OWASP OWTF

Offensive Web Testing Framework (OWTF), is an OWASP+PTES focused try to unite great tools and make pen testing more efficient, written mostly in Python.

About OWASP OWTF

OWTF aims to make pen testing: • Aligned with OWASP Testing Guide + PTES + NIST • More creative and fun (minimise un-creative work) so that pentesters will have more time to • See the big picture and think out of the box • More efficiently find, verify and combine vulnerabilities • Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions • Perform more tactical/targeted fuzzing on seemingly risky areas • Demonstrate true impact despite the short timeframes we are typically given to test. OWTF attempts to solve the “penetration testers are never given enough time to test properly” problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are: • To improve security testing efficiency (i.e. test more in less time) • To improve security testing coverage (i.e. test more) • Gradually integrate the best tools • Unite the best tools and make them work together with the security tester • Remove or Reduce the need to babysit security tools during security assessments • Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses. • Help penetration testers save time on report writing

Project Resources

• OWASP Google Summer of Code 2025 Ideas page

• Send us a pull request

• Give us feedback / suggestions / report bugs

• Slack

• Join our OWTF developers mailing list

• Join the general OWTF mailing list

• Blackhat Arsenal

• 10th

• OWTF 2.1a “Chicken Korma”

• OWTF 2.0a “Tikka Masala” is here!

• OWASP is selected for GSoC 2016 - OWTF is participating!

• OWTF got 3 slots in the OWASP Summer Code Sprint 2015!

• OWTF is taking part in the OWASP Summer Code Sprint 2015

• OWTF is taking part in the OWASP Winter Code Sprint!

• OWTF 1.0 “Lionheart” released!

• OWTF 1.0 “Lionheart” presented at Brucon!

Project Information

Corporate Supporters

OWASP is a nonprofit foundation improving software security through open-source projects, global communities, and education. All resources are free and open to everyone.

Quick Links

Projects Chapters Corporate Supporters Events News About Finance Board Board EU Community Visit Store

Legal

Socials

LinkedIn GitHub X (Twitter)Facebook YouTube

OWASP, the OWASP logo, and Global AppSec are registered trademarks and AppSec Days, AppSec California, AppSec Cali, SnowFROC, OWASP Boston Application Security Conference, and LASCON are trademarks of the OWASP Foundation, Inc.