Anant Shrivastava, profile picture
Uploaded byAnant Shrivastava
4,657 views

OWASP Bangalore : OWTF demo : 13 Dec 2014

The document outlines the OWTF (Offensive Web Testing Framework), an automated penetration testing tool designed to organize findings according to various security standards. Developed in Python, it supports Kali Linux and integrates multiple tools for task execution and result aggregation. It provides resources for setup, contributions, and demo access, as well as links for further exploration.

Embed presentation

Downloaded 38 times
OWASP OWTF Anant Shrivastava
OWTF
O.W.T.F.
Offensive Web Testing Framework
Who am i Anant Shrivastava Information Security Consultant OWASP + G4H + null http://anantshri.info @anantshri
Agenda What is OWTF OWTF Demo Things not covered How to Contribute
Offensive Web Testing Framework
Need of W.T.F. Automated Pentest operations Organize finding as per standard standard could be OWASP, NIST or others custom notes and rankings identify type of execution Passive, active
History We started out as a way to run OWASP test's without accessing the website directly i.e. via indirect / passive ways. Written in Python by Abraham (@7a_) One of the most active OWASP projects alongside (ZAP and TestingGuide)
U. S. P. Automated task execution Single Dashboard result aggregation (in future co-relation) Raw tools output available Single point dashboard for all data. Control Task's : Pause and resume.
HOW
But its primarily a DEMO
So lets Launch the demo parts first.
Project hosted at http://github.com/owtf/owtf
Officially supports KALI LINUX & Samurai WTF
Demo Setup 1. Kali Machine with OWTF configured on it 2. scan : http://demo.testfire.net 3. scan : http://testasp.vulnweb.com
Basic setup git clone http://github.com/owtf/owtf.git cd owtf python2 install/install.py
DEMO
Development
Not covered OWTF botnetmode OWTF inbuilt proxy OWTF PlugnHack support OWTF Waf Bypasser and other plugins
contribute? GSoC Winter of Code Just Code Issue tracker comments on Github page.
Useful links 1. http://owtf.org 2. http://github.com/owtf/owtf 3. Video Demos @ youtube (owtfproject) 4. http://bit.ly/owtf-demo-lionheart
Social Connect Twitter: @owtfp Freenode IRC : #owtf
Any Questions?
slide credits Not all slides were mine. credits to @tunnelshade_ and @7a_ for some slides.
Thank You

More Related Content

PDF
How to Setup A Pen test Lab and How to Play CTF
byn|u - The Open Security Community
 
PDF
Stealth post-exploitation with phpsploit
byNullbyte Security Conference
 
PDF
Firmware Extraction & Fuzzing - Jatan Raval
byNSConclave
 
PDF
Nullcon Hack IM 2011 walk through
byAnant Shrivastava
 
ODP
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
byMauro Risonho de Paula Assumpcao
 
PDF
Introducing OWASP OWTF Workshop BruCon 2012
byAbraham Aranguren
 
PPTX
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGI
byMax Tepkeev
 
PDF
Aide 2014 - Fundamentals of Linux Privilege Escalation
bynullthreat
 
How to Setup A Pen test Lab and How to Play CTF
byn|u - The Open Security Community
 
Stealth post-exploitation with phpsploit
byNullbyte Security Conference
 
Firmware Extraction & Fuzzing - Jatan Raval
byNSConclave
 
Nullcon Hack IM 2011 walk through
byAnant Shrivastava
 
2015 mindthesec mauro risonho de paula assumpcao rev01 firebits
byMauro Risonho de Paula Assumpcao
 
Introducing OWASP OWTF Workshop BruCon 2012
byAbraham Aranguren
 
EuroPython 2014 - How we switched our 800+ projects from Apache to uWSGI
byMax Tepkeev
 
Aide 2014 - Fundamentals of Linux Privilege Escalation
bynullthreat
 

What's hot

ODP
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
byMauro Risonho de Paula Assumpcao
 
