SlideShare a Scribd company logo

Null July - OWTF - Bharadwaj Machiraju

R
Raghunath G

OWTF is an offensive web testing framework developed in Python, featuring around 150 categorized plugins and a web-based UI. It supports various modes, such as botnet mode for using proxies and offers installation instructions via GitHub. The project is open for contributions, with ongoing Google Summer of Code projects and opportunities for students and non-students alike.

Education
1 of 14
Downloaded 19 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
OWASP OWTF Bharadwaj ‘tunnelshade’ Machiraju
#whoami Student (B.Tech) Core developer of OWTF OWASP GSoC Mentor
OWASP OWTF Offensive Web Testing Framework Written in python by Abraham Aranguren (@7a_) Runs a bunch of tools the way you want Highly extensible, so easy to add own plugins Web based UI Currently under heavy development
Funded by OWASP Google BruCon ElearnSecurity
Present Features Has approx 150 well categorised plugins Botnet Mode - Allows usage of proxies and even tor network to avoid detection. Plug-n-hack Phase-I support Inbound proxy and much more…..
DEMO TIME
Requirements A linux distribution (Kali is highly recommended) Internet connection git, python2 & wget installed A bit of patience
Installation ! Clone from our github repo (https://github.com/owtf) Development branch(lions_2014) Run the install script (install/install.py) Ready!!
Usage Fire up owtf with a target (./owtf.py demo.testfire.net) Visit the web interface (default at http://127.0.0.1:8009/ui/) Open targets and click on your target Run some plugins/browse using plug-n-hack Check the report and logs
Plugins? Three main categories web, net & aux Web External - Help links to external resources Passive - No traffic is sent to target Semi passive - Non intrusive traffic is sent to target grep - Passive analysis of transactions active - Intrusive traffic is sent to target
Special Features (ongoing GSoC projects) Plug-n-Hack Phase II - Cornel Punga Sessions support - Viyat Bhalodia Zest support - Deep Shah Automated vulnerability rankings - Tao Sauvage Online passive scanner (demo - lucif3rr.github.io) - Anirudh Anand WAF Bypasser - Marios Kourtesis
How can you help? Student? (GSoC, MWoS, Similar OWASP program) Non-Student? You can get fame, goodies & chance to speak at conferences ;)
Lots of links OWTF Presentations - http://www.slideshare.net/abrahamaranguren OWASP Page - http://owtf.org Twitter - @owtfp Github Org - https://github.com/owtf Wiki - https://github.com/owtf/owtf/wiki Freenode IRC Channel - #owtf *I am providing a sneak peek into the future owtf release ;)
You can Contact Me! bharadwaj.machiraju@gmail.com aka tunnelshade http://blog.tunnelshade.in @tunnelshade_

More Related Content

PPT
Robotframework Presentation - Pinoy Python Meetup 2011January12
Franz Allan See
 
PDF
Panther loves Symfony apps
Simone D'Amico
 
PDF
Generamba
Nicolae Ghimbovschi
 
PDF
Appium & Robot Framework
Furkan Ertürk
 
PDF
Jenv: Java Environment Manager
Jacky Chan
 
PDF
Owasp AppSecEU 2015 - BeEF Session
Bart Leppens
 
PDF
How to Setup A Pen test Lab and How to Play CTF
n|u - The Open Security Community
 
PPTX
Robot framework
Rochak Bhalla
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Franz Allan See
 
Panther loves Symfony apps
Simone D'Amico
 
Generamba
Nicolae Ghimbovschi
 
Appium & Robot Framework
Furkan Ertürk
 
Jenv: Java Environment Manager
Jacky Chan
 
Owasp AppSecEU 2015 - BeEF Session
Bart Leppens
 
How to Setup A Pen test Lab and How to Play CTF
n|u - The Open Security Community
 
Robot framework
Rochak Bhalla
 

What's hot (20)

PDF
Vagrant for local and team WordPress Development
Anthony Alvarez
 
PDF
Understanding Burp Replicator
Neelu Tripathy
 
PDF
Hands on iOS developments with jenkins
Arnaud Héritier
 
PPTX
PhoneGap day 2016 EU: Simulating Cordova Plugins in the Browser
Ryan J. Salva
 
PDF
Docker
The Software House
 
ODP
It Works On My Machine: Vagrant for Software Development
Carlos Perez
 
PPTX
TYPO3 CMS deployment with Jenkins CI
derdanne
 
PDF
Automate Yo' Self
John Anderson
 
PDF
Gr8conf - The Groovy Ecosystem Revisited
Andres Almiray
 
PDF
GlassFish Embedded API
Eduardo Pelegri-Llopart
 
PDF
DevOps Camp 2017 NYC Local Development using Vagrant by Anthony Alvarez
Anthony Alvarez
 
