https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Ali+RazmjooOWASP - User contributions [en]2026-05-02T04:46:29ZUser contributionsMediaWiki 1.27.2https://wiki.owasp.org/index.php?title=GSoC2019_Ideas&diff=247930GSoC2019 Ideas2019-02-27T09:17:06Z<p>Ali Razmjoo: /* OHP (OWASP Honeypot) */</p>
<hr />
<div>=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
<br />
<br />
==OWASP-SKF (draft)==<br />
Idea 1: <br />
<br />
Build lab examples and write-ups (how to test) for different vulnerabilities over different technology stacks. These challenges are to be delivered in Docker so they can be <br />
<br />
easily deployed.<br />
<br />
In the current situation the security knowledge framework ultimately presents a list of security controls with correlating knowledge base items that contain a description and <br />
<br />
a solution. The new labs are used to give the software developers or application security specialists a more in depth understanding and approach on how to test the <br />
<br />
vulnerabilities in their own code. <br />
* For example we have now around 20 lab challenges in Docker container build in Python:<br />
** A Local File Inclusion Docker app example:<br />
*** https://github.com/blabla1337/skf-labs/tree/master/LFI<br />
** A write-up example:<br />
*** https://owasp-skf.gitbook.io/asvs-write-ups/filename-injection<br />
The images that are pushed to the Github repository are already automatically build and pushed to a docker registry where the SKF users can easily pull the images from to get their<br />
<br />
labs running. Of course they can download it and build it themselves from source by pulling the original repository. <br />
<br />
Idea 2: <br />
<br />
We want to extend the Machine learning chatbot functionality in SKF.<br />
* Create a desktop version of the chatbot. Where people can install the setup file on their local machine.<br />
* Extend the bots capability to do the google search(using web scraping) for the things which are not available in the database. So, it will have a wider scope of knowledge.<br />
* Extend the bot capability to reply what security controls should be followed from the ASVS and MASVS or other custom checklists that are present in SKF.<br />
* Extend the bot to different platforms like Facebook, telegram, slack etc.<br />
** Now the working chatbot implementation for example is only for Gitter<br />
<br />
== OWASP DefectDojo ==<br />
OWASP DefectDojo is a popular open source vulnerability management tool, used as the backbone for security programs. It is easy to get started with and work on! We welcome volunteers of all experience levels and are happy to provide mentorship.<br />
<br />
Option 1: Unit Tests - Difficulty: Easy<br />
* If you're new to programming, unit tests are short scripts designed to test a specific function of an application.<br />
* The project needs additional unit tests to ensure that new code functions properly. <br />
Option 2: Feature Enhancement - Difficulty: Varies<br />
* The functionality of DefectDojo is constantly expanding.<br />
* Feature enhancements offer programming challenges for all levels of experience.<br />
Option 3: Pull Request Review - Difficulty: Moderate - Hard<br />
* Test pull requests and provide feedback on code.<br />
<br />
<br />
<br />
== OHP (OWASP Honeypot) ==<br />
<br />
[[OWASP_Python_Honeypot|OWASP Honeypot]] is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
=== Getting Start ===<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to adding more modules and optimize the core.<br />
<br />
=== Technologies ===<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
=== Expected Results ===<br />
<br />
* Zero Bugs: Currently we may have several bugs in different conditions, and it's best to test the all functions and fix them<br />
* Monitoring: Right now monitoring limited to the connections (send&recieve) and it's best to store and analysis the contents for farther investigations and recognizing incoming attacks.<br />
* Duplicated codes: codes are complicated and duplicated in engine, should be fixed/clean up<br />
* New modules: add some creative ICS/Network/Web modules andvulnerable web applications, services and stuff<br />
* API: update API sync to all features<br />
* WebUI: Demonstrate and add API on WebUI and Live version with all features<br />
* WebUI Special Reports: Track the attacks more creative and provide high risk IPs<br />
* Database: Better database structure, faster and use queue<br />
* Data analysis: Analysis stored data and attack signatures<br />
* OWASP Top 10: Preparing useful processed/raw data for OWASP top 10 project<br />
<br />
=== Students Requirements ===<br />
<br />
* Python<br />
* Packet Analysis & Tshark & Libpcap<br />
* Docker<br />
* Database<br />
* Web Development Skills<br />
* Honeypot and Deception knowledge<br />
<br />
=== Mentors and Leaders ===<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo] (Mentor & Project Leader)<br />
* [mailto:ehsan@nezami.me Ehsan Nezami] (Mentor & Project Leader)<br />
* [mailto:reza.espargham@owasp.org Reza Espargham](Mentor)<br />
* [mailto:abiusx@owasp.org Abbas Naderi] (Mentor)<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and Angular. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the potential mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2019 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
''Coming up with good additional ideas for challenges in the proposal could make the difference between being selected or declined as a student for this project!''<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges)<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Hacking Instructor ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
While the Juice Shop is offering a lot of long-lasting motivation and challenges for security experts, it might be a bit daunting for newcomers and less experienced hackers.<br />
The "Hacking Instructor" as sketched in [https://github.com/bkimminich/juice-shop/issues/440 GitHub issue #440] could guide users from this target audience through at least some of the hacking challenges. As this would be an entirely new and relatively independent feature of the Juice Shop, students should be able to bring in their own creativity and ideas a lot.<br />
<br />
''For this project, a good proposal with a design & implementation proposal more sophisticated than the rough ideas in [https://github.com/bkimminich/juice-shop/issues/440 #440] is paramount to be selected as a student!''<br />
<br />
'''Expected Results:'''<br />
* A working implementation of e.g. an avatar-style "Hacking Instructor" or other solution based on the students own proposal<br />
* Coverage of at least the trivial (1-star) and some easy (2-star) challenges<br />
* Documentation how to configure or script the "Hacking Instructor" for challenges in general<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular, some UI/UX experience would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
=== Juice Shop Mobile ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
A complete mobile client for Juice-Shop API which will serve a legit mobile experience for Juice-Shop user as well as a plethora of Mobile app vulnerabilities and challenges around them to solve. Should in the best case translate the idea of Juice Shop's hacking challenges with a score board and success notifications into the mobile world.<br />
<br />
''Coming up with a sophisticated proposal (optimally even with a good initial sample implementation) could make the difference between being selected or declined as a student for this project!''<br />
<br />
''' Getting started '''<br />
* Get familiar with the architecture and code base of the application's RESTful backend<br />
* Get familiar with Native App developement<br />
* Get familiar with Mobile vulnerabilities<br />
<br />
'''Expected Results:'''<br />
* A mobile App with consistent UI/UX for Juice-Shop with standard client side vulnerabilities.<br />
* Sufficient initial release quality (en par with Juice Shop and Juice Shop CTF) to make it an official extension project hosted in its own GitHub repository ''bkimminich/juice-shop-mobile''<br />
* Code follows existing styleguides and applies similar quality gates regarding code smells, test coverage etc. as the main project.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) React Native and NodeJS/Express, some Mobile security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* Shoeb Patel - OWASP Juice Shop Contributor (and former GSoC 2018 Student)<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP-Securetea Tools Project ==<br />
The purpose of this application is to warn the user (via various communication mechanisms) whenever their laptop accessed. This small application was developed and tested in python in Linux machine is likely to work well on the Raspberry Pi as well. -<br />
https://github.com/OWASP/SecureTea-Project/blob/master/README.md<br />
<br />
===Brief Explanation===<br />
We are looking any awesome idea to improve Securetea Project that is not on this list? We are expecting make this project will be useful to everyone to secure their Small IoT. <br />
<br />
===Idea===<br />
Below roadmap and expect results you can choose to improve Securetea Project . <br />
if any bugs please help to fix it<br />
<br />
===Roadmap=== <br />
See Our Roadmap<br><br />
https://github.com/OWASP/SecureTea-Project#roadmap<br><br />
Notify by Twitter (done)<br><br />
Securetea Dashboard / Gui (done)<br><br />
<br />
===Expect Results ===<br />
<br><br />
Securetea Protection /firewall<br><br />
Securetea Antivirus<br><br />
Notify by Whatsapp<br><br />
Notify by SMS Alerts<br><br />
Notify by Line<br><br />
Notify by Telegram<br><br />
Intelligent Log Monitoring<br><br />
Login History<br><br />
=== Students Requirements ===<br />
<br />
* Python<br />
* Javascript <br />
* Angular and NodeJS/Express<br />
* Database<br />
* Linux<br />
<br />
=== Mentors === <br />
<br />
* [mailto:ade.putra@owasp.org Ade Yoseman Putra] - (OWASP Securetea Project Leader) <br><br />
* [mailto:rejah.rehim@owasp.org Rejah Rehim.A.A]]- (OWASP Securetea Project Leader)<br />
* [https://github.com/sananthu Ananthu S] - (Mentor)<br />
<br />
==OWASP OWTF==<br />
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.<br />
===OWASP OWTF - MiTM proxy interception and replay capabilities===<br />
'''Brief Explanation:'''<br />
<br />
The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).<br />
<br />
The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible<br />
*ability to intercept the transactions<br />
*modify or replay transaction on the fly<br />
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code<br />
Bonus:<br />
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).<br />
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)<br />
<br />
*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)<br />
*Create a browser instance and do the necessary login procedure<br />
*Handle the browser for the URI<br />
*When called to close the browser, do a clean logout and kill the browser instance.<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - Web interface enhancements===<br />
'''Brief explanation:'''<br />
<br />
The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - New plugin architecture===<br />
'''Brief explanation:'''<br />
<br />
The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.<br />
<br />
This issue is documented in detail at https://github.com/owtf/owtf/issues/905.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
<br />
== OWASP iGoat (draft) ==<br />
'''Idea 1:''' Completing OWASP iGoat documentation at https://docs.igoatapp.com/ and creating demo videos at for OWASP iGoat YouTube channel for learning purpose.<br />
<br />
'''Idea 2:''' Adding new challenge pack / CTF for iGoat. It should be one point solution for learning iOS app security<br />
<br />
== OWASP Seraphimdroid ==<br />
<br />
=== Idea 1: Anomaly detection of device state ===<br />
The idea is that certain features of a device would be constantly monitored (battery use, internet usage, opp calls, etc.). Initially, the usual behaviour of the device would be learned. Later, anomalies normal behavior would be reported to the user. This should involve some explanations, such as which applications are causing an anomaly the device behaviors <br />
<br />
=== Idea 2: On device machine learning of maliciousness of an app ===<br />
Tensor-flow for on-device processing and some other libraries have been released that enable machine learning. We have previously applied a system, that based on permissions, is able to distinguish malicious apps from non-malicious. Now, we would like to learn also from other outputs and things one can monitor about application whether it can be malicious. <br />
<br />
