtube|H6Ut8U9a5KE}}
  
For more videos please see the [http://www.youtube.com/user/owtfproject YouTube channel].
+
OWASP OWTF 1.0 "Lionheart" - Brucon 2014 5x5: {{#ev:youtube|j2UoAsOLMB4}}
 +
 
 +
OWASP AppSec EU 2013: Introducing OWASP OWTF 5x5: {{#ev:youtube|Vpca4-OlZqs}}
 +
 
 +
For more videos please see the [http://www.youtube.com/user/owtfproject YouTube channel]
 +
 
 +
==Licensing==
 +
 
 +
[https://github.com/owtf/owtf/blob/develop/LICENSE.md LICENSE]
 +
 
 +
== Openhub ==
 +
https://www.openhub.net/p/owasp-owtf
 +
 
 +
==Classifications==
 +
{| width="200" cellpadding="2"
 +
|-
 +
| rowspan="2" align="center" valign="top" width="50%" |[[File:Flagship projects.jpg|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Flagship_Projects]]
 +
| align="center" valign="top" width="50%" |
 +
|-
 +
| align="center" valign="top" width="50%" |
 +
|-
 +
| colspan="2" align="center" |[[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
|-
 +
| colspan="2" align="center" |
 +
|}
 +
 
 +
| valign="top" style="padding-left:25px;width:200px;" |
 +
 
 +
== Quick Download ==
 +
 
 +
* [https://owtf.github.io/#download Download now]
 +
 
 +
== Email List ==
 +
 
 +
[https://lists.owasp.org/mailman/listinfo/owasp_owtf Sign Up]
 +
 
 +
== News and Events ==
 +
* April 6th, 2017 - [https://github.com/owtf/owtf/releases/tag/v2.1a OWTF 2.1a "Chicken Korma"] is here!
 +
* May 7th, 2016 - [http://blog.7-a.org/2016/05/owtf-20a-tikka-masala-released-plz-rt.html OWTF 2.0a "Tikka Masala" is here!]
 +
 
 +
* February 29th, 2016 - [https://summerofcode.withgoogle.com/organizations/ OWASP is selected for GSoC 2016 - OWTF is participating!]
 +
 
 +
* July 10th, 2015 - [https://www.owasp.org/index.php/Summer_Code_Sprint2015_Progress_Reports#tab=Main OWTF got 3 slots in the OWASP Summer Code Sprint 2015!]
 +
 
 +
* June 19th, 2015 - [https://www.owasp.org/index.php/Summer_Code_Sprint2015 OWTF is taking part in the OWASP Summer Code Sprint 2015]
 +
 
 +
* October 15, 2014 - [http://blog.7-a.org/search?updated-max=2014-10-10T11:30:00%2B01:00&max-results=8 OWTF is taking part in the OWASP Winter Code Sprint!]
 +
 
 +
* October 15, 2014 - [https://github.com/owtf/owtf/releases/tag/v1.0.1 OWTF 1.0.1 "Lionheart" released! - Fixed a major installation bug caused due to wrong handling of requirements by pip]
 +
 
 +
* October 5th 2014 - [http://blog.7-a.org/2014/10/owtf-10-lionheart-released.html OWTF 1.0 "Lionheart" released!]
 +
 
 +
* September 26th 2014 - [http://blog.7-a.org/2014/09/owtf-10-lionheart-to-be-presented-brucon.html OWTF 1.0 "Lionheart" presented at Brucon!]
 +
 
 +
* September 4th 2014 - [http://blog.7-a.org/2014/09/get-credits-help-owasp-meet-owasp.html - OWTF participating in OWASP Winter Code Sprint]
  
[https://github.com/7a/owtf/tree/master/releases Download OWASP OWTF]
+
* January 13th 2014 - [http://blog.7-a.org/2014/01/owtf-0450-winter-blizzard-released-plz.html OWTF 0.45.0 "Winter Blizzard" released!]
  
The current version of OWASP OWTF is [https://github.com/7a/owtf/blob/master/releases/OWTF_0.15_BruCon.tar.gz 0.15 BruCon].
+
*December 11th 2013 - [http://blog.7-a.org/2013/12/owasp-owtf-cfp-funds-contest-winners.html OWASP OWTF CFP funds contest WINNERS announced]
  
[https://github.com/7a/owtf/wiki OWASP OWTF Documentation]
+
*September 8th 2013 - [http://blog.7-a.org/2013/09/owasp-owtf-cfp-funds-contest.html OWASP OWTF CFP funds contest open!]
  
