SlideShare a Scribd company logo

OWASP Bangalore : OWTF demo : 13 Dec 2014

Anant Shrivastava, profile picture
Anant Shrivastava

The document outlines the OWTF (Offensive Web Testing Framework), an automated penetration testing tool designed to organize findings according to various security standards. Developed in Python, it supports Kali Linux and integrates multiple tools for task execution and result aggregation. It provides resources for setup, contributions, and demo access, as well as links for further exploration.

Technology
1 of 26
Downloaded 37 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
OWASP OWTF Anant Shrivastava
OWTF
O.W.T.F.
Offensive Web Testing Framework
Who am i Anant Shrivastava Information Security Consultant OWASP + G4H + null http://anantshri.info @anantshri
Agenda What is OWTF OWTF Demo Things not covered How to Contribute
Offensive Web Testing Framework
Need of W.T.F. Automated Pentest operations Organize finding as per standard standard could be OWASP, NIST or others custom notes and rankings identify type of execution Passive, active
History We started out as a way to run OWASP test's without accessing the website directly i.e. via indirect / passive ways. Written in Python by Abraham (@7a_) One of the most active OWASP projects alongside (ZAP and TestingGuide)
U. S. P. Automated task execution Single Dashboard result aggregation (in future co-relation) Raw tools output available Single point dashboard for all data. Control Task's : Pause and resume.
HOW
But its primarily a DEMO
So lets Launch the demo parts first.
Project hosted at http://github.com/owtf/owtf
Officially supports KALI LINUX & Samurai WTF
Demo Setup 1. Kali Machine with OWTF configured on it 2. scan : http://demo.testfire.net 3. scan : http://testasp.vulnweb.com
Basic setup git clone http://github.com/owtf/owtf.git cd owtf python2 install/install.py
DEMO
Development
Not covered OWTF botnetmode OWTF inbuilt proxy OWTF PlugnHack support OWTF Waf Bypasser and other plugins
contribute? GSoC Winter of Code Just Code Issue tracker comments on Github page.
Useful links 1. http://owtf.org 2. http://github.com/owtf/owtf 3. Video Demos @ youtube (owtfproject) 4. http://bit.ly/owtf-demo-lionheart
Social Connect Twitter: @owtfp Freenode IRC : #owtf
Any Questions?
slide credits Not all slides were mine. credits to @tunnelshade_ and @7a_ for some slides.
Thank You

More Related Content

PDF
How to Setup A Pen test Lab and How to Play CTF
n|u - The Open Security Community
 
PDF
Nullcon Hack IM 2011 walk through
Anant Shrivastava
 
ODP
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
Mauro Risonho de Paula Assumpcao
 
PDF
Stealth post-exploitation with phpsploit
Nullbyte Security Conference
 
PDF
Firmware Extraction & Fuzzing - Jatan Raval
NSConclave
 
PDF
Introducing OWASP OWTF Workshop BruCon 2012
Abraham Aranguren
 
PDF
Aide 2014 - Fundamentals of Linux Privilege Escalation
nullthreat
 
PPTX
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGI
Max Tepkeev
 
How to Setup A Pen test Lab and How to Play CTF
n|u - The Open Security Community
 
Nullcon Hack IM 2011 walk through
Anant Shrivastava
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
Mauro Risonho de Paula Assumpcao
 
Stealth post-exploitation with phpsploit
Nullbyte Security Conference
 
Firmware Extraction & Fuzzing - Jatan Raval
NSConclave
 
Introducing OWASP OWTF Workshop BruCon 2012
Abraham Aranguren
 
Aide 2014 - Fundamentals of Linux Privilege Escalation
nullthreat
 
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGI
Max Tepkeev
 

What's hot (20)

ODP
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
Mauro Risonho de Paula Assumpcao
 
