OWTF -- Web Application Vulnerability Scanner
Found this semi-new web app scanner released by OWASP, and thought I'de do a quick write up on it after taking it for a test drive.
It will be nice to have a broader baseline for general web application probes. I already test against the OWASP top 10 as a guideline, but providing an automated baseline that isn't reliant on a single tool is often important validation for a customer. After recon and manual exploration, I'll run a few automated web scanners, than parse those results, before diving into targeted exploitation.
This tool is pretty nice because of how inclusive it is. When you add it to backtrack it launches a lot of the recon tools along side it, and amalgamates their results into it's own, then generates a nice html doc. It also has verbose output of all the different tests it attempted and what it was trying to exploit in the process (this is provided in the report as well, for 'what tests did you run?' type of question). The html doc is a bit messy to work through, but includes some filter options for categories of results. You can also get the detailed requests when you find a vulnerability, which usually works as a nice starting point or PoC.
My only issue with it thus far, other than being overly redundant and noisy in scanning, is that there are so few options for fine-tuning your scans. It's a python program, and runs with few switches from the command line. You can use the -t flag with either 'active' or 'quite' to run either more active scans (sending packets to target) or more passive scans (using 3rd party services such as Google). Or you can use the -e flag to exclude a specific OWASP-CM (scan profile). You can run only specific OWASP-CMs with the -o flag, if you are doing a retest or only testing for a specific vulnerability. There's also customizable config files! I haven't dug too deep into the config files yet, but I did notice it supports the feature for remote hosting and scanning.
http://code.google.com/p/owtf/wiki/Configuration
It's super easy to set up and run, simply extract it to it's own directory in Backtrack, and issue the following command: python owtf.py [target]
https://www.owasp.org/index.php/OWASP_OWTF
and here's a presentation on the framework:
https://www.youtube.com/watch?feature=player_embedded&v=H6Ut8U9a5KE
It will be nice to have a broader baseline for general web application probes. I already test against the OWASP top 10 as a guideline, but providing an automated baseline that isn't reliant on a single tool is often important validation for a customer. After recon and manual exploration, I'll run a few automated web scanners, than parse those results, before diving into targeted exploitation.
This tool is pretty nice because of how inclusive it is. When you add it to backtrack it launches a lot of the recon tools along side it, and amalgamates their results into it's own, then generates a nice html doc. It also has verbose output of all the different tests it attempted and what it was trying to exploit in the process (this is provided in the report as well, for 'what tests did you run?' type of question). The html doc is a bit messy to work through, but includes some filter options for categories of results. You can also get the detailed requests when you find a vulnerability, which usually works as a nice starting point or PoC.
My only issue with it thus far, other than being overly redundant and noisy in scanning, is that there are so few options for fine-tuning your scans. It's a python program, and runs with few switches from the command line. You can use the -t flag with either 'active' or 'quite' to run either more active scans (sending packets to target) or more passive scans (using 3rd party services such as Google). Or you can use the -e flag to exclude a specific OWASP-CM (scan profile). You can run only specific OWASP-CMs with the -o flag, if you are doing a retest or only testing for a specific vulnerability. There's also customizable config files! I haven't dug too deep into the config files yet, but I did notice it supports the feature for remote hosting and scanning.
http://code.google.com/p/owtf/wiki/Configuration
It's super easy to set up and run, simply extract it to it's own directory in Backtrack, and issue the following command: python owtf.py [target]
https://www.owasp.org/index.php/OWASP_OWTF
and here's a presentation on the framework:
https://www.youtube.com/watch?feature=player_embedded&v=H6Ut8U9a5KE