PDF
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
byPriyanka Aash
 
PDF
窺探職場上所需之資安專業技術與能力 Tdohconf
byjack51706
 
PPTX
uWSGI - Swiss army knife for your Python web apps
byTomislav Raseta
 
PDF
Raptor web application firewall
byAntonio Costa aka Cooler_
 
PDF
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
byAndrea Draghetti
 
PDF
Down by the Docker
byNotSoSecure Global Services
 
PDF
0d1n
byAntonio Costa aka Cooler_
 
PDF
Kernel Recipes 2013 - Kernel for your device
byAnne Nicolas
 
PDF
Volatility101
byApril Mardock CISSP
 
PPT
Subversion @ JUG Milano 11 dic 2009
byAndrea Francia
 
PDF
Bz backtrack.usage
bydjenoalbania
 
PDF
Having fun with Raspberry(s) and Apache projects
byJean-Frederic Clere
 
PPTX
如何利用 Docker 強化網站安全
byTim Hsu
 
PDF
Rear automated testing with Bareos
byGratien D'haese
 
PPTX
Nginx warhead
bySergey Belov
 
PDF
Ggplot2 Installation Instructions
byVinita Silaparasetty
 
PDF
44CON London 2015 - Is there an EFI monster inside your apple?
by44CON
 
PDF
Talk NullByteCon 2015
byRoberto Soares
 
PDF
Manage custom kernel builds
byMarian Marinov
 
Owasp owtf the offensive (web) testing framework + ptes penetration testing e...
byMauro Risonho de Paula Assumpcao
 
Follow the White Rabbit: Simplifying Fuzz Testing Using FuzzExMachina
byPriyanka Aash
 
窺探職場上所需之資安專業技術與能力 Tdohconf
byjack51706
 
uWSGI - Swiss army knife for your Python web apps
byTomislav Raseta
 
Raptor web application firewall
byAntonio Costa aka Cooler_
 
[English] BackBox Linux and Metasploit: A practical demonstration of the Shel...
byAndrea Draghetti
 
Down by the Docker
byNotSoSecure Global Services
 
0d1n
byAntonio Costa aka Cooler_
 
Kernel Recipes 2013 - Kernel for your device
byAnne Nicolas
 
Volatility101
byApril Mardock CISSP
 
Subversion @ JUG Milano 11 dic 2009
byAndrea Francia
 
Bz backtrack.usage
bydjenoalbania
 
Having fun with Raspberry(s) and Apache projects
byJean-Frederic Clere
 
如何利用 Docker 強化網站安全
byTim Hsu
 
Rear automated testing with Bareos
byGratien D'haese
 
Nginx warhead
bySergey Belov
 
Ggplot2 Installation Instructions
byVinita Silaparasetty
 
44CON London 2015 - Is there an EFI monster inside your apple?
by44CON
 
Talk NullByteCon 2015
byRoberto Soares
 
Manage custom kernel builds
byMarian Marinov
 

Similar to OWASP Bangalore : OWTF demo : 13 Dec 2014

PDF
OWASP OWTF - Summer Storm - OWASP AppSec EU 2013
byAbraham Aranguren
 
PDF
Automating Security Testing with the OWTF
byJerod Brennen
 
PPTX
Pentesting like a grandmaster with owtf
byViyat Bhalodia
 
PDF
Null July - OWTF - Bharadwaj Machiraju
byRaghunath G
 
PDF
Legal and efficient web app testing without permission
byAbraham Aranguren
 
PDF
Offensive (Web, etc) Testing Framework: My gift for the community - BerlinSid...
byAbraham Aranguren
 
PDF
Abraham aranguren. legal and efficient web app testing without permission
byYury Chemerkin
 
PPTX
OpenNTF: Past, Present, and Future
byLetsConnect
 
OWASP OWTF - Summer Storm - OWASP AppSec EU 2013
byAbraham Aranguren
 
Automating Security Testing with the OWTF
byJerod Brennen
 
Pentesting like a grandmaster with owtf
byViyat Bhalodia
 
Null July - OWTF - Bharadwaj Machiraju
byRaghunath G
 
Legal and efficient web app testing without permission
byAbraham Aranguren
 
Offensive (Web, etc) Testing Framework: My gift for the community - BerlinSid...
byAbraham Aranguren
 
Abraham aranguren. legal and efficient web app testing without permission
byYury Chemerkin
 
OpenNTF: Past, Present, and Future
byLetsConnect
 

More from Anant Shrivastava

PDF
Android Tamer BH USA 2016 : Arsenal Presentation
byAnant Shrivastava
 
PDF
Android Tamer: Virtual Machine for Android (Security) Professionals
byAnant Shrivastava
 
PDF
Snake bites : Python for Pentesters
byAnant Shrivastava
 
PDF
Tale of Forgotten Disclosure and Lesson learned
byAnant Shrivastava
 
PDF
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
PDF
SSL Pinning and Bypasses: Android and iOS
byAnant Shrivastava
 
PDF
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
byAnant Shrivastava
 
PPTX
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
byAnant Shrivastava
 
PDF
Raspberry pi Beginners Session
byAnant Shrivastava
 
PPTX
Career In Information security
byAnant Shrivastava
 
PDF
WhitePaper : Security issues in android custom rom
byAnant Shrivastava
 
PDF
Exploiting publically exposed Version Control System
byAnant Shrivastava
 
PDF
My tryst with sourcecode review
byAnant Shrivastava
 
PDF
Null bhopal Sep 2016: What it Takes to Secure a Web Application
byAnant Shrivastava
 
