RG
Uploaded byRaghunath G
PDF, PPTX973 views

Null July - OWTF - Bharadwaj Machiraju

OWTF is an offensive web testing framework developed in Python, featuring around 150 categorized plugins and a web-based UI. It supports various modes, such as botnet mode for using proxies and offers installation instructions via GitHub. The project is open for contributions, with ongoing Google Summer of Code projects and opportunities for students and non-students alike.

Embed presentation

Download as PDF, PPTX
OWASP OWTF Bharadwaj ‘tunnelshade’ Machiraju
#whoami Student (B.Tech) Core developer of OWTF OWASP GSoC Mentor
OWASP OWTF Offensive Web Testing Framework Written in python by Abraham Aranguren (@7a_) Runs a bunch of tools the way you want Highly extensible, so easy to add own plugins Web based UI Currently under heavy development
Funded by OWASP Google BruCon ElearnSecurity
Present Features Has approx 150 well categorised plugins Botnet Mode - Allows usage of proxies and even tor network to avoid detection. Plug-n-hack Phase-I support Inbound proxy and much more…..
DEMO TIME
Requirements A linux distribution (Kali is highly recommended) Internet connection git, python2 & wget installed A bit of patience
Installation ! Clone from our github repo (https://github.com/owtf) Development branch(lions_2014) Run the install script (install/install.py) Ready!!
Usage Fire up owtf with a target (./owtf.py demo.testfire.net) Visit the web interface (default at http://127.0.0.1:8009/ui/) Open targets and click on your target Run some plugins/browse using plug-n-hack Check the report and logs
Plugins? Three main categories web, net & aux Web External - Help links to external resources Passive - No traffic is sent to target Semi passive - Non intrusive traffic is sent to target grep - Passive analysis of transactions active - Intrusive traffic is sent to target
Special Features (ongoing GSoC projects) Plug-n-Hack Phase II - Cornel Punga Sessions support - Viyat Bhalodia Zest support - Deep Shah Automated vulnerability rankings - Tao Sauvage Online passive scanner (demo - lucif3rr.github.io) - Anirudh Anand WAF Bypasser - Marios Kourtesis
How can you help? Student? (GSoC, MWoS, Similar OWASP program) Non-Student? You can get fame, goodies & chance to speak at conferences ;)
Lots of links OWTF Presentations - http://www.slideshare.net/abrahamaranguren OWASP Page - http://owtf.org Twitter - @owtfp Github Org - https://github.com/owtf Wiki - https://github.com/owtf/owtf/wiki Freenode IRC Channel - #owtf *I am providing a sneak peek into the future owtf release ;)
You can Contact Me! bharadwaj.machiraju@gmail.com aka tunnelshade http://blog.tunnelshade.in @tunnelshade_

More Related Content

PPTX
Robot framework
byRochak Bhalla
 
PDF
Owasp AppSecEU 2015 - BeEF Session
byBart Leppens
 
PDF
Panther loves Symfony apps
bySimone D'Amico
 
PDF
Appium & Robot Framework
byFurkan Ertürk
 
PDF
How to Setup A Pen test Lab and How to Play CTF
byn|u - The Open Security Community
 
PDF
Jenv: Java Environment Manager
byJacky Chan
 
PDF
Generamba
byNicolae Ghimbovschi
 
PPT
Robotframework Presentation - Pinoy Python Meetup 2011January12
byFranz Allan See
 
Robot framework
byRochak Bhalla
 
Owasp AppSecEU 2015 - BeEF Session
byBart Leppens
 
Panther loves Symfony apps
bySimone D'Amico
 
Appium & Robot Framework
byFurkan Ertürk
 
How to Setup A Pen test Lab and How to Play CTF
byn|u - The Open Security Community
 
Jenv: Java Environment Manager
byJacky Chan
 
Generamba
byNicolae Ghimbovschi
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
byFranz Allan See
 