=== Idea 3: Enhansing privacy features ===<br />
The vision of Seraphimdroid is to be aware of privacy threats. This may be achieved throug knowing which applications are using user accounts or other information that user has on phone to send to the server, or just by knowing which applications may be doing it. Knowledge base should be extending with the suggestions on how to improve privacy. Also, automated settings of various apps to use encryption should be proposed.<br />
==OWASP ZAP==<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
=== Active Scanning WebSockets ===<br />
: '''Brief Explanation:'''<br />
: ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesn't currently support active scanning (automated attacking) of websocket traffic (messages).<br />
: We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.<br />
: This project will be a continuation of the work that was started as part of last year's GSoC.<br />
: '''Expected Results:'''<br />
:* An pluggable infrastructure that allows us to active scan websockets<br />
:* Converting the relevant existing scan rules to work with websockets<br />
:* Implementing new websocket specific scan rules<br />
: '''Getting Started:''' <br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding' section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
: '''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
: '''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Automated Authentication Detection and Configuration ===<br />
: '''Brief Explanation:'''<br />
: Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki><br />
: This is time consuming and error prone.<br />
: Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.<br />
: This project will be a continuation of the work that was started as part of last year's GSoC.<br />
: '''Expected Results:'''<br />
:* Detect login and registration pages<br />
:* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible<br />
:* An option to completely automate the authentication process, for as many authentication mechanisms as possible<br />
: '''Getting Started:''' <br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding' section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
: '''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
: '''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
:</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247339OWASP Python Honeypot2019-02-12T12:59:46Z<p>Ali Razmjoo: </p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
<br />
<br />
* Github: https://github.com/zdresearch/OWASP-Honeypot<br />
* OpenHub: https://www.openhub.net/p/OWASP-Honeypot<br />
* Wiki: https://github.com/zdresearch/OWASP-Honeypot/wiki<br />
* OWASP Wiki Page: https://www.owasp.org/index.php/OWASP_Python_Honeypot<br />
<br />
<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247338OWASP Python Honeypot2019-02-12T12:59:18Z<p>Ali Razmjoo: /* OWASP Python Honeypot */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
<br />
<br />
* Github: https://github.com/zdresearch/OWASP-Honeypot<br />
* OpenHub: https://www.openhub.net/p/OWASP-Honeypot<br />
* Wiki: https://github.com/zdresearch/OWASP-Honeypot/wiki<br />
* OWASP Wiki Page: https://www.owasp.org/index.php/OWASP_Python_Honeypot<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247337OWASP Python Honeypot2019-02-12T12:58:44Z<p>Ali Razmjoo: /* OWASP Python Honeypot */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
<br />
<br />
* Github: https://github.com/zdresearch/OWASP-Honeypot<br />
* OpenHub: https://www.openhub.net/p/OWASP-Honeypot<br />
* Wiki: https://github.com/zdresearch/OWASP-Honeypot/wiki<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247336OWASP Python Honeypot2019-02-12T12:58:26Z<p>Ali Razmjoo: /* OWASP Python Honeypot */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
<br />
<br />
* Github: https://github.com/zdresearch/OWASP-Honeypot<br />
* OpenHub: https://www.openhub.net/p/OWASP-Honeypot<br />
* Wiki: https://github.com/zdresearch/OWASP-Honeypot/wiki<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247335OWASP Python Honeypot2019-02-12T12:58:04Z<p>Ali Razmjoo: /* OWASP Python Honeypot */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
* Github: https://github.com/zdresearch/OWASP-Honeypot<br />
* OpenHub: https://www.openhub.net/p/OWASP-Honeypot<br />
* Wiki: https://github.com/zdresearch/OWASP-Honeypot/wiki<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247334OWASP Python Honeypot2019-02-12T12:57:46Z<p>Ali Razmjoo: </p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
Github: https://github.com/zdresearch/OWASP-Honeypot<br />
OpenHub: https://www.openhub.net/p/OWASP-Honeypot<br />
Wiki: https://github.com/zdresearch/OWASP-Honeypot/wiki<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247333OWASP Python Honeypot2019-02-12T12:56:51Z<p>Ali Razmjoo: /* Licensing */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247332OWASP Python Honeypot2019-02-12T12:56:30Z<p>Ali Razmjoo: /* Licensing */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
Permissions<br />
Commercial use<br />
Modification<br />
Distribution<br />
Patent use<br />
Private use<br />
Limitations<br />
Trademark use<br />
Liability<br />
Warranty<br />
Conditions<br />
License and copyright notice<br />
State changes<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247331OWASP Python Honeypot2019-02-12T12:55:22Z<p>Ali Razmjoo: /* OWASP Python Honeypot */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|left]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247330OWASP Python Honeypot2019-02-12T12:55:05Z<p>Ali Razmjoo: /* OWASP Python Honeypot */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
[[File:Honeypot.png|thumb|center]]<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=File:Honeypot.png&diff=247329File:Honeypot.png2019-02-12T12:54:38Z<p>Ali Razmjoo: </p>
<hr />
<div>owasp honeypot</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247328OWASP Python Honeypot2019-02-12T12:52:43Z<p>Ali Razmjoo: /* Getting Involved */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247327OWASP Python Honeypot2019-02-12T12:52:30Z<p>Ali Razmjoo: </p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247326OWASP Python Honeypot2019-02-12T12:51:52Z<p>Ali Razmjoo: /* Getting Involved */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<br />
Best way to get involved is to fix the existing issues in GitHub or add your new modules as Dockerfile and work on core improvement. if you are not a developer feel free to send your ideas and let us work on that.<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247325OWASP Python Honeypot2019-02-12T12:50:08Z<p>Ali Razmjoo: </p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247324OWASP Python Honeypot2019-02-12T12:49:40Z<p>Ali Razmjoo: /* OWASP Tool Project Template */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==Project About==<br />
<span style="color:#ff0000"><br />
{{:Projects/OWASP_Example_Project_About_Page}}<br />
<br />
<br />
==OWASP Python Honeypot==<br />
<br />
<br />
We appreciate any contribution, ideas, feedback. feel free to contact us by creating an issue or send me an email directly [ali.razmjoo@owasp.org](mailto:ali.razmjoo@owasp.org). Please notice, every time you run the honeypot, it will remove and update the virtual machine, so internet access required for the host!<br />
<br />
* WE ARE IN RESEARCH AND DEVELOP PHASE, EXPECT ERRORS!<br />
* NO WARRANTY! USE WITH YOUR OWN RESPONSIBILITY!<br />
* DO NOT USE IT ON THE SAME SERVER(S)/NETWORK WHICH YOU HAVING YOUR PRODUCT/INFORMATION/SENSIBLE DATA<br />
<br />
==Description==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247323OWASP Python Honeypot2019-02-12T12:46:15Z<p>Ali Razmjoo: /* Description */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==Project About==<br />
<span style="color:#ff0000"><br />
{{:Projects/OWASP_Example_Project_About_Page}}<br />
<br />
<br />
==OWASP Tool Project Template==<br />
<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span><br />
<br />
The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.<br />
<br />
==Description==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [https://travis-ci.org/zdresearch/OWASP-Honeypot/builds Linux].<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247322OWASP Python Honeypot2019-02-12T12:45:57Z<p>Ali Razmjoo: </p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==Project About==<br />
<span style="color:#ff0000"><br />
{{:Projects/OWASP_Example_Project_About_Page}}<br />
<br />
<br />
==OWASP Tool Project Template==<br />
<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span><br />
<br />
The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.<br />
<br />
==Description==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and [Linux](https://travis-ci.org/zdresearch/OWASP-Honeypot/builds).<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247321OWASP Python Honeypot2019-02-12T12:44:46Z<p>Ali Razmjoo: </p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==Project About==<br />
<span style="color:#ff0000"><br />
{{:Projects/OWASP_Example_Project_About_Page}}<br />
<br />
<br />
==OWASP Tool Project Template==<br />
<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span><br />
<br />
The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.<br />
<br />
==Description==<br />
<span style="color:#ff0000"><br />
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. <br />
</span><br />
<br />
The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.<br />
<br />
Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.<br />
<br />
Contextual custom dictionary builder with character substitution and word variations for pen-testers<br />
<br />
==Licensing==<br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [https://github.com/zdresearch/OWASP-Honeypot/blob/master/LICENSE Apache v2].<br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247320OWASP Python Honeypot2019-02-12T12:42:55Z<p>Ali Razmjoo: /* Related Projects */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==Project About==<br />
<span style="color:#ff0000"><br />
{{:Projects/OWASP_Example_Project_About_Page}}<br />
<br />
<br />
==OWASP Tool Project Template==<br />
<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span><br />
<br />
The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.<br />
<br />
==Description==<br />
<span style="color:#ff0000"><br />
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. <br />
</span><br />
<br />
The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.<br />
<br />
Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.<br />
<br />
Contextual custom dictionary builder with character substitution and word variations for pen-testers<br />
<br />
==Licensing==<br />
<span style="color:#ff0000"><br />
A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.<br />
</span><br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright &copy; by {the Project Leader(s) or OWASP} {Year(s)}. <br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Events ==<br />
<br />
* Start 1 Jul 2018<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247319OWASP Python Honeypot2019-02-12T12:41:28Z<p>Ali Razmjoo: </p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==Project About==<br />
<span style="color:#ff0000"><br />
{{:Projects/OWASP_Example_Project_About_Page}}<br />
<br />
<br />
==OWASP Tool Project Template==<br />
<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span><br />
<br />
The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.<br />
<br />
==Description==<br />
<span style="color:#ff0000"><br />
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. <br />
</span><br />
<br />
The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.<br />
<br />
Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.<br />
<br />
Contextual custom dictionary builder with character substitution and word variations for pen-testers<br />
<br />
==Licensing==<br />
<span style="color:#ff0000"><br />
A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.<br />
</span><br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright &copy; by {the Project Leader(s) or OWASP} {Year(s)}. <br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Honeypot Source Code]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/wiki Documentation]<br />
* [https://github.com/zdresearch/OWASP-Honeypot/issues Issue Tracker]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Related Projects ==<br />
<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span><br />
* [[OWASP_Code_Project_Template]]<br />
* [[OWASP_Documentation_Project_Template]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247318OWASP Python Honeypot2019-02-12T12:37:56Z<p>Ali Razmjoo: </p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==Project About==<br />
<span style="color:#ff0000"><br />
