OWASP OWTF is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST so that pentesters will have more time to
The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.
Note: This tool is however not a silverbullet and will only be as good as the person using it: Understanding and experience will be required to correctly interpret tool output and decide what to investigate further in order to demonstrate impact.
OWTF is developed on KaliLinux and macOS but it is made for Kali Linux (or other Debian derivatives)
OWTF supports both Python2 and Python3.
Dependencies: Install Homebrew (https://brew.sh/) and follow the steps given below:
$ python3 -m venv ~/.virtualenvs/owtf
$ source ~/.virtualenvs/owtf/bin/activate
$ brew install coreutils gnu-sed openssl
# We need to install 'cryptography' first to avoid issues
$ pip install cryptography --global-option=build_ext --global-option="-L/usr/local/opt/openssl/lib" --global-option="-I/usr/local/opt/openssl/include"
Recommended:
docker is installed (https://www.docker.com/products/docker-desktop)Using a virtualenv is highly recommended!
Please make sure you have Docker installed!
Run make startdb to create and start the PostgreSQL server in a Docker container. In the default configuration, it listens on port 5342 exposed from Docker container.
You can also use a script to this for you - find it in
scripts/db_setup.sh. You'll need to modify any hardcoded variables if you change the corresponding ones inowtf/settings.py.
Start the postgreSQL server,
brew install postgresql and pg_ctl -D /usr/local/var/postgres startsudo systemctl enable postgresql; sudo systemctl start postgresql or sudo service postgresql startCreate the owtf_db_user user,
psql postgres -c "CREATE USER $db_user WITH PASSWORD '$db_pass';"sudo su postgres -c "psql -c \"CREATE USER $db_user WITH PASSWORD '$db_pass'\""Create the database,
psql postgres -c "CREATE DATABASE $db_name WITH OWNER $db_user ENCODING 'utf-8' TEMPLATE template0;"sudo su postgres -c "psql -c \"CREATE DATABASE $db_name WITH OWNER $db_user ENCODING 'utf-8' TEMPLATE template0;\""pip install git+https://github.com/owtf/owtf#egg=owtf or clone the
repo and python setup.py develop.owtf and open localhost:8009 for the OWTF web interface or owtf --help for all available commands.Checkout LICENSE
Checkout Code of Conduct
#project-owtf