OWTF - Offensive Web Testing Framework

OWTF - Offensive Web Testing Framework

OWTF (Offensive Web Testing Framework) is a framework that allows you to automate the manual and uncreative parts of pen testing. This way the penetration testers will have more time to:
  • See the big picture and think out of the box.
  • More efficiently find, verify and combine vulnerabilities.
  • Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions.
  • Perform more tactical/targeted fuzzing on seemingly risky areas.
  • Demonstrate true impact despite the short timeframes.

It provides out-of-box support for the OWASP Testing Guide, the NIST and the PTES standards.

The tool is highly configurable and anybody can trivially create simple plugins or add new tests in the configuration files without having any development experience.


  • Resilience: If one tool crashes OWTF, will move on to the next tool/test, saving the partial output of the tool until it crashed.
  • Flexibile: Pause and resume your work.
  • Tests Separation: OWTF separates its traffic to the target into mainly 3 types of plugins:
    • Passive: No traffic goes to the target
    • Semi Passive: Normal traffic to target
    • Active: Direct vulnerability probing
  • Extensive REST API.
  • Has almost complete OWASP Testing Guide(v3, v4), Top 10, NIST, CWE coverage.
  • Web interface: Easily manage large penetration engagements easily.
  • Interactive report:
    • Automated plugin rankings from the tool output, fully configurable by the user.
    • Configurable risk rankings
    • In-line notes editor for each plugin.

No comments

Powered by Blogger.