{{:Projects/OWASP_Example_Project_About_Page}}<br />
<br />
<br />
==OWASP Tool Project Template==<br />
<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span><br />
<br />
The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.<br />
<br />
==Description==<br />
<span style="color:#ff0000"><br />
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. <br />
</span><br />
<br />
The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.<br />
<br />
Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.<br />
<br />
Contextual custom dictionary builder with character substitution and word variations for pen-testers<br />
<br />
==Licensing==<br />
<span style="color:#ff0000"><br />
A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.<br />
</span><br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright &copy; by {the Project Leader(s) or OWASP} {Year(s)}. <br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<span style="color:#ff0000"><br />
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc. <br />
</span><br />
<br />
[https://github.com/SamanthaGroves Installation Package]<br />
<br />
[https://github.com/SamanthaGroves Source Code]<br />
<br />
[https://github.com/SamanthaGroves What's New (Revision History)]<br />
<br />
[https://github.com/SamanthaGroves Documentation]<br />
<br />
[https://github.com/SamanthaGroves Wiki Home Page]<br />
<br />
[https://github.com/SamanthaGroves Issue Tracker]<br />
<br />
[https://github.com/SamanthaGroves Slide Presentation]<br />
<br />
[https://github.com/SamanthaGroves Video]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Related Projects ==<br />
<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span><br />
* [[OWASP_Code_Project_Template]]<br />
* [[OWASP_Documentation_Project_Template]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Python_Honeypot&diff=247317OWASP Python Honeypot2019-02-12T12:37:12Z<p>Ali Razmjoo: /* Project Leader */</p>
<hr />
<div><div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<span style="color:#ff0000"><br />
Instructions are in RED text and should be removed from your document by deleting the text with the span tags. This document is intended to serve as an example of what is required of an OWASP project wiki page. The text in red serves as instructions, while the text in black serves as an example. Text in black is expected to be replaced entirely with information specific to your OWASP project.<br />
</span><br />
==Project About==<br />
<span style="color:#ff0000"><br />
{{:Projects/OWASP_Example_Project_About_Page}}<br />
<br />
<br />
==OWASP Tool Project Template==<br />
<span style="color:#ff0000"><br />
This section should include an overview of what the project is, why the project was started, and what security issue is being addressed by the project deliverable. Some readers may be discouraged from looking further at the project if they do not understand the significance of the security concern that is being addressed, so provide enough context so the average reader will continue on with reading the description. You shouldn't assume the reader will understand the objective by providing security terminology, e.g. this project builds cryptographic algorithms, but should also endeavor to explain what they are used for.<br />
</span><br />
<br />
The OWASP Tool Template Project is a template designed to help Project Leaders create suitable project pages for OWASP Projects. By following the instructional text in red (and then deleting it) it should be easier to understand what information OWASP and the project users are looking for. And it's easy to get started by simply creating a new project from the appropriate project template.<br />
<br />
==Description==<br />
<span style="color:#ff0000"><br />
This is where you need to add your more robust project description. A project description should outline the purpose of the project, how it is used, and the value it provides to application security. Ideally, project descriptions should be written in such a way that there is no question what value the project provides to the software security community. This section will be seen and used in various places within the Projects Portal. Poorly written project descriptions therefore detract from a project’s visibility, so project leaders should ensure that the description is meaningful. <br />
</span><br />
<br />
The Tool Project Template is simply a sample project that was developed for instructional purposes that can be used to create default project pages for a Tool project. After copying this template to your new project, all you have to do is follow the instructions in red, replace the sample text with text suited for your project, and then delete the sections in red. Doing so should make it clearer to both consumers of this project, as well as OWASP reviewers who are trying to determine if the project can be promoted to the next category. The information requested is also intended to help Project Leaders think about the roadmap and feature priorities, and give guidance to the reviews as a result of that effort.<br />
<br />
Creating a new set of project pages from scratch can be a challenging task. By providing a sample layout, with instructional text and examples, the OWASP Tool Project Template makes it easier for Project Leaders to create effective security projects and hence helps promote security.<br />
<br />
Contextual custom dictionary builder with character substitution and word variations for pen-testers<br />
<br />
==Licensing==<br />
<span style="color:#ff0000"><br />
A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see [https://www.owasp.org/index.php/OWASP_Licenses OWASP Licenses]. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. This example assumes that you want to use the AGPL 3.0 license.<br />
</span><br />
<br />
This program is free software: you can redistribute it and/or modify it under the terms of the [http://www.gnu.org/licenses/agpl-3.0.html link GNU Affero General Public License 3.0] as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. OWASP XXX and any contributions are Copyright &copy; by {the Project Leader(s) or OWASP} {Year(s)}. <br />
<br />
==Roadmap==<br />
<span style="color:#ff0000"><br />
As of <strong>November, 2013, the highest priorities for the next 6 months</strong> are:<br />
<strong><br />
* Complete the first draft of the Tool Project Template<br />
* Get other people to review the Tool Project Template and provide feedback<br />
* Incorporate feedback into changes in the Tool Project Template<br />
* Finalize the Tool Project template and have it reviewed to be promoted from an Incubator Project to a Lab Project<br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
==Getting Involved==<br />
<span style="color:#ff0000"><br />
Involvement in the development and promotion of <strong>Tool Project Template</strong> is actively encouraged!<br />
You do not have to be a security expert or a programmer to contribute.<br />
Some of the ways you can help are as follows:<br />
<br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Resources ==<br />
<span style="color:#ff0000"><br />
This is where you can link to the key locations for project files, including setup programs, the source code repository, online documentation, a Wiki Home Page, threaded discussions about the project, and Issue Tracking system, etc. <br />
</span><br />
<br />
[https://github.com/SamanthaGroves Installation Package]<br />
<br />
[https://github.com/SamanthaGroves Source Code]<br />
<br />
[https://github.com/SamanthaGroves What's New (Revision History)]<br />
<br />
[https://github.com/SamanthaGroves Documentation]<br />
<br />
[https://github.com/SamanthaGroves Wiki Home Page]<br />
<br />
[https://github.com/SamanthaGroves Issue Tracker]<br />
<br />
[https://github.com/SamanthaGroves Slide Presentation]<br />
<br />
[https://github.com/SamanthaGroves Video]<br />
<br />
== Project Leader ==<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:ehsan@nezami.me Ehsan Nezami]<br />
<br />
== Related Projects ==<br />
<span style="color:#ff0000"><br />
This is where you can link to other OWASP Projects that are similar to yours. <br />
</span><br />
* [[OWASP_Code_Project_Template]]<br />
* [[OWASP_Documentation_Project_Template]]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=https://www.owasp.org/index.php/Category:OWASP_Tool]]<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects|Incubator Project]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=Builders]] <br />
|-<br />
| align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=Defenders]]<br />
|-<br />
| colspan="2" align="center" | [[File:Apache-software-foundation.jpeg|link=https://www.apache.org/licenses/LICENSE-2.0|Apache License 2.0]]<br />
|}<br />
|}<br />
<br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Builders]] [[Category:OWASP_Defenders]] [[Category:OWASP_Tool]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSoC2019_Ideas&diff=246578GSoC2019 Ideas2019-01-15T20:37:48Z<p>Ali Razmjoo: /* Mentors and Leaders */</p>
<hr />
<div>=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
<br />
<br />
==OWASP-SKF (draft)==<br />
Idea 1: <br />
<br />
Build lab examples and write-ups (how to test) for different vulnerabilities over different technology stacks. These challenges are to be delivered in Docker so they can be <br />
<br />
easily deployed.<br />
<br />
In the current situation the security knowledge framework ultimately presents a list of security controls with correlating knowledge base items that contain a description and <br />
<br />
a solution. The new labs are used to give the software developers or application security specialists a more in depth understanding and approach on how to test the <br />
<br />
vulnerabilities in their own code. <br />
* For example we have now around 20 lab challenges in Docker container build in Python:<br />
** A Local File Inclusion Docker app example:<br />
*** https://github.com/blabla1337/skf-labs/tree/master/LFI<br />
** A write-up example:<br />
*** https://owasp-skf.gitbook.io/asvs-write-ups/filename-injection<br />
The images that are pushed to the Github repository are already automatically build and pushed to a docker registry where the SKF users can easily pull the images from to get their<br />
<br />
labs running. Of course they can download it and build it themselves from source by pulling the original repository. <br />
<br />
Idea 2: <br />
<br />
We want to extend the Machine learning chatbot functionality in SKF.<br />
* Create a desktop version of the chatbot. Where people can install the setup file on their local machine.<br />
* Extend the bots capability to do the google search(using web scraping) for the things which are not available in the database. So, it will have a wider scope of knowledge.<br />
* Extend the bot capability to reply what security controls should be followed from the ASVS and MASVS or other custom checklists that are present in SKF.<br />
* Extend the bot to different platforms like Facebook, telegram, slack etc.<br />
** Now the working chatbot implementation for example is only for Gitter<br />
<br />
== OWASP DefectDojo ==<br />
OWASP DefectDojo is a popular open source vulnerability management tool, used as the backbone for security programs. It is easy to get started with and work on! We welcome volunteers of all experience levels and are happy to provide mentorship.<br />
<br />
Option 1: Unit Tests - Difficulty: Easy<br />
* If you're new to programming, unit tests are short scripts designed to test a specific function of an application.<br />
* The project needs additional unit tests to ensure that new code functions properly. <br />
Option 2: Feature Enhancement - Difficulty: Varies<br />
* The functionality of DefectDojo is constantly expanding.<br />
* Feature enhancements offer programming challenges for all levels of experience.<br />
Option 3: Pull Request Review - Difficulty: Moderate - Hard<br />
* Test pull requests and provide feedback on code.<br />
<br />
<br />
<br />
== OHP (OWASP Honeypot) ==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
=== Getting Start ===<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to add more modules and optimize the core.<br />
<br />
=== Technologies ===<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
=== Expected Results ===<br />
...<br />
<br />
=== Roadmap ===<br />
<br />
...<br />
<br />
=== Students Requirements ===<br />
<br />
* Python<br />
* Packet Analysis<br />
* Docker<br />
* Database<br />
<br />
=== Mentors and Leaders ===<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo] (Mentor & Project Leader)<br />
* [mailto:ehsan@nezami.me Ehsan Nezami] (Mentor & Project Leader)<br />
* [mailto:reza.espargham@owasp.org Reza Espargham](Mentor)<br />
