OWTF 2.0a "Tikka Masala" is here! See the release announcement to get started.

Offensive Web Testing Framework

OWASP OWTF is a project that aims to make security assessments as efficient as possible by automating the manual, uncreative part of pen testing.

It provides out-of-box support for the OWASP Testing Guide, the NIST and the PTES standards.

Easy to Use

  • Web UI. Now configure and monitor OWTF via a responsive and powerful interface accessible via your browser. The web interface is based on Twitter Bootstrap, making it easy to customize.
  • Exposes RESTful APIs to all core OWTF capabilties.
  • Unites popular tools

  • Instead of implementing yet another spider (a hard job), OWTF will scrub the output of all tools/plugins run to gather as many URLs as possible.
  • Scan by various aggression levels: OWTF supports scans which are based on the aggressiveness of the plugins/tools invoked.
  • Extensible OWTF manages tools through 'plugins' making it trivial to add new tools.
  • Kali Linux ready!

  • OWTF has been developed keeping Kali Linux in mind, but it also supports other pentesting distros such as Samurai-WTF, etc.
  • Tool paths and configuration can be easily modified in the web interface.
  • Unique features

    Fastest Python MiTM proxy yet!
    Crash
    reporting directly to Github issue tracker
    Comprehensive interactive report at end of each scan
    Easy plugin-based system; currently 100+ plugins!
    CLI and web interface

    Video: Release preview


    Screenshots

    OWTF screenshots

    Getting started with OWTF!

    Getting started with OWTF is easy. Install using the bootstrap script (see below) or get the bleeding-edge code from Github repo to install from the command line. Full documentation here.
    wget -N https://raw.githubusercontent.com/owtf/bootstrap-script/master/bootstrap.sh; bash bootstrap.sh

    or

    git clone -b <branch> http://www.github.com/owtf/owtf.git <folder-name>