part of pentests like trying to remember how to launch tool ‘X’ or how to parse and feed the output of tool ‘X’ to tool ‘Y’. Organize the findings according to a testing guide like OWASP, NIST etc.. so as to use them as a checklist. Classify tests based on aggression levels to prepare ahead of time. Provide the ability to rank the findings to enable targeted fuzzing on seemingly risky areas. Analyse each and every HTTP transaction and make them searchable. Spider the site effectively to not miss anything. Act as a storage consisting of all useful online tools, dorks, POCs & resources. Free & Open Source (Indians love free stuff) Allow us to think and not get in our way <— XD
Started by Abraham Aranguren First demonstrated at BerlinSides 2011 Formally, a framework which presents all the information from different tools and custom tests, in an organised and categorised way to help user concentrate on the analysis part
w3af etc.. Run Tests directly • Crafted requests • Header searches • html body searches etc.. Knowledge Repo • POC Links • Resource Links • Test guide mappings Help User Analysis • Automated ranking • User notes • User rankings
for better test classification WEB - (Web related stuff) Active - Active vulnerability probing Semi Passive - Normal traffic to target Passive - No traffic to target Grep - Searches on transaction database External - Other tool inputs, POCs, resource links etc.. NET - (Somewhat like mmap scripts) AUX - (Somewhat like msfcli in metasploit)
in the last year as fastest MiTM python proxy. This proxy enables user to use it in a browser or with any other tool. Most of the tools launched by OWTF are proxified (eg. Arachni, w3af, custom requests etc..). So all the transactions made by the scanners are logged and analysed
to gather as many URLs as possible. This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
write down some notes and add your own analysis ranking to it. Some tool outputs are automatically ranked using an automated ranking library PTP developed for OWTF during GSoC 2014. This helps you find risky areas quickly.
a different proxy. Proxies are fetched automatically by a feature called ProxyMiner. TOR-Mode Each HTTP request will pass through tor network. After a user defined time interval, the IP address will get renewed.
OWTF as a module. Analyses & tests the quality of web application firewalls. Can potentially detect WAFs security holes. During the development, a zero day was found to OWASP-CRS for Apache ModSecurity WAF module
are great, but maintainability is important. We all want our tools to be used and maintained, but will you assume the cost? Sometimes it is necessary to stop and think… Can I improve my code?