PDF
When the internet bleeded : RootConf 2014
byAnant Shrivastava
 
PDF
Web application finger printing - whitepaper
byAnant Shrivastava
 
PDF
Security Issues in Android Custom ROM
byAnant Shrivastava
 
PDF
Slides null puliya linux basics
byAnant Shrivastava
 
PDF
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
byAnant Shrivastava
 
PDF
Diverseccon keynote: My 2 Paisa's on Infosec World
byAnant Shrivastava
 
Android Tamer BH USA 2016 : Arsenal Presentation
byAnant Shrivastava
 
Android Tamer: Virtual Machine for Android (Security) Professionals
byAnant Shrivastava
 
Snake bites : Python for Pentesters
byAnant Shrivastava
 
Tale of Forgotten Disclosure and Lesson learned
byAnant Shrivastava
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
byAnant Shrivastava
 
SSL Pinning and Bypasses: Android and iOS
byAnant Shrivastava
 
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
byAnant Shrivastava
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
byAnant Shrivastava
 
Raspberry pi Beginners Session
byAnant Shrivastava
 
Career In Information security
byAnant Shrivastava
 
WhitePaper : Security issues in android custom rom
byAnant Shrivastava
 
Exploiting publically exposed Version Control System
byAnant Shrivastava
 
My tryst with sourcecode review
byAnant Shrivastava
 
Null bhopal Sep 2016: What it Takes to Secure a Web Application
byAnant Shrivastava
 
When the internet bleeded : RootConf 2014
byAnant Shrivastava
 
Web application finger printing - whitepaper
byAnant Shrivastava
 
Security Issues in Android Custom ROM
byAnant Shrivastava
 
Slides null puliya linux basics
byAnant Shrivastava
 
Owasp Mobile Risk M2 : Insecure Data Storage : null/OWASP/G4H Bangalore Aug 2014
byAnant Shrivastava
 
Diverseccon keynote: My 2 Paisa's on Infosec World
byAnant Shrivastava
 

Recently uploaded

PDF
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
PDF
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
PDF
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
DOCX
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
PPTX
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
PDF
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
PDF
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
PPTX
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
PPTX
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
PDF
The year in review - MarvelClient in 2025
bypanagenda
 
PDF
API-First Architecture in Financial Systems
bycyy111112
 
PPTX
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
PDF
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
PPTX
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
PDF
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
PPTX
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
PPTX
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
PPTX
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
PDF
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
PDF
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 
Dev Dives: AI that builds with you - UiPath Autopilot for effortless RPA & AP...
byUiPathCommunity
 
Real-Time Data Insight Using Microsoft Forms for Business
byElevate
 
Data Virtualization in Action: Scaling APIs and Apps with FME
bySafe Software
 
iRobot Post‑Mortem and Alternative Paths - Discussion Document for Boards and...
byDave Litwiller
 
Coded Agents – with UiPath SDK + LangGraph [Virtual Hands-on Workshop]
byUiPathCommunity
 
Unlocking the Power of Salesforce Architecture: Frameworks for Effective Solu...
byvarsha30tiwari
 
Eredità digitale sugli smartphone: cosa resta di noi nei dispositivi mobili
bySpeck&Tech
 
DYNAMICALLY.pptx good for the teachers or students to do seminars and for tea...
bympoorvika031
 
Cloud-and-AI-Platform-FY26-Partner-Playbook.pptx
byiuiuiuiu1
 
The year in review - MarvelClient in 2025
bypanagenda
 
API-First Architecture in Financial Systems
bycyy111112
 
wob-report.pptxwob-report.pptxwob-report.pptx
byssuser0d171c
 
Access Control 2025: From Security Silo to Software-Defined Ecosystem
byMemoori
 
Unit-4-ARTIFICIAL NEURAL NETWORKS.pptx ANN ppt Artificial neural network
byssuserd4481a
 
Six Shifts For 2026 (And The Next Six Years)
byDavid Armano
 
AI in Cybersecurity: Digital Defense by Yasir Naveed Riaz
byYasir Naveed Riaz
 
Building Cyber Resilience for 2026: Best Practices for a Secure, AI-Driven Bu...
byYasir Naveed Riaz
 
AI's Impact on Cybersecurity - Challenges and Opportunities
byYasir Naveed Riaz
 
Usage Control for Process Discovery through a Trusted Execution Environment
byValerioGoretti
 
Decoding the DNA: The Digital Networks Act, the Open Internet, and IP interco...
byCSUC - Consorci de Serveis Universitaris de Catalunya
 

OWASP Bangalore : OWTF demo : 13 Dec 2014