ODP
DIY Java & Kubernetes
Pance Cavkovski
 
PPT
Django Deployment
Tareque Hossain
 
PDF
Vagrant for Development
Jacky Chan
 
PPTX
Bsides tampa
Octavio Paguaga
 
PDF
Acceptance testing plone sites and add ons with robot framework and selenium
Asko Soukka
 
ODP
Browser Exploitation Framework Tutorial
imlaurel2
 
PPTX
Development with Vagrant
John Coggeshall
 
PDF
AppSec & OWASP Top 10 Primer
ThreatReel Podcast
 
PPTX
Web browsers
torosalgado
 
Vagrant for local and team WordPress Development
Anthony Alvarez
 
Understanding Burp Replicator
Neelu Tripathy
 
Hands on iOS developments with jenkins
Arnaud Héritier
 
PhoneGap day 2016 EU: Simulating Cordova Plugins in the Browser
Ryan J. Salva
 
Docker
The Software House
 
It Works On My Machine: Vagrant for Software Development
Carlos Perez
 
TYPO3 CMS deployment with Jenkins CI
derdanne
 
Automate Yo' Self
John Anderson
 
Gr8conf - The Groovy Ecosystem Revisited
Andres Almiray
 
GlassFish Embedded API
Eduardo Pelegri-Llopart
 
DevOps Camp 2017 NYC Local Development using Vagrant by Anthony Alvarez
Anthony Alvarez
 
DIY Java & Kubernetes
Pance Cavkovski
 
Django Deployment
Tareque Hossain
 
Vagrant for Development
Jacky Chan
 
Bsides tampa
Octavio Paguaga
 
Acceptance testing plone sites and add ons with robot framework and selenium
Asko Soukka
 
Browser Exploitation Framework Tutorial
imlaurel2
 
Development with Vagrant
John Coggeshall
 
AppSec & OWASP Top 10 Primer
ThreatReel Podcast
 
Web browsers
torosalgado
 
Ad

Viewers also liked (20)

PPTX
Baseball stats
Rachel Monaco
 
PDF
Social engineering by-rakesh-nagekar
Raghunath G
 
DOC
So you want to retire in florida 1997 far
James Lavigne
 
PPTX
Security News Bytes
Raghunath G
 
PDF
Investor alert—investment scams exploit immigrant investor program
James Lavigne
 
PPTX
Internet safety presentation
mkajiwara1
 
PDF
Nomadic Display Set Up HangTen
Nomadic Display
 
PDF
Nomadic Display Setup Fabri Mural
Nomadic Display
 
PPTX
UGA Guest Lecture: Social Media 101
steffan
 
DOC
Buying a business in florida
James Lavigne
 
PPTX
Example problems Binomials
Rachel Monaco
 
PPTX
Example problems Binomial Multiplication
Rachel Monaco
 
DOC
SAmador CV
Susan Amador
 
PDF
Oig 14 19-dec13 report on eb5 program
James Lavigne
 
PPTX
Lockout
Aileen Mc Auliffe
 
PDF
Heartbleed by-danish amber
Raghunath G
 
PPTX
Mobile application security 101
Raghunath G
 
PPTX
Example problems
Rachel Monaco
 
PPTX
Newsbytes_NULLHYD_Dec
Raghunath G
 
DOC
Buying a business in florida
James Lavigne
 
Baseball stats
Rachel Monaco
 
Social engineering by-rakesh-nagekar
Raghunath G
 
So you want to retire in florida 1997 far
James Lavigne
 
Security News Bytes
Raghunath G
 
Investor alert—investment scams exploit immigrant investor program
James Lavigne
 
Internet safety presentation
mkajiwara1
 
Nomadic Display Set Up HangTen
Nomadic Display
 
Nomadic Display Setup Fabri Mural
Nomadic Display
 
UGA Guest Lecture: Social Media 101
steffan
 
Buying a business in florida
James Lavigne
 
Example problems Binomials
Rachel Monaco
 
Example problems Binomial Multiplication
Rachel Monaco
 
SAmador CV
Susan Amador
 
Oig 14 19-dec13 report on eb5 program
James Lavigne
 
Lockout
Aileen Mc Auliffe
 
Heartbleed by-danish amber
Raghunath G
 
Mobile application security 101
Raghunath G
 
Example problems
Rachel Monaco
 
Newsbytes_NULLHYD_Dec
Raghunath G
 
Buying a business in florida
James Lavigne
 
Ad

Similar to Null July - OWTF - Bharadwaj Machiraju (20)

PDF
OWASP Bangalore : OWTF demo : 13 Dec 2014
Anant Shrivastava
 
DOCX
Spring competitive tests
SkillPracticalEdTech
 
PPTX
Advance java prasentation
dhananajay95
 
ODP
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
Mauro Risonho de Paula Assumpcao
 
