-
Notifications
You must be signed in to change notification settings - Fork 482
FAQ
Q: I have issues upgrading. Could you help?
A: Sure, but please do have a look at the upgrading guide first :) https://github.com/owtf/owtf/wiki/Updates-%26-Maintainance
Q: OWTF cannot find my tools / I get errors in the report saving that "the path was not found" / Is this only for Backtrack?:
A: OWTF is highly configurable and should run on most Linux flavours (maybe some UNIX cousins too). The configuration files for now are:
- owtf_dir/profiles/general/default.cfg -> General configuration: Tool locations, Icons for review, Default settings, etc
- owtf_dir/profiles/resources/default.cfg -> Defines how tools will be run + external links to useful resources and online tools
- owtf_dir/profiles/web_plugin_order/default.cfg -> Defines the order in which web plugins will be run
- owtf_dir/framework/config/framework_config.cfg -> Internal framework configuration (you can break a lot here, backup first!!)
The idea of the profiles is that the user should be able to define different profiles for different tests as they wish: There is an experimental option in the command line to load a profile from a specific file location. So, depending of the kind of tests you are doing you can define a different way to run tools, set defaults, etc
IMPORTANT: You should backup the file prior to modifying it + backup the profiles directory always, before upgrading OWTF.
NOTE: The configuration file defaults to Backtrack paths for the simple reason that most tools are already there (convenience)
Regarding the use of Backtrack over other Linux options, that is personal preference: You will have a little bit less configuration changes to make on Backtrack (more convenience), that is all.
Q: Do I have to install all these tools?
A: No! OWTF does not care if the tool exists or not, if it does not exist you will see a shell error on the report, that's all :) All the other tools will be run for you without issues
Q: I have to ^C some plugins and press Enter to go to the next one / Tool output is delayed:
A: There should be no need to Control + C plugins: what happens is that output from the command takes some time to appear on the screen (longer than if you ran the tool by hand) due to some strange python buffer thing, the command is normally really working and will eventually execute or die but finish either way.
This wiki and the OWTF README document contains a lot of information, please take your time and read these instructions carefully.
We provide a CHANGELOG that provides details about almost every OWTF release.
Be sure to read the CONTRIBUTING guidelines before reporting a new OWTF issue or opening a pull request.
If you have any questions about the OWTF usage or want to share some information with the community, please go to one of the following places:
- IRC channel
#owtf(irc.freenode.net)
Google Summer of Code 2018 Guide
Installation
Getting Started
- Define where your tools are
- Run OWASP OWTF
- HTTP Auth Configurations
- Simulation mode
- AUX plugins usage
- FAQ
SET usage
Cookbooks (GSoC 2014 Projects UPDATE)
-
Zest Integration:
- Quick Guide to get started with Zest,ZAP and Replay
- Zest and ZAP API Installation
- Zest and ZAP integration Introduction
- Zest Runner module
- Forward HTTP request to ZAP
- Zest script creation from single HTTP transaction
- Zest script creation from multiple HTTP transactions
- Zest Script Creator module
- HTTP Request Editing Window (Replay Function)
- Zest Script Recording Functionality
- Zest scripting console
Development
-
Plugins:
-
Tests:
Contact