Saturday, 11. February 2012
OWTF - Web Testing Framework - Linux
Features
--------
- OWASP Testing Guide-oriented: owtf will try to classify the findings as closely as possible to the OWASP Testing Guide
- Report updated on the fly: As soon as each plugin finishes or sometimes before (i.e. after each vulnerability scanner finishes)
- "Scumbag spidering": Instead of implementing yet another spider (a hard job), owtf will scrub the output of all tools/plugins run to gather as many URLs as possible. This is somewhat "cheating" but tremendously effective since it combines the results of different tools, including several tools that perform brute forcing of files and directories.
- Resilience: If one tool crashes owtf will move on to the next tool/test, saving the partial output of the tool until it crashed
- Easy to configure: config files are easy to read and modify
- Easy to run: No strange parameters, DB setup requirements, libraries, complex dependencies, etc
- Full control of what tests to run, interactivity and hopefully easy to follow examples and help :)
- Easy to review trasaction log and plain text files with URLs, simple for scripting
- Basic Google Hacking without (annoying) API Key requirements via "blanket searches", trying a bunch of operators at once, you can then narrow the search down if you find something interesting.
- Easy to extract data from the database to parse or pass to other tools: They are all text files

Download
https://github.com/7a/owtf/tree/master/releases

General configuration: Tool locations, Icons for review, Default settings, etc

owtf_dir/profiles/general/default.cfg

Defines how tools will be run + external links to useful resources and online tools

owtf_dir/profiles/resources/default.cfg

Defines the order in which web plugins will be run

owtf_dir/profiles/web_plugin_order/default.cfg

Internal framework configuration:

owtf_dir/framework/config/framework_config.cfg

Permalink