What's hot

PPTX
TYPO3 CMS deployment with Jenkins CI
byderdanne
 
PPTX
Bsides tampa
byOctavio Paguaga
 
ODP
Browser Exploitation Framework Tutorial
byimlaurel2
 
PDF
Understanding Burp Replicator
byNeelu Tripathy
 
PDF
Automate Yo' Self
byJohn Anderson
 
PDF
Docker
byThe Software House
 
ODP
DIY Java & Kubernetes
byPance Cavkovski
 
PPT
Django Deployment
byTareque Hossain
 
PDF
AppSec & OWASP Top 10 Primer
byThreatReel Podcast
 
PDF
DevOps Camp 2017 NYC Local Development using Vagrant by Anthony Alvarez
byAnthony Alvarez
 
PDF
GlassFish Embedded API
byEduardo Pelegri-Llopart
 
PDF
Vagrant for local and team WordPress Development
byAnthony Alvarez
 
PPTX
Development with Vagrant
byJohn Coggeshall
 
PDF
Acceptance testing plone sites and add ons with robot framework and selenium
byAsko Soukka
 
PDF
Gr8conf - The Groovy Ecosystem Revisited
byAndres Almiray
 
PPTX
Web browsers
bytorosalgado
 
ODP
It Works On My Machine: Vagrant for Software Development
byCarlos Perez
 
PPTX
PhoneGap day 2016 EU: Simulating Cordova Plugins in the Browser
byRyan J. Salva
 
PDF
Vagrant for Development
byJacky Chan
 
PDF
Hands on iOS developments with jenkins
byArnaud Héritier
 
TYPO3 CMS deployment with Jenkins CI
byderdanne
 
Bsides tampa
byOctavio Paguaga
 
Browser Exploitation Framework Tutorial
byimlaurel2
 
Understanding Burp Replicator
byNeelu Tripathy
 
Automate Yo' Self
byJohn Anderson
 
Docker
byThe Software House
 
DIY Java & Kubernetes
byPance Cavkovski
 
Django Deployment
byTareque Hossain
 
AppSec & OWASP Top 10 Primer
byThreatReel Podcast
 
DevOps Camp 2017 NYC Local Development using Vagrant by Anthony Alvarez
byAnthony Alvarez
 
GlassFish Embedded API
byEduardo Pelegri-Llopart
 
Vagrant for local and team WordPress Development
byAnthony Alvarez
 
Development with Vagrant
byJohn Coggeshall
 
Acceptance testing plone sites and add ons with robot framework and selenium
byAsko Soukka
 
Gr8conf - The Groovy Ecosystem Revisited
byAndres Almiray
 
Web browsers
bytorosalgado
 
It Works On My Machine: Vagrant for Software Development
byCarlos Perez
 
PhoneGap day 2016 EU: Simulating Cordova Plugins in the Browser
byRyan J. Salva
 
Vagrant for Development
byJacky Chan
 
Hands on iOS developments with jenkins
byArnaud Héritier
 

Viewers also liked

PDF
Nomadic Display Setup Fabri Mural
byNomadic Display
 
PPTX
Security News Bytes
byRaghunath G
 
PPTX
Baseball stats
byRachel Monaco
 
PDF
Heartbleed by-danish amber
byRaghunath G
 
PPTX
Newsbytes_NULLHYD_Dec
byRaghunath G
 
PPTX
Mobile application security 101
byRaghunath G
 
PDF
Social engineering by-rakesh-nagekar
byRaghunath G
 
PDF
Nomadic Display Set Up HangTen
byNomadic Display
 
PPTX
Lockout
byAileen Mc Auliffe
 
PPTX
Internet safety presentation
bymkajiwara1
 
DOC
Buying a business in florida
byJames Lavigne
 
DOC
Buying a business in florida
byJames Lavigne
 
DOC
SAmador CV
bySusan Amador
 
PDF
Oig 14 19-dec13 report on eb5 program
byJames Lavigne
 
PPTX
UGA Guest Lecture: Social Media 101
bysteffan
 
PPTX
Example problems Binomials
byRachel Monaco
 
PPTX
Example problems Binomial Multiplication
byRachel Monaco
 
PPTX
Example problems
byRachel Monaco
 
PDF
Investor alert—investment scams exploit immigrant investor program
byJames Lavigne
 