* [mailto:abiusx@owasp.org Abbas Naderi] (Mentor)<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and Angular. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the potential mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2019 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges)<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Hacking Instructor ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
TODO<br />
<br />
'''Expected Results:'''<br />
<br />
TODO<br />
<br />
''' Getting started: '''<br />
<br />
TODO<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
TODO<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP-Securetea Tools Project (draft)==<br />
The purpose of this application is to warn the user (via various communication mechanisms) whenever their laptop accessed. This small application was developed and tested in python in Linux machine is likely to work well on the Raspberry Pi as well. -<br />
https://github.com/OWASP/SecureTea-Project/blob/master/README.md<br />
<br />
Ideas 1 :<br><br />
Notify by Twitter (done)<br />
Securetea Dashboard / Gui (done)<br />
<br />
Expect result : <br />
<br><br />
Securetea Protection /firewall<br><br />
Securetea Antivirus<br><br />
Notify by Whatsapp<br><br />
Notify by SMS Alerts<br><br />
Notify by Line<br><br />
Notify by Telegram<br><br />
<br />
'''Mentors:'''<br />
<br />
Ade Yoseman Putra<br><br />
Rejah Rehim<br></div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSoC2019_Ideas&diff=246577GSoC2019 Ideas2019-01-15T20:35:51Z<p>Ali Razmjoo: /* Mentors and Leaders */</p>
<hr />
<div>=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
<br />
<br />
==OWASP-SKF (draft)==<br />
Idea 1: <br />
<br />
Build lab examples and write-ups (how to test) for different vulnerabilities over different technology stacks. These challenges are to be delivered in Docker so they can be <br />
<br />
easily deployed.<br />
<br />
In the current situation the security knowledge framework ultimately presents a list of security controls with correlating knowledge base items that contain a description and <br />
<br />
a solution. The new labs are used to give the software developers or application security specialists a more in depth understanding and approach on how to test the <br />
<br />
vulnerabilities in their own code. <br />
* For example we have now around 20 lab challenges in Docker container build in Python:<br />
** A Local File Inclusion Docker app example:<br />
*** https://github.com/blabla1337/skf-labs/tree/master/LFI<br />
** A write-up example:<br />
*** https://owasp-skf.gitbook.io/asvs-write-ups/filename-injection<br />
The images that are pushed to the Github repository are already automatically build and pushed to a docker registry where the SKF users can easily pull the images from to get their<br />
<br />
labs running. Of course they can download it and build it themselves from source by pulling the original repository. <br />
<br />
Idea 2: <br />
<br />
We want to extend the Machine learning chatbot functionality in SKF.<br />
* Create a desktop version of the chatbot. Where people can install the setup file on their local machine.<br />
* Extend the bots capability to do the google search(using web scraping) for the things which are not available in the database. So, it will have a wider scope of knowledge.<br />
* Extend the bot capability to reply what security controls should be followed from the ASVS and MASVS or other custom checklists that are present in SKF.<br />
* Extend the bot to different platforms like Facebook, telegram, slack etc.<br />
** Now the working chatbot implementation for example is only for Gitter<br />
<br />
== OWASP DefectDojo ==<br />
OWASP DefectDojo is a popular open source vulnerability management tool, used as the backbone for security programs. It is easy to get started with and work on! We welcome volunteers of all experience levels and are happy to provide mentorship.<br />
<br />
Option 1: Unit Tests - Difficulty: Easy<br />
* If you're new to programming, unit tests are short scripts designed to test a specific function of an application.<br />
* The project needs additional unit tests to ensure that new code functions properly. <br />
Option 2: Feature Enhancement - Difficulty: Varies<br />
* The functionality of DefectDojo is constantly expanding.<br />
* Feature enhancements offer programming challenges for all levels of experience.<br />
Option 3: Pull Request Review - Difficulty: Moderate - Hard<br />
* Test pull requests and provide feedback on code.<br />
<br />
<br />
<br />
== OHP (OWASP Honeypot) ==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
=== Getting Start ===<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to add more modules and optimize the core.<br />
<br />
=== Technologies ===<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
=== Expected Results ===<br />
...<br />
<br />
=== Roadmap ===<br />
<br />
...<br />
<br />
=== Students Requirements ===<br />
<br />
* Python<br />
* Packet Analysis<br />
* Docker<br />
* Database<br />
<br />
=== Mentors and Leaders ===<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo] (Mentor & Project Leader)<br />
* [mailto:ehsan@nezami.me Ehsan Nezami] (Mentor)<br />
* [mailto:reza.espargham@owasp.org Reza Espargham](Mentor)<br />
* [mailto:abiusx@owasp.org Abbas Naderi] (Mentor)<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and Angular. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the potential mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2019 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges)<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Hacking Instructor ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
TODO<br />
<br />
'''Expected Results:'''<br />
<br />
TODO<br />
<br />
''' Getting started: '''<br />
<br />
TODO<br />
<br />
'''Knowledge Prerequisites:'''<br />
<br />
TODO<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) Angular and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP-Securetea Tools Project (draft)==<br />
The purpose of this application is to warn the user (via various communication mechanisms) whenever their laptop accessed. This small application was developed and tested in python in Linux machine is likely to work well on the Raspberry Pi as well. -<br />
https://github.com/OWASP/SecureTea-Project/blob/master/README.md<br />
<br />
Ideas 1 :<br><br />
Notify by Twitter (done)<br />
Securetea Dashboard / Gui (done)<br />
<br />
Expect result : <br />
<br><br />
Securetea Protection /firewall<br><br />
Securetea Antivirus<br><br />
Notify by Whatsapp<br><br />
Notify by SMS Alerts<br><br />
Notify by Line<br><br />
Notify by Telegram<br><br />
<br />
'''Mentors:'''<br />
<br />
Ade Yoseman Putra<br><br />
Rejah Rehim<br></div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSoC2019_Ideas&diff=246496GSoC2019 Ideas2019-01-10T09:57:13Z<p>Ali Razmjoo: </p>
<hr />
<div>=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
<br />
<br />
==OWASP-SKF (draft)==<br />
Idea 1: Build lab examples and write-ups (how to test) for different code languages delivered in Docker (these must correlate with a Knowledge base item in SKF)<br />
* For example we have now around 20 lab challenges in Docker container build in Python:<br />
** A Local File Inclusion Docker app example:<br />
*** https://github.com/blabla1337/skf-labs/tree/master/LFI<br />
** A write-up example:<br />
*** https://owasp-skf.gitbook.io/asvs-write-ups/filename-injection<br />
Idea 2: We want to extend the Machine learning chatbot functionality in SKF.<br />
* Create a desktop version of the chatbot. Where people can install the setup file on their local machine.<br />
* Extend the bots capability to do the google search(using web scraping) for the things which are not available in the database. So, it will have a wider scope of knowledge.<br />
* Extend the bot capability to reply what security controls should be followed from the ASVS and MASVS or other custom checklists that are present in SKF.<br />
* Extend the bot to different platforms like Facebook, telegram, slack etc.<br />
** Now the working chatbot implementation for example is only for Gitter<br />
<br />
== OWASP DefectDojo ==<br />
OWASP DefectDojo is a popular open source vulnerability management tool, used as the backbone for security programs. It is easy to get started with and work on! We welcome volunteers of all experience levels and are happy to provide mentorship.<br />
<br />
Option 1: Unit Tests - Difficulty: Easy<br />
* If you're new to programming, unit tests are short scripts designed to test a specific function of an application.<br />
* The project needs additional unit tests to ensure that new code functions properly. <br />
Option 2: Feature Enhancement - Difficulty: Varies<br />
* The functionality of DefectDojo is constantly expanding.<br />
* Feature enhancements offer programming challenges for all levels of experience.<br />
Option 3: Pull Request Review - Difficulty: Moderate - Hard<br />
* Test pull requests and provide feedback on code.<br />
<br />
<br />
<br />
== OHP (OWASP Honeypot) ==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
=== Getting Start ===<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to add more modules and optimize the core.<br />
<br />
=== Technologies ===<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
=== Expected Results ===<br />
...<br />
<br />
=== Roadmap ===<br />
<br />
...<br />
<br />
=== Students Requirements ===<br />
<br />
* Python<br />
* Packet Analysis<br />
* Docker<br />
* Database<br />
<br />
=== Mentors and Leaders ===<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo] (Mentor & Project Leader)<br />
* [mailto:reza.espargham@owasp.org Reza Espargham](Mentor)<br />
* [mailto:abiusx@owasp.org Abbas Naderi] (Mentor)</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSOC2018_Ideas&diff=246495GSOC2018 Ideas2019-01-10T09:56:47Z<p>Ali Razmjoo: I edit the wrong page</p>
<hr />
<div>'''OWASP Foundation has been selected as an organization to be part of the GOOGLE SUMMER CODE 2018''' <br />
<br />
=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
==OWASP ZAP==<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.<br />
===Active Scanning WebSockets===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesnt current support active scanning (automated attacking) of websockets.<br />
:<br />
:We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.<br />
:<br />
:'''Expected Results:'''<br />
:* An plugable infrastructure that allows us to active scan websockets<br />
:* Converting the relevant existing scan rules to work with websockets<br />
:* Implementing new websocket specific scan rules<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== React Handling ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP doesnt understand React applications as well as it should be able to.<br />
:<br />
:It would be great if ZAP had a much better understanding of such applications, including how to explore and attack them more effectively.<br />
:<br />
:'''Expected Results:'''<br />
:* ZAP able to explore React applications more effectively<br />
:* ZAP able to attack React applications more effectively<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* As React is written in JavaScript, good knowledge of this language is recommended. ZAP is written in Java, so some knowledge of this language would be useful. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Backslash Powered Scanner ===<br />
:'''Brief Explanation:'''<br />
:<br />
:This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html<br />
:Their implementation is open source: https://github.com/PortSwigger/backslash-powered-scanner so hopefully shouldn't be too hard to port to ZAP :)<br />
:<br />
:''' Expected Results '''<br />
:* Extend ZAP's active scanner to leverage Backslash type scanning. (Including adapting some of the existing scan rules to leverage the new component.)<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:: '''Note''' This issue was previously undertaken, however, only partial progress was made. The [https://github.com/zaproxy/zap-extensions/pull/1014 Pull Request] is still open and can be built upon. The 2018 effort needs to ensure the code builds and is successfully put to use in some of the existing scan rules and unit tests.<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be very useful.<br />
:<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Automated authentication detection and configuration ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki><br />
:<br />
:This is time consuming and error prone.<br />
:<br />
:Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.<br />
:<br />
:'''Expected Results:'''<br />
:* Detect login and registration pages<br />
:* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible<br />