[https://github.com/7a/owtf/tree/master/demos Download OWASP OWTF DEMOs (only Firefox >= 8 required)]
+
*August 22nd-23rd 2013 - [https://appsec.eu/program/talk-teaser/ Introducing OWASP OWTF 5x5 @ OWASP AppSec EU]
  
[http://blog.7-a.org/search/label/OWTF%20Release OWASP OWTF Release blog posts]
+
*August 9th 2013 - [http://blog.7-a.org/2013/08/owtf-030-summer-storm-ii-released-plz-rt.html OWTF 0.30 "Summer Storm II" released!]
  
[http://blog.7-a.org/search/label/OWTF%20Talks OWASP OWTF Talk blog posts]
+
*July 1st 2013 - [http://blog.7-a.org/2013/07/owtf-020-summer-storm-i-released-plz-rt.html OWTF 0.20 "Summer Storm I" released!]
  
<paypal>OWASP OWTF</paypal>
+
*June 12th 2013 - [http://blog.7-a.org/2013/06/owasp-owtf-gsoc-selection-stats-and-poll.html OWASP OWTF GSoC Selection, Stats and Poll]
</div>
 
= Screenshots =
 
[[Image:OWTFLogoSmall.png|right]]
 
WIP
 
  
= News =
+
*May 24th 2013 - [http://blog.7-a.org/2013/05/owasp-owtf-016-shady-citizen-released.html OWASP OWTF 0.16 "shady citizen" released, now working smoothly in Kali!]
[[Image:OWTFLogoSmall.png|right]]
 
September 26th 2012 - [http://2012.brucon.org/index.php/Schedule OWASP OWTF Workshop at Brucon]
 
  
September 24th 2012 - [http://blog.7-a.org/2012/09/owasp-owtf-015-brucon-released.html OWASP OWTF 0.15 BruCon released!]
+
*April 22nd - May 3rd 2013 - [https://www.owasp.org/index.php/GSoC2013_Ideas Call for Student Proposals: OWASP OWTF will be part of the Google Summer of Code 2013]
  
 +
*April 24th 2013 - [http://www.securitybsides.org.uk/track_one.html Pentesting like a Grandmaster with OWASP OWTF to be presented at BSides London 2013]
  
= Project About =
+
*February 26th 2013 - [http://blog.brucon.org/2013/02/the-5by5-race-is-on.html OWASP OWTF selected to be supported by Brucon 5x5]
[[Image:OWTFLogoSmall.png|right]]
+
 
 +
*September 26th 2012 - [http://2012.brucon.org/index.php/Schedule OWASP OWTF Workshop at Brucon]
 +
 
 +
*September 24th 2012 - [http://blog.7-a.org/2012/09/owasp-owtf-015-brucon-released.html OWASP OWTF 0.15 BruCon released!]
 +
 
 +
== In Print ==
 +
 
 +
|}
 +
 
 +
=FAQs=
 +
 
 +
OWTF documentation is hosted in the following resources:
 +
* [https://owtf.github.io/ Getting started]
 +
* [https://owtf.github.io/#download Downloading & Installation]
 +
* [http://docs.owtf.org OWASP OWTF Documentation]
 +
* [https://www.youtube.com/user/owtfproject/playlists OWTF Playlists with Demos/Talks on Youtube]
 +
* [http://webchat.freenode.net/?randomnick=1&channels=%23owtf&prompt=1&uio=MTE9MjM20f Join us on IRC (#owtf on Freenode)]
 +
* [http://www.slideshare.net/abrahamaranguren/presentations Some OWTF presentation slides]
 +
* [http://blog.7-a.org/search/label/OWTF%20Talks More OWTF Talk links]
 +
 
 +
= Acknowledgements =
 +
==Volunteers==
 +
OWTF is developed by a worldwide [https://github.com/7a/owtf/blob/master/AUTHORS team] of volunteers.
 +
 
 +
But we have also been helped by many organizations, either financially or through other means:
 +
 
 +
* [http://www.owasp.org OWASP]
 +
* [http://www.elearnsecurity.com/ eLearnSecurity]
 +
* [http://www.google-melange.com/ Google]
 +
* [http://brucon.org BruCon]
 +
* [http://browserstack.com Browserstack] for providing a platform to test OWTF on multiple devices!
 +
 