PDF
Raptor web application firewall
Antonio Costa aka Cooler_
 
PDF
Volatility101
April Mardock CISSP
 
PDF
Talk NullByteCon 2015
Roberto Soares
 
PDF
0d1n
Antonio Costa aka Cooler_
 
PPTX
uWSGI - Swiss army knife for your Python web apps
Tomislav Raseta
 
PDF
Bz backtrack.usage
djenoalbania
 
PDF
窺探職場上所需之資安專業技術與能力 Tdohconf
jack51706
 
PPTX
如何利用 Docker 強化網站安全
Tim Hsu
 
PDF
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
Andrea Draghetti
 
PDF
Down by the Docker
NotSoSecure Global Services
 
PDF
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
Priyanka Aash
 
PDF
44CON London 2015 - Is there an EFI monster inside your apple?
44CON
 
PPT
Subversion @ JUG Milano 11 dic 2009
Andrea Francia
 
PDF
Having fun with Raspberry(s) and Apache projects
Jean-Frederic Clere
 
PDF
Kernel Recipes 2013 - Kernel for your device
Anne Nicolas
 
PDF
Rear automated testing with Bareos
Gratien D'haese
 
PDF
Manage custom kernel builds
Marian Marinov
 
PDF
Ggplot2 Installation Instructions
Vinita Silaparasetty
 
PPTX
Nginx warhead
Sergey Belov
 
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
Mauro Risonho de Paula Assumpcao
 
Raptor web application firewall
Antonio Costa aka Cooler_
 
Volatility101
April Mardock CISSP
 
Talk NullByteCon 2015
Roberto Soares
 
0d1n
Antonio Costa aka Cooler_
 
uWSGI - Swiss army knife for your Python web apps
Tomislav Raseta
 
Bz backtrack.usage
djenoalbania
 
窺探職場上所需之資安專業技術與能力 Tdohconf
jack51706
 
如何利用 Docker 強化網站安全
Tim Hsu
 
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
Andrea Draghetti
 
Down by the Docker
NotSoSecure Global Services
 
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
Priyanka Aash
 
44CON London 2015 - Is there an EFI monster inside your apple?
44CON
 
Subversion @ JUG Milano 11 dic 2009
Andrea Francia
 
Having fun with Raspberry(s) and Apache projects
Jean-Frederic Clere
 
Kernel Recipes 2013 - Kernel for your device
Anne Nicolas
 
Rear automated testing with Bareos
Gratien D'haese
 
Manage custom kernel builds
Marian Marinov
 
Ggplot2 Installation Instructions
Vinita Silaparasetty
 
Nginx warhead
Sergey Belov
 
Ad

Similar to OWASP Bangalore : OWTF demo : 13 Dec 2014 (8)

PDF
Null July - OWTF - Bharadwaj Machiraju
Raghunath G
 
PDF
Automating Security Testing with the OWTF
Jerod Brennen
 
PDF
OWASP OWTF - Summer Storm - OWASP AppSec EU 2013
Abraham Aranguren
 
PPTX
Pentesting like a grandmaster with owtf
Viyat Bhalodia
 
PDF
Legal and efficient web app testing without permission
Abraham Aranguren
 
PDF
Abraham aranguren. legal and efficient web app testing without permission
Yury Chemerkin
 
PPTX
OpenNTF: Past, Present, and Future
LetsConnect
 
PDF
Offensive (Web, etc) Testing Framework: My gift for the community - BerlinSid...
Abraham Aranguren
 
Null July - OWTF - Bharadwaj Machiraju
Raghunath G
 
Automating Security Testing with the OWTF
Jerod Brennen
 
OWASP OWTF - Summer Storm - OWASP AppSec EU 2013
Abraham Aranguren
 
Pentesting like a grandmaster with owtf
Viyat Bhalodia
 
Legal and efficient web app testing without permission
Abraham Aranguren
 
Abraham aranguren. legal and efficient web app testing without permission
Yury Chemerkin
 
OpenNTF: Past, Present, and Future
LetsConnect
 
Offensive (Web, etc) Testing Framework: My gift for the community - BerlinSid...
Abraham Aranguren
 
Ad

More from Anant Shrivastava (20)

PDF
Diverseccon keynote: My 2 Paisa's on Infosec World
Anant Shrivastava
 
PDF
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
PDF
Android Tamer BH USA 2016 : Arsenal Presentation
Anant Shrivastava
 
PDF
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
PDF
Slides null puliya linux basics
Anant Shrivastava
 
PDF
SSL Pinning and Bypasses: Android and iOS
Anant Shrivastava
 
PDF
Exploiting publically exposed Version Control System
Anant Shrivastava
 
PDF
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
PDF
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
PDF
My tryst with sourcecode review
Anant Shrivastava
 
PDF
Snake bites : Python for Pentesters
Anant Shrivastava
 
PPTX
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
 
PDF
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
PDF
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Anant Shrivastava
 
PDF
When the internet bleeded : RootConf 2014
Anant Shrivastava
 
PDF
Raspberry pi Beginners Session
Anant Shrivastava
 
PPTX
Career In Information security
Anant Shrivastava
 
PDF
WhitePaper : Security issues in android custom rom
Anant Shrivastava
 
PDF
Security Issues in Android Custom ROM
Anant Shrivastava
 
PDF
Web application finger printing - whitepaper
Anant Shrivastava
 
Diverseccon keynote: My 2 Paisa's on Infosec World
Anant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
Anant Shrivastava
 
