OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to see the big picture and think out of the box. More efficiently find, verify and combine vulnerabilities. Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions. Perform more tactical/targeted fuzzing on seemingly risky areas. Demonstrate true impact despite the short timeframes we are typically given to test. The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience. OWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives).
Features
- OWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives)
- OWTF supports Python3
- Run as a Docker container
- Create and start the PostgreSQL database server
- Manual setup (painful and error-prone)
- Run make startdb to create and start the PostgreSQL server
Project Samples