:* An option to completely automate the authentication process, for as many authentication mechanisms as possible<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Zest Text Representation and Parser ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.<br />
:<br />
:A standardized text representation and parser would be very useful and help its adoption.<br />
:<br />
:'''Expected Results:'''<br />
:* A documented definition of a text representation for Zest<br />
:* A parser that converts the text representation into a working Zest script<br />
:* An option in the Zest java implementation to output Zest scripts text format<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Develop Bamboo Addon ===<br />
:'''Brief Explanation:'''<br />
:<br />
:It would be great to have an official ZAP add-on for [https://www.atlassian.com/software/bamboo Bamboo], equivalent to the one we now have for [https://wiki.jenkins.io/display/JENKINS/zap+plugin Jenkins]<br />
:<br />
:For more information about Bamboo plugins see the [https://developer.atlassian.com/server/bamboo/bamboo-plugin-guide/ Bamboo plugin guide].<br />
:<br />
:'''Expected Results:'''<br />
:<br />
:A Bamboo addon that supports:<br />
:* Spidering (using the traditional and Ajax spiders)<br />
:* Active Scanning<br />
:* Authentication<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP and Bamboo are written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Your Idea ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.<br />
:<br />
:'''Expected Results:'''<br />
:* A new feature that makes ZAP even better<br />
:* Code that conforms to our Development Rules and Guidelines<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2018 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] user story])<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Frontend Technology Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frontend framework AngularJS 1.x along with Bootstrap 3. Several major releases later, there now are [https://github.com/bkimminich/juice-shop/issues/165 Angular 5] and [https://github.com/bkimminich/juice-shop/issues/400 Bootstrap 4] available as well as other mature web frontend frameworks. Migrating the OWASP Juice Shop to the latest version of Angular and Bootstrap is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.<br />
<br />
'''Expected Results:'''<br />
* High-level target client-architecture overview including a migration plan with intermediary milestones<br />
* Execution of migration without breaking functionality or losing tests along the way<br />
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, experience with latest Javascript frameworks for frontend, testing and building<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== UI/Graphics Design Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
The UI of OWASP Juice Shop was written following recommendations from Twitter Bootstrap to be responsive, but it never had an actual designer or graphics artist take a look or add some insight. Currently the look & feel comes "out of the box" from a [https://bootswatch.com Bootswatch] theme and [https://fontawesome.com Font Awesome 5] icons. This gives it a quite modern look, but also leaves it very generic. The project could greatly benefit from involvement of someone with actual UI/UX Design expertise. Having a matching theme for [https://ctfd.io CTFd] would be another big achievement for the Juice Shop.<br />
<br />
'''Expected Results:'''<br />
* Design concepts to pick or have the user community vote on (including color schemes, sample screens, icons etc.)<br />
* Overhauling the overall UI look & feel, e.g. by making an individual Bootswatch theme or designing some individual icons<br />
* <del>Getting rid of the stock images by providing individually designed product images for the standard inventory of the shop</del> ([https://github.com/bkimminich/juice-shop/issues/315 #315] in progress)<br />
* Add more flexibility and options to the existing theming/customization of the UI (see [https://github.com/bkimminich/juice-shop/issues/379 #379])<br />
* Design a [https://github.com/bkimminich/juice-shop-ctf/issues/9 "Juice Shop" CTFd-theme] playing well with the look & feel of the application<br />
* Execution of migration without breaking functionality or client-side unit and end-to-end tests along the way<br />
<br />
''' Getting started: '''<br />
* Get familiar with the existing HTML views and CSS of the frontend<br />
* Get a feeling for the high quality bar by inspecting the existing client-side unit and e2e test suites<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Strong web and graphic design experience<br />
* Sophisticated HTML and CSS experience<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP Security Knowledge Framework - Chatbot machine learning feature==<br />
<br />
=== Brief Explanation ===<br />
We want to create a SKF Chatbot service using the knowledge already inside SKF like the knowledge base items, code examples and the security controls like ASVS and PCI DSS.<br />
<br />
The chatbot service and core of this new feature can be consumed by website’s as an addon, IDE of developers and website chat channels like Gitter.im.<br />
<br />
The core of the SKF Chatbot will be using machine learning to accomplish the hard task of correlating data and merging different sources as a response/answer.<br />
<br />
=== Expected Results ===<br />
# A Defined Knowledge Base (Data Structure / DB) which can be used to define and search for entities. For example: if a query is:<br />
## How to mitigate CSRF in PHP the system should be able to understand or translate it to: {How: intent} to {mitigate: solution} {CSRF: attack} in {PHP: programming language} This kind of query can be further user to fetch right information in the knowledge base and provide right solution (code example) for mitigating CSRF in PHP.<br />
## What is CSRF? the system should be able to understand or translate it to: {What: intent} is {CSRF: attack/defense} This kind of query can be further user to fetch right information in the knowledge base that explains CSRF and provide the security control from example ASVS<br />
# An ETL process to convert existing SKF Knowledge data and ASVS data to above mentioned data structure.<br />
# A Chatbot (using existing frameworks) to:<br />
## Understand at least two intent like (How to, What is …..) and be able to enrich the user query as mentioned above.<br />
## Based on enriched query fetch relevant information from knowledge base and return.<br />
# An integration to some chat system like Gitter.im, IRC, Slack etc.<br />
<br />
=== Knowledge Prerequisites ===<br />
* Programming languages:<br />
** OWASP-SKF API is build in Python 3.6/3.7<br />
** OWASP-SKF Frontend is build with Angular 4 TS<br />
* Machine learning enthusiastic/interest<br />
<br />
=== Proposal from student ===<br />
* We want to ask from the student to write a proposal on how to approach the problem we described.<br />
'''Mentors''':<br />
<br />
Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org] Glenn ten Cate [mailto:glenn.ten.cate@owasp.org] Minhaz [mailto:minhaz@owasp.org]<br />
<br />
==OWASP Nettacker==<br />
===Brief Explanation===<br />
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
if you need more details please visit the [https://github.com/viraintel/OWASP-Nettacker GitHub page] or contact a leader([mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:reza.espargham@owasp.org Reza Espargham]).<br />
<br />
===Getting started===<br />
<br />
* You may read the available documents in the [https://github.com/viraintel/OWASP-Nettacker/wiki wiki page]. Developers and users documents are separated.<br />
<br />
'''A Better Penetration Testing Automated Framework'''<br />
<br />
===Expected Results===<br />
The expected results are to contribute the OWASP Nettacker framework [https://github.com/viraintel/OWASP-Nettacker/issues issues] (mostly help wanted or enhancement). Please check the GitHub repo to learn more.<br />
<br />
===Knowledge Prerequisites===<br />
<br />
* The whole framework was written in Python language. You must be familiar with Python 2.x, 3.x.<br />
* Good knowledge of computer security (and penetration testing)<br />
* Knowledge of OS (Linux, Windows, Mac...) and Services<br />
* Familiar with IDS/IPS/Firewalls and ...<br />
* To develop the API you should be familiar with HTTP, Database...<br />
<br />
===Mentors===<br />
Mentors are: [mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:abiusx@owasp.org Abbas Naderi Afooshteh], [mailto:sriharsha.g15@iiits.in SRI HARSHA Gajavalli]<br />
<br />
==OWASP OWTF==<br />
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.<br />
===OWASP OWTF - MiTM proxy interception and replay capabilities===<br />
'''Brief Explanation:'''<br />
<br />
The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).<br />
<br />
The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible<br />
*ability to intercept the transactions<br />
*modify or replay transaction on the fly<br />
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code<br />
Bonus:<br />
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).<br />
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)<br />
<br />
*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)<br />
*Create a browser instance and do the necessary login procedure<br />
*Handle the browser for the URI<br />
*When called to close the browser, do a clean logout and kill the browser instance.<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - Web interface enhancements===<br />
'''Brief explanation:'''<br />
<br />
The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - New plugin architecture===<br />
'''Brief explanation:'''<br />
<br />
The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.<br />
<br />
This issue is documented in detail at https://github.com/owtf/owtf/issues/905.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
<br />
== OWASP CSRF Protector ==<br />
[[CSRFProtector Project|OWASP CSRF Protector Project]] is a project started with the goal to help developer to mitigate CSRF in web applications with ease. It's based on [[Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet|Synchronizer Token Pattern]] and leverages an injected java-script code to provide CSRF mitigation without much developer intervention. So far it has been implemented as a [https://github.com/mebjas/CSRF-Protector-PHP PHP Library] and an [[CSRFProtector Project|Apache 2.2.x module]]. Although different libraries and frameworks provide CSRF mitigation these days - all of them require developer to explicitly inject tokens with every form. <br />
===OWASP CSRF Protector - Extending the design as a python package to work with Flask and an Express JS (Node.JS) middleware===<br />
'''Brief explanation:'''<br />
<br />
The design of CSRF Protector involves a server side middle-ware that intercepts every incoming request and validates them for CSRF attacks. If the validation is successful the flow of control goes to business logic and the tokens are refreshed. In case of failed validation configured actions are taken. Post that, another middle ware takes care of injecting a JavaScript code (refer [https://github.com/mebjas/CSRF-Protector-PHP/blob/master/js/csrfprotector.js CSRF Protector PHP JS Code]) to HTML output. On the client side this code ensures that, for every request that require validation - the correct token is sent along with the request.<br />
<br />
Check [https://github.com/mebjas/CSRF-Protector-PHP/wiki GitHub Wiki] for some reference;<br />
<br />
The goal of this project would be to:<br />
# Port this design to a python module that can be used easily with Flask - [https://github.com/mebjas/CSRF-Protector-py/projects/1?add_cards_query=is%3Aopen Kanban Board]<br />
# Port this design to a node js module that can work well with express js (a popular Node.JS based framework). - [https://github.com/mebjas/CSRF-Protector-JS Initial Repo Link]<br />
# Fix some outstanding issues with java-script code used in library: [https://github.com/mebjas/CSRF-Protector-PHP/issues?q=is%3Aopen+is%3Aissue+label%3AJS Issues] <br />
'''Expected results:'''<br />
*'''IMPORTANT: Clean, maintainable (ES6 compatible and using recommended design patterns) in case of Node.JS'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Javascript (Client Side), Python (having worked with flask preferable), Node.JS (having worked with node.js and middle wares preferable)<br />
<br />
'''Mentors:''' Contact: [mailto:minhaz@owasp.org;minhazv@microsoft.com Minhaz A V]<br />
== OWASP BLT (Bug Logging Tool) ==<br />
===Brief Explanation:===<br />
<br />
BLT lets anyone report issues they find on the internet. Found something out of place on Amazon.com ? Let them know. Companies are held accountable and shows their response time and history. Get points for reporting bugs and help keep the internet bug free.<br />