 +
= Road Map and Getting Involved =
 +
OWTF attempts to solve the "penetration testers are never given enough time to test properly" problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are:
 +
* To improve security testing efficiency (i.e. test more in less time)
 +
* To improve security testing coverage (i.e. test more)
 +
* Gradually integrate the best tools
 +
* Unite the best tools and make them work together with the security tester
 +
* Remove or Reduce the need to babysit security tools during security assessments
 +
* Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses.
 +
* Help penetration testers save time on report writing
 +
 
 +
Involvement in the development and promotion of OWTF is actively encouraged!
 +
You do not have to be a security expert in order to contribute.
 +
Some of the ways you can help:
 +
* [https://github.com/owtf/owtf/pulls Send us a pull request]
 +
* [https://github.com/owtf/owtf/issues Give us feedback / suggestions / report bugs]
 +
* [http://webchat.freenode.net/?randomnick=1&channels=%23owtf&prompt=1&uio=MTE9MjM20f Talk to us on IRC (#owtf on Freenode)]
 +
* [https://lists.owasp.org/mailman/listinfo/owasp_owtf_developers Join our OWTF developers mailing list]
 +
* [https://lists.owasp.org/mailman/listinfo/owasp_owtf Join the general OWTF mailing list]
 +
 
 +
=Project About=
 
{{:Projects/OWASP_OWTF}}  
 
{{:Projects/OWASP_OWTF}}  
{{:Projects/OWASP OWTF Project | Project About}}
 
  
__NOTOC__ <headertabs />
+
__NOTOC__ <headertabs></headertabs>  
[[Category:OWASP_Project|OWASP OWTF Project]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]]
+
 
 +
[[Category:OWASP Project]]
 +
[[Category:OWASP_Builders]]  
 +
[[Category:OWASP_Defenders]] 
 +
[[Category:OWASP_Document]]

Latest revision as of 12:54, 8 April 2017

Flagship big.jpg

OWASP OWTF

OWTFLogo.png

OWTF aims to make pen testing:

  • Aligned with OWASP Testing Guide + PTES + NIST
  • More efficient
  • More comprehensive
  • More creative and fun (minimise un-creative work)

so that pentesters will have more time to

  • See the big picture and think out of the box
  • More efficiently find, verify and combine vulnerabilities
  • Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
  • Perform more tactical/targeted fuzzing on seemingly risky areas
  • Demonstrate true impact despite the short timeframes we are typically given to test.

The latest version of OWASP OWTF is OWTF 2.1a "Chicken Korma".

Project Leaders

Links


OWTF is taking part in the OWASP Summer Code Sprint 2017! If you'd like to participate then see the Summer Code Sprint 2017 wiki page!

ToolsWatch Annual Best Free/Open Source Security Tool Survey:

Presentation and talks

The following links provide access to materials for OWTF talks (video, slides, etc.):

OWTF Talks at 7-a.org

You can see what OWASP OWTF is all about in the following video:
OWASP OWTF 1.0 "Lionheart" - Brucon 2014 5x5:
OWASP AppSec EU 2013: Introducing OWASP OWTF 5x5:

For more videos please see the YouTube channel

Licensing

LICENSE

Openhub

https://www.openhub.net/p/owasp-owtf

Classifications

Flagship projects.jpg
Cc-button-y-sa-small.png

Quick Download

Email List

Sign Up

News and Events

In Print

Volunteers

OWTF is developed by a worldwide team of volunteers.

But we have also been helped by many organizations, either financially or through other means:

OWTF attempts to solve the "penetration testers are never given enough time to test properly" problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are:

  • To improve security testing efficiency (i.e. test more in less time)
  • To improve security testing coverage (i.e. test more)
  • Gradually integrate the best tools
  • Unite the best tools and make them work together with the security tester
  • Remove or Reduce the need to babysit security tools during security assessments
  • Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses.
  • Help penetration testers save time on report writing

Involvement in the development and promotion of OWTF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP OWTF (home page)
Purpose: The Offensive (Web) Testing Framework is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.

Please see: http://owtf.org http://blog.7-a.org/search/label/OWTF%20Talks http://www.slideshare.net/abrahamaranguren

License: BSD License
who is working on this project?
Project Leader(s):
  • Abraham Aranguren @
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: Mailing List Archives
Project Roadmap: View
Key Contacts
  • Contact Abraham Aranguren @ to contribute to this project
  • Contact Abraham Aranguren @ to review or sponsor this project
  • Contact the GPC to report a problem or concern about this project or to update information.
current release
https://github.com/owtf/owtf/releases
last reviewed release
Not Yet Reviewed


other releases