OWASP OWTF – Offensive Web Testing Framework


OWASP Offensive Web Testing Framework is a project focused on penetration testing efficiency and alignment of security tests to security standards like: The OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST.

OWASP OWTF - Offensive Web Testing Framework

The purpose of this tool is to automate the manual and uncreative parts of pen testing. For example, Figuring out how to call “tool X” then parsing results of “tool X” manually to feed “tool Y” and so on is time consuming.

By reducing this burden we hope pen testers will have more time to:

  • See the big picture and think out of the box,
  • Find, verify and combine vulnerabilities efficiently,
  • Have time to Investigate complex vulnerabilities like business logic, architectural flaws, virtual hosting sessions, etc.
  • Perform more tactical/targeted fuzzing on seemingly risky areas
  • Demonstrate true impact despite the short time-frames we are typically given to test.

This tool is however not a silver bullet and will only be as good as the person using it. Understanding and experience will be required to correctly interpret the tool output and decide what to investigate further in order to demonstrate the impact.

Features

  • Web UI. Now configure and monitor OWTF via a responsive and powerful interface accessible via your browser.
  • Exposes RESTful APIs to all core OWTF capabilties.
  • Instead of implementing yet another spider (a hard job), OWTF will scrub the output of all tools/plugins run to gather as many URLs as possible.
  • Scan by various aggression levels: OWTF supports scans which are based on the aggressiveness of the plugins/tools invoked.
  • Extensible OWTF manages tools through ‘plugins’ making it trivial to add new tools.
  • OWTF has been developed keeping Kali Linux in mind, but it also supports other pentesting distros such as Samurai-WTF, etc.
  • Tool paths and configuration can be easily modified in the web interface.
  • Fastest Python MiTM proxy yet!
  • Crash reporting directly to Github issue tracker
  • Comprehensive interactive report at end of each scan
  • Easy plugin-based system; currently 100+ plugins!
  • CLI and web interface

You can download OWASP OWTF here:

Or read more here.

Posted in: Hacking Tools, Web Hacking

, ,


Latest Posts:


Socialscan - Command-Line Tool To Check For Email And Social Media Username Usage Socialscan – Command-Line Tool To Check For Email And Social Media Username Usage
socialscan is an accurate command-line tool to check For email and social media username usage on online platforms, given an email address or username,
CFRipper - CloudFormation Security Scanning & Audit Tool CFRipper – CloudFormation Security Scanning & Audit Tool
CFRipper is a Python-based Library and CLI security analyzer that functions as an AWS CloudFormation security scanning and audit tool
CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.


Comments are closed.