Android Tamer BH USA 2016 : Arsenal Presentation
Anant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
Anant Shrivastava
 
Slides null puliya linux basics
Anant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
Anant Shrivastava
 
Exploiting publically exposed Version Control System
Anant Shrivastava
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Tale of Forgotten Disclosure and Lesson learned
Anant Shrivastava
 
My tryst with sourcecode review
Anant Shrivastava
 
Snake bites : Python for Pentesters
Anant Shrivastava
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Anant Shrivastava
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
Anant Shrivastava
 
When the internet bleeded : RootConf 2014
Anant Shrivastava
 
Raspberry pi Beginners Session
Anant Shrivastava
 
Career In Information security
Anant Shrivastava
 
WhitePaper : Security issues in android custom rom
Anant Shrivastava
 
Security Issues in Android Custom ROM
Anant Shrivastava
 
Web application finger printing - whitepaper
Anant Shrivastava
 

Recently uploaded (20)

PDF
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PPTX
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
DOCX
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PPTX
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
PPTX
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
PDF
Modernizing your data center with Dell and AMD
Principled Technologies
 
PDF
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
PDF
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 
7 ChatGPT Prompts to Help You Define Your Ideal Customer Profile.pdf
SOFTTECHHUB
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Diabetes mellitus diagnosis method based random forest with bat algorithm
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Spectral efficient network and resource selection model in 5G networks
IAESIJAI
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Bridging biosciences and deep learning for revolutionary discoveries: a compr...
IAESIJAI
 
PA Analog/Digital System: The Backbone of Modern Surveillance and Communication
AVTRON Technologies LLC
 
The AUB Centre for AI in Media Proposal.docx
GAONE9
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
KOM of Painting work and Equipment Insulation REV00 update 25-dec.pptx
muhammadmuneebnaeem7
 
Effective Security Operations Center (SOC) A Modern, Strategic, and Threat-In...
ReZa AdineH
 
Modernizing your data center with Dell and AMD
Principled Technologies
 
Peak of Data & AI Encore- AI for Metadata and Smarter Workflows
Safe Software
 
CIFDAQ's Market Insight: SEC Turns Pro Crypto
CIFDAQ
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Empathic Computing: Creating Shared Understanding
Mark Billinghurst
 

OWASP Bangalore : OWTF demo : 13 Dec 2014

  • 1. OWASP OWTF Anant Shrivastava
  • 5. Who am i Anant Shrivastava Information Security Consultant OWASP + G4H + null http://anantshri.info @anantshri
  • 6. Agenda What is OWTF OWTF Demo Things not covered How to Contribute
  • 8. Need of W.T.F. Automated Pentest operations Organize finding as per standard standard could be OWASP, NIST or others custom notes and rankings identify type of execution Passive, active
  • 9. History We started out as a way to run OWASP test's without accessing the website directly i.e. via indirect / passive ways. Written in Python by Abraham (@7a_) One of the most active OWASP projects alongside (ZAP and TestingGuide)
  • 10. U. S. P. Automated task execution Single Dashboard result aggregation (in future co-relation) Raw tools output available Single point dashboard for all data. Control Task's : Pause and resume.
  • 11. HOW
  • 13. So lets Launch the demo parts first.
  • 14. Project hosted at http://github.com/owtf/owtf
  • 15. Officially supports KALI LINUX & Samurai WTF
  • 16. Demo Setup 1. Kali Machine with OWTF configured on it 2. scan : http://demo.testfire.net 3. scan : http://testasp.vulnweb.com
  • 17. Basic setup git clone http://github.com/owtf/owtf.git cd owtf python2 install/install.py
  • 18. DEMO
  • 20. Not covered OWTF botnetmode OWTF inbuilt proxy OWTF PlugnHack support OWTF Waf Bypasser and other plugins
  • 21. contribute? GSoC Winter of Code Just Code Issue tracker comments on Github page.
  • 22. Useful links 1. http://owtf.org 2. http://github.com/owtf/owtf 3. Video Demos @ youtube (owtfproject) 4. http://bit.ly/owtf-demo-lionheart
  • 23. Social Connect Twitter: @owtfp Freenode IRC : #owtf
  • 25. slide credits Not all slides were mine. credits to @tunnelshade_ and @7a_ for some slides.