OWTF - Offensive Web Testing Framework
OWTF (Offensive Web Testing Framework) is a framework that allows you to automate the manual and uncreative parts of pen testing. This way the penetration testers will have more time to:
- See the big picture and think out of the box.
- More efficiently find, verify and combine vulnerabilities.
- Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions.
- Perform more tactical/targeted fuzzing on seemingly risky areas.
- Demonstrate true impact despite the short timeframes.
It provides out-of-box support for the OWASP Testing Guide, the NIST and the PTES standards.
The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.
Features:
- Resilience: If one tool crashes OWTF, will move on to the next tool/test, saving the partial output of the tool until it crashed.
- Flexibile: Pause and resume your work.
- Tests Separation: OWTF separates its traffic to the target into mainly 3 types of plugins:
- Passive: No traffic goes to the target
- Semi Passive: Normal traffic to target
- Active: Direct vulnerability probing
- Extensive REST API.
- Has almost complete OWASP Testing Guide(v3, v4), Top 10, NIST, CWE coverage.
- Web interface: Easily manage large penetration engagements easily.
- Interactive report:
- Automated plugin rankings from the tool output, fully configurable by the user.
- Configurable risk rankings
- In-line notes editor for each plugin.
You might also like:
- XSS Shell - XSS Backdoor & Zombie Manager
- EtherApe - A Graphical Network Monitor
- PACK - Password Analysis and Cracking Toolkit
- TYFYP - Massive Telnet Password Tester For Routers
- OpenSSH - A Free SSH Protocol Suite
- RACFSNOW - Password Cracker For RACF
- DDOSIM - Application Layer DDOS Simulator
- Rekall - Memory Forensic Framework
- PeStudio - Malware Initial Assessment Tool
- Hasher - Tool For Creating & Comparing Hashes
- NIELD - Network Interface Events Logging Daemon
- BlackArch Linux - Penetration Testing Distribution
- AIEngine - An Artificial Intelligent Intrusion Detection System Engine
- GoldenEye - Denial of Service (DoS) Attack Tool
- Simple Packet Sender - A Linux Packet Crafting Tool
- ExifTool - Tool For Reading, Writing and Editing Meta Information In Files
- DirBuster - File & Directory Brute Forcing Tool
from Effect Hacking full article here