<br />
Check OWASP WIKI PAGE [https://www.owasp.org/index.php/OWASP_Bug_Logging_Tool] for some reference;<br />
<br />
===Expected Results:===<br />
* Fuse app to allow easy bug reporting from phone.<br />
* BUG cryptocurrency rewarded for each bug reported - requires a way to verify bugs are valid and not duplicates<br />
* Allow for companies to do private (paid) bug bounties<br />
* allow for bug reporting via email <br />
* build a referral program<br />
* integrate an idea / suggestion feature<br />
<br />
===Knowledge Prerequisite:===<br />
BLT is written in Python / Django, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential. Fusetools will be used for the app and C++ (Bitcoin based) or Ethereum will be used for the cryptocurrency part.<br />
<br />
===Proposals from student:===<br />
* Proposal on new features <br />
* Recommendations on how to use social applications to promote OWASP BLT<br />
<br />
'''Mentors:'''<br />
* Sean Auriti [https://www.owasp.org/index.php/User:Sauriti Sean Auriti] [mailto:sean.auriti@owasp.org @] <br />
* Sourav Badami [https://www.owasp.org/index.php/User:Souravbadami Sourav Badami] [mailto:souravbadami@gmail.com @]<br />
<br />
==OWASP RailsGoat - 2017 OWASP Top Ten==<br />
<br />
===Brief Explanation:===<br />
Add support for multiple OWASP Top Ten versions, such as 2017 and 2010.<br />
Currently RailsGoat supports only the 2013 version of OWASP Top Ten.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that supports additional version(s) of OWASP Top Ten<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 305 [https://github.com/OWASP/railsgoat/issues/305] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, Mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Capture-The-Flag RailsGoat Image Creation Automation==<br />
<br />
===Brief Explanation:===<br />
Create automation to build a Capture-The-Flag competition (CTF) image (VM, ISO, etc) which contains everything needed, such as [Operating System, Rails Stack, RailsGoat], so RailsGoat can easily be used in more Capture-The-Flag competitions.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that automates the process of building RailsGoat CTF images.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 306 [https://github.com/OWASP/railsgoat/issues/306] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* Some background in creating VMs/ISOs would be helpful.<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Matt Robinson [mailto:brimstone@the.narro.ws] - OWASP RailsGoat Mentor<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Merge "Security on Rails" book's lunchedin examples into RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Merge "Security on Rails" book's lunchedin examples into RailsGoat. Need to get permission from publisher. @jasnow got permission previously.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* More teaching RailsGoat examples based on "Security on Rails" book's lunchedin project.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 307 [https://github.com/OWASP/railsgoat/issues/307] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security<br />
would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Add Devise Gem Support and Vulnerabilities to RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Add Devise Support to RailsGoat along with adding Devise-related vulnerabilities.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* Using Devise gem inside RailsGoat plus Devise-related vulnerabilities.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 207 [https://github.com/OWASP/railsgoat/issues/207] and * Issue 243 [https://github.com/OWASP/railsgoat/issues/243] has more details.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Your Idea==<br />
<br />
===Brief Explanation:===<br />
RailsGoat is a great framework for learning about OWASP Top 10 2013 using a vulnerable version of the Ruby on Rails (versions 3 to 5), as well as some "extras" that the initial project contributors felt worthwhile to share. This project is designed to educate both developers, as well as security professionals. Feel free to check out the [Railsgoat Github site](https://github.com/OWASP/railsgoat) for more details. If you have an idea that is not on this list then don't worry, you can still submit it.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that makes RailsGoat even better<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
=== Needs: ===<br />
* Student Developers<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSOC2018_Ideas&diff=246494GSOC2018 Ideas2019-01-10T09:52:21Z<p>Ali Razmjoo: /* Mentors and Leaders */</p>
<hr />
<div>'''OWASP Foundation has been selected as an organization to be part of the GOOGLE SUMMER CODE 2018''' <br />
<br />
=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
==OWASP ZAP==<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.<br />
===Active Scanning WebSockets===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesnt current support active scanning (automated attacking) of websockets.<br />
:<br />
:We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.<br />
:<br />
:'''Expected Results:'''<br />
:* An plugable infrastructure that allows us to active scan websockets<br />
:* Converting the relevant existing scan rules to work with websockets<br />
:* Implementing new websocket specific scan rules<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== React Handling ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP doesnt understand React applications as well as it should be able to.<br />
:<br />
:It would be great if ZAP had a much better understanding of such applications, including how to explore and attack them more effectively.<br />
:<br />
:'''Expected Results:'''<br />
:* ZAP able to explore React applications more effectively<br />
:* ZAP able to attack React applications more effectively<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* As React is written in JavaScript, good knowledge of this language is recommended. ZAP is written in Java, so some knowledge of this language would be useful. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Backslash Powered Scanner ===<br />
:'''Brief Explanation:'''<br />
:<br />
:This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html<br />
:Their implementation is open source: https://github.com/PortSwigger/backslash-powered-scanner so hopefully shouldn't be too hard to port to ZAP :)<br />
:<br />
:''' Expected Results '''<br />
:* Extend ZAP's active scanner to leverage Backslash type scanning. (Including adapting some of the existing scan rules to leverage the new component.)<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:: '''Note''' This issue was previously undertaken, however, only partial progress was made. The [https://github.com/zaproxy/zap-extensions/pull/1014 Pull Request] is still open and can be built upon. The 2018 effort needs to ensure the code builds and is successfully put to use in some of the existing scan rules and unit tests.<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be very useful.<br />
:<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Automated authentication detection and configuration ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki><br />
:<br />
:This is time consuming and error prone.<br />
:<br />
:Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.<br />
:<br />
:'''Expected Results:'''<br />
:* Detect login and registration pages<br />
:* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible<br />
:* An option to completely automate the authentication process, for as many authentication mechanisms as possible<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Zest Text Representation and Parser ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.<br />
:<br />
:A standardized text representation and parser would be very useful and help its adoption.<br />
:<br />
:'''Expected Results:'''<br />
:* A documented definition of a text representation for Zest<br />
:* A parser that converts the text representation into a working Zest script<br />
:* An option in the Zest java implementation to output Zest scripts text format<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Develop Bamboo Addon ===<br />
:'''Brief Explanation:'''<br />
:<br />
:It would be great to have an official ZAP add-on for [https://www.atlassian.com/software/bamboo Bamboo], equivalent to the one we now have for [https://wiki.jenkins.io/display/JENKINS/zap+plugin Jenkins]<br />
:<br />
:For more information about Bamboo plugins see the [https://developer.atlassian.com/server/bamboo/bamboo-plugin-guide/ Bamboo plugin guide].<br />
:<br />
:'''Expected Results:'''<br />
:<br />
:A Bamboo addon that supports:<br />
:* Spidering (using the traditional and Ajax spiders)<br />
:* Active Scanning<br />
:* Authentication<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP and Bamboo are written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Your Idea ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.<br />
:<br />
:'''Expected Results:'''<br />
:* A new feature that makes ZAP even better<br />
:* Code that conforms to our Development Rules and Guidelines<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2018 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] user story])<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Frontend Technology Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frontend framework AngularJS 1.x along with Bootstrap 3. Several major releases later, there now are [https://github.com/bkimminich/juice-shop/issues/165 Angular 5] and [https://github.com/bkimminich/juice-shop/issues/400 Bootstrap 4] available as well as other mature web frontend frameworks. Migrating the OWASP Juice Shop to the latest version of Angular and Bootstrap is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.<br />
<br />
'''Expected Results:'''<br />
* High-level target client-architecture overview including a migration plan with intermediary milestones<br />
* Execution of migration without breaking functionality or losing tests along the way<br />
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, experience with latest Javascript frameworks for frontend, testing and building<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== UI/Graphics Design Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
The UI of OWASP Juice Shop was written following recommendations from Twitter Bootstrap to be responsive, but it never had an actual designer or graphics artist take a look or add some insight. Currently the look & feel comes "out of the box" from a [https://bootswatch.com Bootswatch] theme and [https://fontawesome.com Font Awesome 5] icons. This gives it a quite modern look, but also leaves it very generic. The project could greatly benefit from involvement of someone with actual UI/UX Design expertise. Having a matching theme for [https://ctfd.io CTFd] would be another big achievement for the Juice Shop.<br />
<br />
'''Expected Results:'''<br />
* Design concepts to pick or have the user community vote on (including color schemes, sample screens, icons etc.)<br />
* Overhauling the overall UI look & feel, e.g. by making an individual Bootswatch theme or designing some individual icons<br />
* <del>Getting rid of the stock images by providing individually designed product images for the standard inventory of the shop</del> ([https://github.com/bkimminich/juice-shop/issues/315 #315] in progress)<br />
* Add more flexibility and options to the existing theming/customization of the UI (see [https://github.com/bkimminich/juice-shop/issues/379 #379])<br />
* Design a [https://github.com/bkimminich/juice-shop-ctf/issues/9 "Juice Shop" CTFd-theme] playing well with the look & feel of the application<br />
* Execution of migration without breaking functionality or client-side unit and end-to-end tests along the way<br />
<br />
''' Getting started: '''<br />
* Get familiar with the existing HTML views and CSS of the frontend<br />
* Get a feeling for the high quality bar by inspecting the existing client-side unit and e2e test suites<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Strong web and graphic design experience<br />
* Sophisticated HTML and CSS experience<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP Security Knowledge Framework - Chatbot machine learning feature==<br />
<br />
=== Brief Explanation ===<br />
We want to create a SKF Chatbot service using the knowledge already inside SKF like the knowledge base items, code examples and the security controls like ASVS and PCI DSS.<br />
<br />
The chatbot service and core of this new feature can be consumed by website’s as an addon, IDE of developers and website chat channels like Gitter.im.<br />
<br />
