OWTF or Offensive Web Testing Framework, is a framework which tries to unite great tools and make pen testing more efficient. OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to
The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.
Note: This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.
Also Read EvilOSX – An Evil Remote Administration Tool For MacOS / OS X
Recommended: Using a virtualenv is highly recommended!
pip install git+https://github.com/owtf/owtf#egg=owtf
or clone the repo and python setup.py install
.
If you want to change the database password in the Docker Compose setup, edit the environment variables in the docker-compose.yml
file. If you prefer to override the environment variables in a .env
file, use the file name owtf.env
so that Docker Compose knows to include it.
To run OWTF on Windows or MacOS, OWTF uses Docker Compose. You need to have Docker Compose installed (check by docker-compose -v
). After installing Docker Compose, simply run docker-compose up
and open localhost:8009
for the OWTF web interface.
Dependencies: Install Homebrew and follow the steps given below:
$ virtualenv <venv name>
$ source <venv name>/bin/activate
$ brew install coreutils gnu-sed openssl
# We need to install 'cryptography' first to avoid issues
$ pip install cryptography --global-option=build_ext --global-option="-L/usr/local/opt/openssl/lib" --global-option="-I/usr/local/opt/openssl/include"
$ git clone <this repo>
$ cd owtf
$ python setup.py install
# Run OWTF!
$ owtf
Burrow is an open source tool for burrowing through firewalls, built by teenagers at Hack Club.…
Simple golang webserver that listens for basic auth or post requests and sends a notification…
Nutek Security Platform for macOS and Linux operating systems. Tools for hackers, bug hunters and…
Welcome to SecureSphere Labs, your go-to destination for a curated collection of powerful hacking tools…
All in one Docker-based workstation with hacking tools for Pentesting and offsec Labs by maintained…
Got it! Below is the updated README.md file with instructions for downloading the project on…