Offensive Web Testing Framework
OWASP OWTF is a project that aims to make security assessments as efficient as possible by automating the manual, uncreative part of pen testing. It provides out-of-box support for the OWASP Testing Guide, the NIST and the PTES standards.
Easy to Use
Unites popular tools
Use OWTF anywhere!
Fastest Python MiTM proxy yet!
Comprehensive interactive report at end of each scan
Easy plugin-based system; currently 100+ plugins!
CLI and web interface
Video: Release preview
Tested on
Getting started with OWTF!
pip install git+https://github.com/owtf/owtf#egg=owtf or clone the repo and python setup.py install
To run OWTF on Windows or MacOS, use the Dockerfile (requires Docker installed) provided to try OWTF:
make docker-build && make docker-run
- Open
~/.owtf/conf
and changeSERVER_ADDR: 127.0.0.1
toSERVER_ADDR: 0.0.0.0
. - Create a virtualenv,
virtualenv env
and activate itsource env/bin/activate
. - Install and run OWTF.
cd owtf/; python setup.py develop && python -m owtf
- Open
localhost:8009
for OWTF web interface.