OWASP OWTF
OWTF is taking part in the Google Summer of Code 2025 ! If you’d like to participate then see the OWASP Google Summer of Code 2025 Ideas page!
OWTF aims to make pen testing:
- Aligned with OWASP Testing Guide + PTES + NIST
- More efficient
- More comprehensive
- More creative and fun (minimise un-creative work)
so that pentesters will have more time to
- See the big picture and think out of the box
- More efficiently find, verify and combine vulnerabilities
- Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
- Perform more tactical/targeted fuzzing on seemingly risky areas
- Demonstrate true impact despite the short timeframes we are typically given to test.
You can get the latest version of OWASP OWTF by cloning the develop branch at https://github.com/owtf/owtf
OWTF attempts to solve the “penetration testers are never given enough time to test properly” problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are:
- To improve security testing efficiency (i.e. test more in less time)
- To improve security testing coverage (i.e. test more)
- Gradually integrate the best tools
- Unite the best tools and make them work together with the security tester
- Remove or Reduce the need to babysit security tools during security assessments
- Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses.
- Help penetration testers save time on report writing
Involvement in the development and promotion of OWTF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Send us a pull request
- Give us feedback / suggestions / report bugs
- Talk to us on Slack (#owtf or #project-owtf)
- Join our OWTF developers mailing list
- Join the general OWTF mailing list
- OWTF selected for GSoC 2022, 2023, 2024, and is looking for people to participate in for 2025!
- August 2018 - OWTF goes to Blackhat Arsenal once again!
- August 2017 - OWTF goes to Blackhat Arsenal
ToolsWatch Annual Best Free/Open Source Security Tool Survey:
- April 6th, 2017 - OWTF 2.1a “Chicken Korma” is here!
- April 6th, 2017 - OWTF 2.1a “Chicken Korma” is here!
- May 7th, 2016 - OWTF 2.0a “Tikka Masala” is here!
-
May 7th, 2016 - OWTF 2.0a “Tikka Masala” is here!
- February 29th, 2016 - OWASP is selected for GSoC 2016 - OWTF is participating!
-
February 29th, 2016 - OWASP is selected for GSoC 2016 - OWTF is participating!
- July 10th, 2015 - OWTF got 3 slots in the OWASP Summer Code Sprint 2015!
-
July 10th, 2015 - OWTF got 3 slots in the OWASP Summer Code Sprint 2015!
- June 19th, 2015 - OWTF is taking part in the OWASP Summer Code Sprint 2015
-
June 19th, 2015 - OWTF is taking part in the OWASP Summer Code Sprint 2015
- October 15, 2014 - OWTF is taking part in the OWASP Winter Code Sprint!
-
October 15, 2014 - OWTF is taking part in the OWASP Winter Code Sprint!
- October 15, 2014 - OWTF 1.0.1 “Lionheart” released! - Fixed a major installation bug caused due to wrong handling of requirements by pip
-
October 15, 2014 - OWTF 1.0.1 “Lionheart” released! - Fixed a major installation bug caused due to wrong handling of requirements by pip
- October 5th 2014 - OWTF 1.0 “Lionheart” released!
-
October 5th 2014 - OWTF 1.0 “Lionheart” released!
- September 26th 2014 - OWTF 1.0 “Lionheart” presented at Brucon!
-
September 26th 2014 - OWTF 1.0 “Lionheart” presented at Brucon!
- September 4th 2014 - - OWTF participating in OWASP Winter Code Sprint
-
September 4th 2014 - - OWTF participating in OWASP Winter Code Sprint
- January 13th 2014 - OWTF 0.45.0 “Winter Blizzard” released!
-
January 13th 2014 - OWTF 0.45.0 “Winter Blizzard” released!
- December 11th 2013 - OWASP OWTF CFP funds contest WINNERS announced
-
December 11th 2013 - OWASP OWTF CFP funds contest WINNERS announced
- September 8th 2013 - OWASP OWTF CFP funds contest open!
-
September 8th 2013 - OWASP OWTF CFP funds contest open!
- August 22nd-23rd 2013 - Introducing OWASP OWTF 5x5 @ OWASP AppSec EU
-
August 22nd-23rd 2013 - Introducing OWASP OWTF 5x5 @ OWASP AppSec EU
- August 9th 2013 - OWTF 0.30 “Summer Storm II” released!
-
August 9th 2013 - OWTF 0.30 “Summer Storm II” released!
- July 1st 2013 - OWTF 0.20 “Summer Storm I” released!
-
July 1st 2013 - OWTF 0.20 “Summer Storm I” released!
- June 12th 2013 - OWASP OWTF GSoC Selection, Stats and Poll
-
June 12th 2013 - OWASP OWTF GSoC Selection, Stats and Poll
- May 24th 2013 - OWASP OWTF 0.16 “shady citizen” released, now working smoothly in Kali!
-
May 24th 2013 - OWASP OWTF 0.16 “shady citizen” released, now working smoothly in Kali!
- April 22nd - May 3rd 2013 - Call for Student Proposals: OWASP OWTF will be part of the Google Summer of Code 2013
-
April 22nd - May 3rd 2013 - Call for Student Proposals: OWASP OWTF will be part of the Google Summer of Code 2013
- April 24th 2013 - Pentesting like a Grandmaster with OWASP OWTF to be presented at BSides London 2013
-
April 24th 2013 - Pentesting like a Grandmaster with OWASP OWTF to be presented at BSides London 2013
- February 26th 2013 - OWASP OWTF selected to be supported by Brucon 5x5
-
February 26th 2013 - OWASP OWTF selected to be supported by Brucon 5x5
- September 26th 2012 - OWASP OWTF Workshop at Brucon
-
September 26th 2012 - OWASP OWTF Workshop at Brucon
- September 24th 2012 - OWASP OWTF 0.15 BruCon released!
- September 24th 2012 - OWASP OWTF 0.15 BruCon released!
We have been helped by many organizations, either financially or through other means:
- OWASP
- eLearnSecurity
- BruCon
- Browserstack for providing a platform to test OWTF on multiple devices!
The following links provide access to materials for OWTF talks (video, slides, etc.):
- OWTF Talks at 7-a.org
- You can see what OWASP OWTF is here - http://www.youtube.com/embed/H6Ut8U9a5KE
- OWASP OWTF 1.0 “Lionheart” - Brucon 2014 5x5 - https://www.youtube.com/embed/j2UoAsOLMB4
- OWASP AppSec EU 2013: Introducing OWASP OWTF 5x5 - http://www.youtube.com/embed/Vpca4-OlZqs
- OWTF Playlists with Demos/Talks on Youtube
- Some OWTF presentation slides
- More OWTF Talk links
For more videos please see the YouTube channel