OWTF: OWASP Offensive Web Testing Framework

OWTF is OWASP’s (Open Web Application Security Project) Offensive Web Testing Framework. This tool automates the manual and un-creative part of pen-testing. OWASP’s project OWTF is focused on penetration testing efficiency and alignment of security testing standards.

This framework will help pen-testers to:

1) View big picture and think out of the box.
2) More efficiently find and verify vulnerabilities.
3) Due to automation, gets more time to work on complex vulnerabilities.
4) Perform more fuzzing on apparently risky parts.

The tool is highly user friendly and can be used by anyone without developing skills. Although, understanding and experience will be required to further investigate and use the output.

Features

Resilience

It allows OWTF to store partial output when a tool crashes. It will store the output and allow pen-tester to monitor processes.

Flexibility 

It allows pausing the processes when network connection of host or victim goes down. You can resume them later, avoiding loosing data.

Easy to Use API

OWTF uses PostgreSQl on back-end, enabling pen-testers to handle all functions and options through APIs. Pen-tester can add new feature with less efforts.

OWTF supports many popular pen testing standards making it considerable by pen-testers and ethical hackers. Its responsive interface enable user to easily work on it without developing skills.

Prerequisites

There are few packages which are mandatory before you proceed
• Git client: sudo apt-get install git
• Python 2.7, installed by default in most systems
• Wget: sudo apt-get install wget

Manual installation of OWTF is nothing but cloning the repository and running the install script
git clone https://github.com/owtf/owtf.git