The core of the SKF Chatbot will be using machine learning to accomplish the hard task of correlating data and merging different sources as a response/answer.<br />
<br />
=== Expected Results ===<br />
# A Defined Knowledge Base (Data Structure / DB) which can be used to define and search for entities. For example: if a query is:<br />
## How to mitigate CSRF in PHP the system should be able to understand or translate it to: {How: intent} to {mitigate: solution} {CSRF: attack} in {PHP: programming language} This kind of query can be further user to fetch right information in the knowledge base and provide right solution (code example) for mitigating CSRF in PHP.<br />
## What is CSRF? the system should be able to understand or translate it to: {What: intent} is {CSRF: attack/defense} This kind of query can be further user to fetch right information in the knowledge base that explains CSRF and provide the security control from example ASVS<br />
# An ETL process to convert existing SKF Knowledge data and ASVS data to above mentioned data structure.<br />
# A Chatbot (using existing frameworks) to:<br />
## Understand at least two intent like (How to, What is …..) and be able to enrich the user query as mentioned above.<br />
## Based on enriched query fetch relevant information from knowledge base and return.<br />
# An integration to some chat system like Gitter.im, IRC, Slack etc.<br />
<br />
=== Knowledge Prerequisites ===<br />
* Programming languages:<br />
** OWASP-SKF API is build in Python 3.6/3.7<br />
** OWASP-SKF Frontend is build with Angular 4 TS<br />
* Machine learning enthusiastic/interest<br />
<br />
=== Proposal from student ===<br />
* We want to ask from the student to write a proposal on how to approach the problem we described.<br />
'''Mentors''':<br />
<br />
Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org] Glenn ten Cate [mailto:glenn.ten.cate@owasp.org] Minhaz [mailto:minhaz@owasp.org]<br />
<br />
==OWASP Nettacker==<br />
===Brief Explanation===<br />
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
if you need more details please visit the [https://github.com/viraintel/OWASP-Nettacker GitHub page] or contact a leader([mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:reza.espargham@owasp.org Reza Espargham]).<br />
<br />
===Getting started===<br />
<br />
* You may read the available documents in the [https://github.com/viraintel/OWASP-Nettacker/wiki wiki page]. Developers and users documents are separated.<br />
<br />
'''A Better Penetration Testing Automated Framework'''<br />
<br />
===Expected Results===<br />
The expected results are to contribute the OWASP Nettacker framework [https://github.com/viraintel/OWASP-Nettacker/issues issues] (mostly help wanted or enhancement). Please check the GitHub repo to learn more.<br />
<br />
===Knowledge Prerequisites===<br />
<br />
* The whole framework was written in Python language. You must be familiar with Python 2.x, 3.x.<br />
* Good knowledge of computer security (and penetration testing)<br />
* Knowledge of OS (Linux, Windows, Mac...) and Services<br />
* Familiar with IDS/IPS/Firewalls and ...<br />
* To develop the API you should be familiar with HTTP, Database...<br />
<br />
===Mentors===<br />
Mentors are: [mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:abiusx@owasp.org Abbas Naderi Afooshteh], [mailto:sriharsha.g15@iiits.in SRI HARSHA Gajavalli]<br />
<br />
==OWASP OWTF==<br />
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.<br />
===OWASP OWTF - MiTM proxy interception and replay capabilities===<br />
'''Brief Explanation:'''<br />
<br />
The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).<br />
<br />
The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible<br />
*ability to intercept the transactions<br />
*modify or replay transaction on the fly<br />
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code<br />
Bonus:<br />
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).<br />
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)<br />
<br />
*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)<br />
*Create a browser instance and do the necessary login procedure<br />
*Handle the browser for the URI<br />
*When called to close the browser, do a clean logout and kill the browser instance.<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - Web interface enhancements===<br />
'''Brief explanation:'''<br />
<br />
The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - New plugin architecture===<br />
'''Brief explanation:'''<br />
<br />
The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.<br />
<br />
This issue is documented in detail at https://github.com/owtf/owtf/issues/905.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
<br />
== OWASP CSRF Protector ==<br />
[[CSRFProtector Project|OWASP CSRF Protector Project]] is a project started with the goal to help developer to mitigate CSRF in web applications with ease. It's based on [[Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet|Synchronizer Token Pattern]] and leverages an injected java-script code to provide CSRF mitigation without much developer intervention. So far it has been implemented as a [https://github.com/mebjas/CSRF-Protector-PHP PHP Library] and an [[CSRFProtector Project|Apache 2.2.x module]]. Although different libraries and frameworks provide CSRF mitigation these days - all of them require developer to explicitly inject tokens with every form. <br />
===OWASP CSRF Protector - Extending the design as a python package to work with Flask and an Express JS (Node.JS) middleware===<br />
'''Brief explanation:'''<br />
<br />
The design of CSRF Protector involves a server side middle-ware that intercepts every incoming request and validates them for CSRF attacks. If the validation is successful the flow of control goes to business logic and the tokens are refreshed. In case of failed validation configured actions are taken. Post that, another middle ware takes care of injecting a JavaScript code (refer [https://github.com/mebjas/CSRF-Protector-PHP/blob/master/js/csrfprotector.js CSRF Protector PHP JS Code]) to HTML output. On the client side this code ensures that, for every request that require validation - the correct token is sent along with the request.<br />
<br />
Check [https://github.com/mebjas/CSRF-Protector-PHP/wiki GitHub Wiki] for some reference;<br />
<br />
The goal of this project would be to:<br />
# Port this design to a python module that can be used easily with Flask - [https://github.com/mebjas/CSRF-Protector-py/projects/1?add_cards_query=is%3Aopen Kanban Board]<br />
# Port this design to a node js module that can work well with express js (a popular Node.JS based framework). - [https://github.com/mebjas/CSRF-Protector-JS Initial Repo Link]<br />
# Fix some outstanding issues with java-script code used in library: [https://github.com/mebjas/CSRF-Protector-PHP/issues?q=is%3Aopen+is%3Aissue+label%3AJS Issues] <br />
'''Expected results:'''<br />
*'''IMPORTANT: Clean, maintainable (ES6 compatible and using recommended design patterns) in case of Node.JS'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Javascript (Client Side), Python (having worked with flask preferable), Node.JS (having worked with node.js and middle wares preferable)<br />
<br />
'''Mentors:''' Contact: [mailto:minhaz@owasp.org;minhazv@microsoft.com Minhaz A V]<br />
== OWASP BLT (Bug Logging Tool) ==<br />
===Brief Explanation:===<br />
<br />
BLT lets anyone report issues they find on the internet. Found something out of place on Amazon.com ? Let them know. Companies are held accountable and shows their response time and history. Get points for reporting bugs and help keep the internet bug free.<br />
<br />
Check OWASP WIKI PAGE [https://www.owasp.org/index.php/OWASP_Bug_Logging_Tool] for some reference;<br />
<br />
===Expected Results:===<br />
* Fuse app to allow easy bug reporting from phone.<br />
* BUG cryptocurrency rewarded for each bug reported - requires a way to verify bugs are valid and not duplicates<br />
* Allow for companies to do private (paid) bug bounties<br />
* allow for bug reporting via email <br />
* build a referral program<br />
* integrate an idea / suggestion feature<br />
<br />
===Knowledge Prerequisite:===<br />
BLT is written in Python / Django, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential. Fusetools will be used for the app and C++ (Bitcoin based) or Ethereum will be used for the cryptocurrency part.<br />
<br />
===Proposals from student:===<br />
* Proposal on new features <br />
* Recommendations on how to use social applications to promote OWASP BLT<br />
<br />
'''Mentors:'''<br />
* Sean Auriti [https://www.owasp.org/index.php/User:Sauriti Sean Auriti] [mailto:sean.auriti@owasp.org @] <br />
* Sourav Badami [https://www.owasp.org/index.php/User:Souravbadami Sourav Badami] [mailto:souravbadami@gmail.com @]<br />
<br />
==OWASP RailsGoat - 2017 OWASP Top Ten==<br />
<br />
===Brief Explanation:===<br />
Add support for multiple OWASP Top Ten versions, such as 2017 and 2010.<br />
Currently RailsGoat supports only the 2013 version of OWASP Top Ten.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that supports additional version(s) of OWASP Top Ten<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 305 [https://github.com/OWASP/railsgoat/issues/305] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, Mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Capture-The-Flag RailsGoat Image Creation Automation==<br />
<br />
===Brief Explanation:===<br />
Create automation to build a Capture-The-Flag competition (CTF) image (VM, ISO, etc) which contains everything needed, such as [Operating System, Rails Stack, RailsGoat], so RailsGoat can easily be used in more Capture-The-Flag competitions.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that automates the process of building RailsGoat CTF images.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 306 [https://github.com/OWASP/railsgoat/issues/306] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* Some background in creating VMs/ISOs would be helpful.<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Matt Robinson [mailto:brimstone@the.narro.ws] - OWASP RailsGoat Mentor<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Merge "Security on Rails" book's lunchedin examples into RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Merge "Security on Rails" book's lunchedin examples into RailsGoat. Need to get permission from publisher. @jasnow got permission previously.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* More teaching RailsGoat examples based on "Security on Rails" book's lunchedin project.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 307 [https://github.com/OWASP/railsgoat/issues/307] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security<br />
would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Add Devise Gem Support and Vulnerabilities to RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Add Devise Support to RailsGoat along with adding Devise-related vulnerabilities.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* Using Devise gem inside RailsGoat plus Devise-related vulnerabilities.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 207 [https://github.com/OWASP/railsgoat/issues/207] and * Issue 243 [https://github.com/OWASP/railsgoat/issues/243] has more details.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Your Idea==<br />
<br />
===Brief Explanation:===<br />
RailsGoat is a great framework for learning about OWASP Top 10 2013 using a vulnerable version of the Ruby on Rails (versions 3 to 5), as well as some "extras" that the initial project contributors felt worthwhile to share. This project is designed to educate both developers, as well as security professionals. Feel free to check out the [Railsgoat Github site](https://github.com/OWASP/railsgoat) for more details. If you have an idea that is not on this list then don't worry, you can still submit it.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that makes RailsGoat even better<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
=== Needs: ===<br />
* Student Developers<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
<br />
== OHP (OWASP Honeypot) ==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
=== Getting Start ===<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to add more modules and optimize the core.<br />
<br />
=== Technologies ===<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
=== Expected Results ===<br />
...<br />
<br />
=== Roadmap ===<br />
<br />
...<br />
<br />
=== Students Requirements ===<br />
<br />
* Python<br />
* Packet Analysis<br />
* Docker<br />
* Database<br />
<br />
=== Mentors and Leaders ===<br />
<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo] (Mentor & Project Leader)<br />