DOC
So you want to retire in florida 1997 far
byJames Lavigne
 
Nomadic Display Setup Fabri Mural
byNomadic Display
 
Security News Bytes
byRaghunath G
 
Baseball stats
byRachel Monaco
 
Heartbleed by-danish amber
byRaghunath G
 
Newsbytes_NULLHYD_Dec
byRaghunath G
 
Mobile application security 101
byRaghunath G
 
Social engineering by-rakesh-nagekar
byRaghunath G
 
Nomadic Display Set Up HangTen
byNomadic Display
 
Lockout
byAileen Mc Auliffe
 
Internet safety presentation
bymkajiwara1
 
Buying a business in florida
byJames Lavigne
 
Buying a business in florida
byJames Lavigne
 
SAmador CV
bySusan Amador
 
Oig 14 19-dec13 report on eb5 program
byJames Lavigne
 
UGA Guest Lecture: Social Media 101
bysteffan
 
Example problems Binomials
byRachel Monaco
 
Example problems Binomial Multiplication
byRachel Monaco
 
Example problems
byRachel Monaco
 
Investor alert—investment scams exploit immigrant investor program
byJames Lavigne
 
So you want to retire in florida 1997 far
byJames Lavigne
 

Similar to Null July - OWTF - Bharadwaj Machiraju

PDF
OWASP OWTF - Summer Storm - OWASP AppSec EU 2013
byAbraham Aranguren
 
PDF
Automating Security Testing with the OWTF
byJerod Brennen
 
ODP
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
byMauro Risonho de Paula Assumpcao
 
PPTX
[Wroclaw #5] OWASP Projects: beyond Top 10
byOWASP
 
PPTX
Pentesting like a grandmaster with owtf
byViyat Bhalodia
 
PDF
OWASP Bangalore : OWTF demo : 13 Dec 2014
byAnant Shrivastava
 
PDF
Introducing OWASP OWTF Workshop BruCon 2012
byAbraham Aranguren
 
PDF
Legal and efficient web app testing without permission
byAbraham Aranguren
 
PDF
Offensive (Web, etc) Testing Framework: My gift for the community - BerlinSid...
byAbraham Aranguren
 
PDF
Abraham aranguren. legal and efficient web app testing without permission
byYury Chemerkin
 
PDF
Botnet mode
bymarioskourt
 
OWASP OWTF - Summer Storm - OWASP AppSec EU 2013
byAbraham Aranguren
 
Automating Security Testing with the OWTF
byJerod Brennen
 
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
byMauro Risonho de Paula Assumpcao
 
[Wroclaw #5] OWASP Projects: beyond Top 10
byOWASP
 
Pentesting like a grandmaster with owtf
byViyat Bhalodia
 
OWASP Bangalore : OWTF demo : 13 Dec 2014
byAnant Shrivastava
 
Introducing OWASP OWTF Workshop BruCon 2012
byAbraham Aranguren
 
Legal and efficient web app testing without permission
byAbraham Aranguren
 
Offensive (Web, etc) Testing Framework: My gift for the community - BerlinSid...
byAbraham Aranguren
 
Abraham aranguren. legal and efficient web app testing without permission
byYury Chemerkin
 