PDF
Play Framework Introduction
m-kurz
 
PPTX
OWASP Zed Attack Proxy
Fadi Abdulwahab
 
ODP
See Hudson Run, Run Hudson, Run [SELF 2010]
Vincent Batts
 
PDF
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Matt Raible
 
PDF
JVM Web Frameworks Exploration
Kevin H.A. Tan
 
ODP
eXo Platform SEA - Play Framework Introduction
vstorm83
 
PPT
Django, What is it, Why is it cool?
Tom Brander
 
PDF
Java REST API Framework Comparison - PWX 2021
Matt Raible
 
PDF
Automating Security Testing with the OWTF
Jerod Brennen
 
ODP
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
Mauro Risonho de Paula Assumpcao
 
PDF
Java REST API Framework Comparison - UberConf 2021
Matt Raible
 
ODP
Aug penguin16
alhino
 
PPTX
SWOFT a PHP Microservice Framework - 2020
Vanessa V.Chellen
 
PDF
Continuous Delivery - Voxxed Days Cluj-Napoca 2017
Rafał Leszko
 
PPTX
WebdriverIO: the Swiss Army Knife of testing
Daniel Chivescu
 
PPT
Hands on web development with play 2.0
Abbas Raza
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
Anant Shrivastava
 
Spring competitive tests
SkillPracticalEdTech
 
Advance java prasentation
dhananajay95
 
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
Mauro Risonho de Paula Assumpcao
 
Play Framework Introduction
m-kurz
 
OWASP Zed Attack Proxy
Fadi Abdulwahab
 
See Hudson Run, Run Hudson, Run [SELF 2010]
Vincent Batts
 
Java REST API Comparison: Micronaut, Quarkus, and Spring Boot - jconf.dev 2020
Matt Raible
 
JVM Web Frameworks Exploration
Kevin H.A. Tan
 
eXo Platform SEA - Play Framework Introduction
vstorm83
 
Django, What is it, Why is it cool?
Tom Brander
 
Java REST API Framework Comparison - PWX 2021
Matt Raible
 
Automating Security Testing with the OWTF
Jerod Brennen
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
Mauro Risonho de Paula Assumpcao
 
Java REST API Framework Comparison - UberConf 2021
Matt Raible
 
Aug penguin16
alhino
 
SWOFT a PHP Microservice Framework - 2020
Vanessa V.Chellen
 
Continuous Delivery - Voxxed Days Cluj-Napoca 2017
Rafał Leszko
 
WebdriverIO: the Swiss Army Knife of testing
Daniel Chivescu
 
Hands on web development with play 2.0
Abbas Raza
 

More from Raghunath G (17)

PPSX
Securitynewsbytes
Raghunath G
 
PPT
Whats app forensic
Raghunath G
 
PPTX
Seh based exploitation
Raghunath G
 
PPSX
Securitynewsbytes april2015-150418153901-conversion-gate01
Raghunath G
 
PDF
Raspberry pi 2
Raghunath G
 
PPTX
Analysis of malicious pdf
Raghunath G
 
PPTX
Is iso 27001, an answer to security
Raghunath G
 
PDF
Null HYD Playing with shodan null
Raghunath G
 
PDF
Null HYD VRTDOS
Raghunath G
 
PPTX
Metasploit
Raghunath G
 
PPT
Null dec 2014
Raghunath G
 
PDF
Security News Bytes
Raghunath G
 
PPTX
Decoy documents
Raghunath G
 
PDF
Spear phishing attacks-by-hari_krishna
Raghunath G
 
PDF
Netcat 101 by-mahesh-beema
Raghunath G
 
PDF
Xss 101 by-sai-shanthan
Raghunath G
 
PDF
The art of_firewalking-by-sujay
Raghunath G
 
Securitynewsbytes
Raghunath G
 
Whats app forensic
Raghunath G
 
Seh based exploitation
Raghunath G
 
Securitynewsbytes april2015-150418153901-conversion-gate01
Raghunath G
 
Raspberry pi 2
Raghunath G
 
Analysis of malicious pdf
Raghunath G
 
Is iso 27001, an answer to security
Raghunath G
 
Null HYD Playing with shodan null
Raghunath G
 
Null HYD VRTDOS
Raghunath G
 
Metasploit
Raghunath G
 
Null dec 2014
Raghunath G
 
Security News Bytes
Raghunath G
 
Decoy documents
Raghunath G
 
Spear phishing attacks-by-hari_krishna
Raghunath G
 
Netcat 101 by-mahesh-beema
Raghunath G
 
Xss 101 by-sai-shanthan
Raghunath G
 
The art of_firewalking-by-sujay
Raghunath G
 

Recently uploaded (20)

