null july - owtf - bharadwaj machiraju

Report

Post on 08-May-2015

558 Views

Category:

Education

0 Downloads

Preview:

Click to see full reader

DESCRIPTION

OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.OWASP OWTF, the Offensive (Web) Testing Framework, is an OWASP+PTES-focused try to unite great tools and make pen testing more efficient.

TRANSCRIPT

OWASP OWTFBharadwaj ‘tunnelshade’ Machiraju

#whoami

Student (B.Tech)

Core developer of OWTF

OWASP GSoC Mentor

OWASP OWTFOffensive Web Testing Framework

Written in python by Abraham Aranguren (@7a_)

Runs a bunch of tools the way you want

Highly extensible, so easy to add own plugins

Web based UI

Currently under heavy development

Funded by

OWASP

Google

BruCon

ElearnSecurity

Present Features

Has approx 150 well categorised plugins

Botnet Mode - Allows usage of proxies and even tor network to avoid detection.

Plug-n-hack Phase-I support

Inbound proxy

and much more…..

DEMO TIME

Requirements

A linux distribution (Kali is highly recommended)

Internet connection

git, python2 & wget installed

A bit of patience

Installation

!

Clone from our github repo (https://github.com/owtf)

Development branch(lions_2014)

Run the install script (install/install.py)

Ready!!

https://github.com/owtf

Usage

Fire up owtf with a target (./owtf.py demo.testfire.net)

Visit the web interface (default at http://127.0.0.1:8009/ui/)

Open targets and click on your target

Run some plugins/browse using plug-n-hack

Check the report and logs

http://demo.testfire.net
http://127.0.0.1:8009/ui/

Plugins?Three main categories web, net & aux

Web

External - Help links to external resources

Passive - No traffic is sent to target

Semi passive - Non intrusive traffic is sent to target

grep - Passive analysis of transactions

active - Intrusive traffic is sent to target

Special Features (ongoing GSoC projects)

Plug-n-Hack Phase II - Cornel Punga

Sessions support - Viyat Bhalodia

Zest support - Deep Shah

Automated vulnerability rankings - Tao Sauvage

Online passive scanner (demo - lucif3rr.github.io) - Anirudh Anand

WAF Bypasser - Marios Kourtesis

How can you help?

Student? (GSoC, MWoS, Similar OWASP program)

Non-Student? You can get fame, goodies & chance to speak at conferences ;)

Lots of linksOWTF Presentations - http://www.slideshare.net/abrahamaranguren

OWASP Page - http://owtf.org

Twitter - @owtfp

Github Org - https://github.com/owtf

Wiki - https://github.com/owtf/owtf/wiki

Freenode IRC Channel - #owtf

*I am providing a sneak peek into the future owtf release ;)

http://www.slideshare.net/abrahamaranguren
http://owtf.org
https://github.com/owtf
https://github.com/owtf/owtf/wiki

You can Contact Me!

bharadwaj.machiraju@gmail.com

aka tunnelshade

http://blog.tunnelshade.in

@tunnelshade_

mailto:bharadwaj.machiraju@gmail.com
http://blog.tunnelshade.in

top related

bharadwaj bday ppt
Documents
autonomic nervous system anhb 2217 – 2006 avinash...
Documents
gpus and gpu programming bharadwaj subramanian, apollo...
Documents
legal and efficient web app testing without permission ·...
Documents
owasp bangalore : owtf demo : 13 dec 2014
Technology
eor detection strategies somnath bharadwaj iit kharagpur
Documents
shravan bharadwaj and marcelo j. dapino* · biographical...
Documents
status of existing positron...
Documents
owasp appsec research 2013, 20.-23.08.2012, hamburg ... ·...
Documents
somatosensory system 2217 – 2006 week 7 dr avinash...
Documents
narasimha bharadwaj
Documents
karthik bharadwaj horoscope
Documents
ramdev bharadwaj - china liberalization and development
Documents
nadu bharadwaj principal product manager - nyoug€¦ ·...
Documents
the following documentation is an electronicallycandidate...
Documents
torsten möller, raghu machiraju ray intersection...
Documents
© machiraju/möller signals and sampling cis 782 advanced...
Documents
audio spotlighting by bharadwaj
Documents
geophysical journal international - pawan bharadwaj ·...
Documents
prachurya bharadwaj
Documents