Botnet mode
bymarioskourt
 

More from Raghunath G

PPTX
Metasploit
byRaghunath G
 
PPTX
Decoy documents
byRaghunath G
 
PDF
Netcat 101 by-mahesh-beema
byRaghunath G
 
PDF
Xss 101 by-sai-shanthan
byRaghunath G
 
PDF
The art of_firewalking-by-sujay
byRaghunath G
 
PPTX
Analysis of malicious pdf
byRaghunath G
 
PPT
Whats app forensic
byRaghunath G
 
PDF
Spear phishing attacks-by-hari_krishna
byRaghunath G
 
PDF
Null HYD VRTDOS
byRaghunath G
 
PPTX
Seh based exploitation
byRaghunath G
 
PDF
Null HYD Playing with shodan null
byRaghunath G
 
PDF
Raspberry pi 2
byRaghunath G
 
PDF
Security News Bytes
byRaghunath G
 
PPTX
Is iso 27001, an answer to security
byRaghunath G
 
PPT
Null dec 2014
byRaghunath G
 
PPSX
Securitynewsbytes
byRaghunath G
 
PPSX
Securitynewsbytes april2015-150418153901-conversion-gate01
byRaghunath G
 
Metasploit
byRaghunath G
 
Decoy documents
byRaghunath G
 
Netcat 101 by-mahesh-beema
byRaghunath G
 
Xss 101 by-sai-shanthan
byRaghunath G
 
The art of_firewalking-by-sujay
byRaghunath G
 
Analysis of malicious pdf
byRaghunath G
 
Whats app forensic
byRaghunath G
 
Spear phishing attacks-by-hari_krishna
byRaghunath G
 
Null HYD VRTDOS
byRaghunath G
 
Seh based exploitation
byRaghunath G
 
Null HYD Playing with shodan null
byRaghunath G
 
Raspberry pi 2
byRaghunath G
 
Security News Bytes
byRaghunath G
 
Is iso 27001, an answer to security
byRaghunath G
 
Null dec 2014
byRaghunath G
 
Securitynewsbytes
byRaghunath G
 
Securitynewsbytes april2015-150418153901-conversion-gate01
byRaghunath G
 

Recently uploaded

PPTX
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
PPTX
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
PPTX
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
PPTX
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
PPTX
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
PDF
Biology Practical Class 12th 2025 PDF(2)-2-52.pdf
bySCPRPWomenCollegeChi
 
PDF
Most Imp Chapters & Weightage for Boards 2025.pdf
byTamannaSagar
 
PPTX
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
PPTX
Details of Epithelial and Connective Tissue.pptx
byAshish Umale
 
PDF
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
PPTX
Expected Revenue Report In Odoo 18 CRM
byCeline George
 
PDF
Scalable-MADDPG-Based Cooperative Target Invasion for a Multi-USV System.pdf
byMan_Ebook
 
PPTX
How to Create Lead_Opportunity From Odoo 18 Website
byCeline George
 
PDF
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
PDF
Types of eggs and Egg membranes (Developmental Zoology)
bySudhandraKarthi
 
PPTX
Steve Hale - Developing Elite Young Goalkeepers 2024.pptx
bypjmfd
 
PPTX
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
PPTX
4 G8_Q3_L4 (Evaluating opinion editorials for textual evidence and quality).pptx
byNorafeSahagun
 
PDF
Risk management in Moroccan public hospitals_ a literature review
byMan_Ebook
 
PPTX
REVISED DEFENSE MECHANISM / ADJUSTMENT MECHANISM-FINAL
byShimla
 
Pig- piggy bank in Big Data Analytics.ppt.pptx
byVarshini M
 
How to Configure Push & Pull Rule in Odoo 18 Inventory
byCeline George
 
10-12-2025 Francois Staring How can Researchers and Initial Teacher Educators...
byEduSkills OECD
 
TAMIS & TEMS - HOW, WHY and THE STEPS IN PROCTOLOGY
byJohn Thanakumar
 
How to Manage Package Reservation in Odoo 18 Inventory
byCeline George
 
Biology Practical Class 12th 2025 PDF(2)-2-52.pdf
bySCPRPWomenCollegeChi
 
Most Imp Chapters & Weightage for Boards 2025.pdf
byTamannaSagar
 
The Cell & Cell Cycle-detailed structure and function of organelles.pptx
byAshish Umale
 
