OWASP OWTF

OWASP Flagship Github stars

logo

OWTF is taking part in the Google Summer of Code 2020 ! If you’d like to participate then see the OWASP Google Summer of Code 2020 Ideas page!

OWTF aims to make pen testing:

  • Aligned with OWASP Testing Guide + PTES + NIST
  • More efficient
  • More comprehensive
  • More creative and fun (minimise un-creative work)

so that pentesters will have more time to

  • See the big picture and think out of the box
  • More efficiently find, verify and combine vulnerabilities
  • Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
  • Perform more tactical/targeted fuzzing on seemingly risky areas
  • Demonstrate true impact despite the short timeframes we are typically given to test.

The latest version of OWASP OWTF is OWTF 2.3b “MacinOWTF”.

OWTF attempts to solve the “penetration testers are never given enough time to test properly” problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are:

  • To improve security testing efficiency (i.e. test more in less time)
  • To improve security testing coverage (i.e. test more)
  • Gradually integrate the best tools
  • Unite the best tools and make them work together with the security tester
  • Remove or Reduce the need to babysit security tools during security assessments
  • Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses.
  • Help penetration testers save time on report writing

Involvement in the development and promotion of OWTF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:


ToolsWatch Annual Best Free/Open Source Security Tool Survey:


We have been helped by many organizations, either financially or through other means:


The following links provide access to materials for OWTF talks (video, slides, etc.):

For more videos please see the YouTube channel