PDF
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
PDF
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
PDF
Basic Mud Logging Guide for educational purpose
wdandworks
 
PDF
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
PPTX
Institutional Correction lecture only . . .
limvtheghins
 
PDF
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPTX
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
PDF
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
PPTX
master seminar digital applications in india
ananyaray35
 
PDF
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
PDF
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
PDF
Computing-Curriculum for Schools in Ghana
abigailanane203
 
PDF
RMMM.pdf make it easy to upload and study
sajedul2
 
PDF
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
PDF
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
PPTX
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
PPTX
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
PDF
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
PDF
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPTX
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 
Black Hat USA 2025 - Micro ICS Summit - ICS/OT Threat Landscape
Chris Sistrunk
 
2.FourierTransform-ShortQuestionswithAnswers.pdf
Raji Murugan
 
Basic Mud Logging Guide for educational purpose
wdandworks
 
O5-L3 Freight Transport Ops (International) V1.pdf
labyankof
 
Institutional Correction lecture only . . .
limvtheghins
 
Abdominal Access Techniques with Prof. Dr. R K Mishra
mohitsuren827
 
PPT- ENG7_QUARTER1_LESSON1_WEEK1. IMAGERY -DESCRIPTIONS pptx.pptx
KMDee
 
VCE English Exam - Section C Student Revision Booklet
jpinnuck
 
master seminar digital applications in india
ananyaray35
 
O7-L3 Supply Chain Operations - ICLT Program
labyankof
 
The Lost Whites of Pakistan by Jahanzaib Mughal.pdf
jahanzaibmughal6
 
Computing-Curriculum for Schools in Ghana
abigailanane203
 
RMMM.pdf make it easy to upload and study
sajedul2
 
3rd Neelam Sanjeevareddy Memorial Lecture.pdf
Academy of Grassroots Studies and Research of India (AGRASRI)
 
Insiders guide to clinical Medicine.pdf
AbhishekPatil315128
 
IMMUNITY IMMUNITY refers to protection against infection, and the immune syst...
shilpa939953
 
Final Presentation General Medicine 03-08-2024.pptx
ZaheerAhmad228692
 
Module 4: Burden of Disease Tutorial Slides S2 2025
Jonathan Hallett
 
ANTIBIOTICS.pptx.pdf………………… xxxxxxxxxxxxx
HakHe
 
PPH.pptx obstetrics and gynecology in nursing
SrideviDevaraj5
 

Null July - OWTF - Bharadwaj Machiraju

  • 2. #whoami Student (B.Tech) Core developer of OWTF OWASP GSoC Mentor
  • 3. OWASP OWTF Offensive Web Testing Framework Written in python by Abraham Aranguren (@7a_) Runs a bunch of tools the way you want Highly extensible, so easy to add own plugins Web based UI Currently under heavy development
  • 5. Present Features Has approx 150 well categorised plugins Botnet Mode - Allows usage of proxies and even tor network to avoid detection. Plug-n-hack Phase-I support Inbound proxy and much more…..
  • 7. Requirements A linux distribution (Kali is highly recommended) Internet connection git, python2 & wget installed A bit of patience
  • 8. Installation ! Clone from our github repo (https://github.com/owtf) Development branch(lions_2014) Run the install script (install/install.py) Ready!!
  • 9. Usage Fire up owtf with a target (./owtf.py demo.testfire.net) Visit the web interface (default at http://127.0.0.1:8009/ui/) Open targets and click on your target Run some plugins/browse using plug-n-hack Check the report and logs
  • 10. Plugins? Three main categories web, net & aux Web External - Help links to external resources Passive - No traffic is sent to target Semi passive - Non intrusive traffic is sent to target grep - Passive analysis of transactions active - Intrusive traffic is sent to target
  • 11. Special Features (ongoing GSoC projects) Plug-n-Hack Phase II - Cornel Punga Sessions support - Viyat Bhalodia Zest support - Deep Shah Automated vulnerability rankings - Tao Sauvage Online passive scanner (demo - lucif3rr.github.io) - Anirudh Anand WAF Bypasser - Marios Kourtesis
  • 12. How can you help? Student? (GSoC, MWoS, Similar OWASP program) Non-Student? You can get fame, goodies & chance to speak at conferences ;)
  • 13. Lots of links OWTF Presentations - http://www.slideshare.net/abrahamaranguren OWASP Page - http://owtf.org Twitter - @owtfp Github Org - https://github.com/owtf Wiki - https://github.com/owtf/owtf/wiki Freenode IRC Channel - #owtf *I am providing a sneak peek into the future owtf release ;)
  • 14. You can Contact Me! bharadwaj.machiraju@gmail.com aka tunnelshade http://blog.tunnelshade.in @tunnelshade_