Details of Epithelial and Connective Tissue.pptx
byAshish Umale
 
DHA/HAAD/MOH/DOH OPTOMETRY MCQ PYQ. .pdf
byAnmol Singh
 
Expected Revenue Report In Odoo 18 CRM
byCeline George
 
Scalable-MADDPG-Based Cooperative Target Invasion for a Multi-USV System.pdf
byMan_Ebook
 
How to Create Lead_Opportunity From Odoo 18 Website
byCeline George
 
M.Sc. Nonchordates Complete Syllabus PPT | All Important Topics Covered
byKNIPSS SULTANPUR
 
Types of eggs and Egg membranes (Developmental Zoology)
bySudhandraKarthi
 
Steve Hale - Developing Elite Young Goalkeepers 2024.pptx
bypjmfd
 
ATTENTION -PART 2.pptx Shilpa Hotakar for I semester BSc students
bySHILPA HOTAKAR
 
4 G8_Q3_L4 (Evaluating opinion editorials for textual evidence and quality).pptx
byNorafeSahagun
 
Risk management in Moroccan public hospitals_ a literature review
byMan_Ebook
 
REVISED DEFENSE MECHANISM / ADJUSTMENT MECHANISM-FINAL
byShimla
 

Null July - OWTF - Bharadwaj Machiraju

  • 1.
  • 2.
    #whoami Student (B.Tech) Core developerof OWTF OWASP GSoC Mentor
  • 3.
    OWASP OWTF Offensive WebTesting Framework Written in python by Abraham Aranguren (@7a_) Runs a bunch of tools the way you want Highly extensible, so easy to add own plugins Web based UI Currently under heavy development
  • 4.
  • 5.
    Present Features Has approx150 well categorised plugins Botnet Mode - Allows usage of proxies and even tor network to avoid detection. Plug-n-hack Phase-I support Inbound proxy and much more…..
  • 6.
  • 7.
    Requirements A linux distribution(Kali is highly recommended) Internet connection git, python2 & wget installed A bit of patience
  • 8.
    Installation ! Clone from ourgithub repo (https://github.com/owtf) Development branch(lions_2014) Run the install script (install/install.py) Ready!!
  • 9.
    Usage Fire up owtfwith a target (./owtf.py demo.testfire.net) Visit the web interface (default at http://127.0.0.1:8009/ui/) Open targets and click on your target Run some plugins/browse using plug-n-hack Check the report and logs
  • 10.
    Plugins? Three main categoriesweb, net & aux Web External - Help links to external resources Passive - No traffic is sent to target Semi passive - Non intrusive traffic is sent to target grep - Passive analysis of transactions active - Intrusive traffic is sent to target
  • 11.
    Special Features (ongoingGSoC projects) Plug-n-Hack Phase II - Cornel Punga Sessions support - Viyat Bhalodia Zest support - Deep Shah Automated vulnerability rankings - Tao Sauvage Online passive scanner (demo - lucif3rr.github.io) - Anirudh Anand WAF Bypasser - Marios Kourtesis
  • 12.
    How can youhelp? Student? (GSoC, MWoS, Similar OWASP program) Non-Student? You can get fame, goodies & chance to speak at conferences ;)
  • 13.
    Lots of links OWTFPresentations - http://www.slideshare.net/abrahamaranguren OWASP Page - http://owtf.org Twitter - @owtfp Github Org - https://github.com/owtf Wiki - https://github.com/owtf/owtf/wiki Freenode IRC Channel - #owtf *I am providing a sneak peek into the future owtf release ;)
  • 14.
    You can ContactMe! bharadwaj.machiraju@gmail.com aka tunnelshade http://blog.tunnelshade.in @tunnelshade_