* [mailto:reza.espargham@owasp.org Reza Espargham](Mentor)<br />
* [mailto:abiusx@owasp.org Abbas Naderi] (Mentor)</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSOC2018_Ideas&diff=246493GSOC2018 Ideas2019-01-10T09:43:54Z<p>Ali Razmjoo: /* Mentors and Leaders */</p>
<hr />
<div>'''OWASP Foundation has been selected as an organization to be part of the GOOGLE SUMMER CODE 2018''' <br />
<br />
=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
==OWASP ZAP==<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.<br />
===Active Scanning WebSockets===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesnt current support active scanning (automated attacking) of websockets.<br />
:<br />
:We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.<br />
:<br />
:'''Expected Results:'''<br />
:* An plugable infrastructure that allows us to active scan websockets<br />
:* Converting the relevant existing scan rules to work with websockets<br />
:* Implementing new websocket specific scan rules<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== React Handling ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP doesnt understand React applications as well as it should be able to.<br />
:<br />
:It would be great if ZAP had a much better understanding of such applications, including how to explore and attack them more effectively.<br />
:<br />
:'''Expected Results:'''<br />
:* ZAP able to explore React applications more effectively<br />
:* ZAP able to attack React applications more effectively<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* As React is written in JavaScript, good knowledge of this language is recommended. ZAP is written in Java, so some knowledge of this language would be useful. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Backslash Powered Scanner ===<br />
:'''Brief Explanation:'''<br />
:<br />
:This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html<br />
:Their implementation is open source: https://github.com/PortSwigger/backslash-powered-scanner so hopefully shouldn't be too hard to port to ZAP :)<br />
:<br />
:''' Expected Results '''<br />
:* Extend ZAP's active scanner to leverage Backslash type scanning. (Including adapting some of the existing scan rules to leverage the new component.)<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:: '''Note''' This issue was previously undertaken, however, only partial progress was made. The [https://github.com/zaproxy/zap-extensions/pull/1014 Pull Request] is still open and can be built upon. The 2018 effort needs to ensure the code builds and is successfully put to use in some of the existing scan rules and unit tests.<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be very useful.<br />
:<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Automated authentication detection and configuration ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki><br />
:<br />
:This is time consuming and error prone.<br />
:<br />
:Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.<br />
:<br />
:'''Expected Results:'''<br />
:* Detect login and registration pages<br />
:* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible<br />
:* An option to completely automate the authentication process, for as many authentication mechanisms as possible<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Zest Text Representation and Parser ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.<br />
:<br />
:A standardized text representation and parser would be very useful and help its adoption.<br />
:<br />
:'''Expected Results:'''<br />
:* A documented definition of a text representation for Zest<br />
:* A parser that converts the text representation into a working Zest script<br />
:* An option in the Zest java implementation to output Zest scripts text format<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Develop Bamboo Addon ===<br />
:'''Brief Explanation:'''<br />
:<br />
:It would be great to have an official ZAP add-on for [https://www.atlassian.com/software/bamboo Bamboo], equivalent to the one we now have for [https://wiki.jenkins.io/display/JENKINS/zap+plugin Jenkins]<br />
:<br />
:For more information about Bamboo plugins see the [https://developer.atlassian.com/server/bamboo/bamboo-plugin-guide/ Bamboo plugin guide].<br />
:<br />
:'''Expected Results:'''<br />
:<br />
:A Bamboo addon that supports:<br />
:* Spidering (using the traditional and Ajax spiders)<br />
:* Active Scanning<br />
:* Authentication<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP and Bamboo are written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Your Idea ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.<br />
:<br />
:'''Expected Results:'''<br />
:* A new feature that makes ZAP even better<br />
:* Code that conforms to our Development Rules and Guidelines<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2018 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] user story])<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Frontend Technology Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frontend framework AngularJS 1.x along with Bootstrap 3. Several major releases later, there now are [https://github.com/bkimminich/juice-shop/issues/165 Angular 5] and [https://github.com/bkimminich/juice-shop/issues/400 Bootstrap 4] available as well as other mature web frontend frameworks. Migrating the OWASP Juice Shop to the latest version of Angular and Bootstrap is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.<br />
<br />
'''Expected Results:'''<br />
* High-level target client-architecture overview including a migration plan with intermediary milestones<br />
* Execution of migration without breaking functionality or losing tests along the way<br />
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, experience with latest Javascript frameworks for frontend, testing and building<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== UI/Graphics Design Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
The UI of OWASP Juice Shop was written following recommendations from Twitter Bootstrap to be responsive, but it never had an actual designer or graphics artist take a look or add some insight. Currently the look & feel comes "out of the box" from a [https://bootswatch.com Bootswatch] theme and [https://fontawesome.com Font Awesome 5] icons. This gives it a quite modern look, but also leaves it very generic. The project could greatly benefit from involvement of someone with actual UI/UX Design expertise. Having a matching theme for [https://ctfd.io CTFd] would be another big achievement for the Juice Shop.<br />
<br />
'''Expected Results:'''<br />
* Design concepts to pick or have the user community vote on (including color schemes, sample screens, icons etc.)<br />
* Overhauling the overall UI look & feel, e.g. by making an individual Bootswatch theme or designing some individual icons<br />
* <del>Getting rid of the stock images by providing individually designed product images for the standard inventory of the shop</del> ([https://github.com/bkimminich/juice-shop/issues/315 #315] in progress)<br />
* Add more flexibility and options to the existing theming/customization of the UI (see [https://github.com/bkimminich/juice-shop/issues/379 #379])<br />
* Design a [https://github.com/bkimminich/juice-shop-ctf/issues/9 "Juice Shop" CTFd-theme] playing well with the look & feel of the application<br />
* Execution of migration without breaking functionality or client-side unit and end-to-end tests along the way<br />
<br />
''' Getting started: '''<br />
* Get familiar with the existing HTML views and CSS of the frontend<br />
* Get a feeling for the high quality bar by inspecting the existing client-side unit and e2e test suites<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Strong web and graphic design experience<br />
* Sophisticated HTML and CSS experience<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP Security Knowledge Framework - Chatbot machine learning feature==<br />
<br />
=== Brief Explanation ===<br />
We want to create a SKF Chatbot service using the knowledge already inside SKF like the knowledge base items, code examples and the security controls like ASVS and PCI DSS.<br />
<br />
The chatbot service and core of this new feature can be consumed by website’s as an addon, IDE of developers and website chat channels like Gitter.im.<br />
<br />
The core of the SKF Chatbot will be using machine learning to accomplish the hard task of correlating data and merging different sources as a response/answer.<br />
<br />
=== Expected Results ===<br />
# A Defined Knowledge Base (Data Structure / DB) which can be used to define and search for entities. For example: if a query is:<br />
## How to mitigate CSRF in PHP the system should be able to understand or translate it to: {How: intent} to {mitigate: solution} {CSRF: attack} in {PHP: programming language} This kind of query can be further user to fetch right information in the knowledge base and provide right solution (code example) for mitigating CSRF in PHP.<br />
## What is CSRF? the system should be able to understand or translate it to: {What: intent} is {CSRF: attack/defense} This kind of query can be further user to fetch right information in the knowledge base that explains CSRF and provide the security control from example ASVS<br />
# An ETL process to convert existing SKF Knowledge data and ASVS data to above mentioned data structure.<br />
# A Chatbot (using existing frameworks) to:<br />
## Understand at least two intent like (How to, What is …..) and be able to enrich the user query as mentioned above.<br />
## Based on enriched query fetch relevant information from knowledge base and return.<br />
# An integration to some chat system like Gitter.im, IRC, Slack etc.<br />
<br />
=== Knowledge Prerequisites ===<br />
* Programming languages:<br />
** OWASP-SKF API is build in Python 3.6/3.7<br />
** OWASP-SKF Frontend is build with Angular 4 TS<br />
* Machine learning enthusiastic/interest<br />
<br />
=== Proposal from student ===<br />
* We want to ask from the student to write a proposal on how to approach the problem we described.<br />
'''Mentors''':<br />
<br />
Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org] Glenn ten Cate [mailto:glenn.ten.cate@owasp.org] Minhaz [mailto:minhaz@owasp.org]<br />
<br />
==OWASP Nettacker==<br />
===Brief Explanation===<br />
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
if you need more details please visit the [https://github.com/viraintel/OWASP-Nettacker GitHub page] or contact a leader([mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:reza.espargham@owasp.org Reza Espargham]).<br />
<br />
===Getting started===<br />
<br />
* You may read the available documents in the [https://github.com/viraintel/OWASP-Nettacker/wiki wiki page]. Developers and users documents are separated.<br />
<br />
'''A Better Penetration Testing Automated Framework'''<br />
<br />
===Expected Results===<br />
The expected results are to contribute the OWASP Nettacker framework [https://github.com/viraintel/OWASP-Nettacker/issues issues] (mostly help wanted or enhancement). Please check the GitHub repo to learn more.<br />
<br />
===Knowledge Prerequisites===<br />
<br />
* The whole framework was written in Python language. You must be familiar with Python 2.x, 3.x.<br />
* Good knowledge of computer security (and penetration testing)<br />
* Knowledge of OS (Linux, Windows, Mac...) and Services<br />
* Familiar with IDS/IPS/Firewalls and ...<br />
* To develop the API you should be familiar with HTTP, Database...<br />
<br />
===Mentors===<br />
Mentors are: [mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:abiusx@owasp.org Abbas Naderi Afooshteh], [mailto:sriharsha.g15@iiits.in SRI HARSHA Gajavalli]<br />
<br />
==OWASP OWTF==<br />
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.<br />
===OWASP OWTF - MiTM proxy interception and replay capabilities===<br />
'''Brief Explanation:'''<br />
<br />
The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).<br />
<br />
The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible<br />
*ability to intercept the transactions<br />
*modify or replay transaction on the fly<br />
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code<br />
Bonus:<br />
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).<br />
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)<br />
<br />
*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)<br />
*Create a browser instance and do the necessary login procedure<br />
*Handle the browser for the URI<br />
*When called to close the browser, do a clean logout and kill the browser instance.<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - Web interface enhancements===<br />
'''Brief explanation:'''<br />
<br />
The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - New plugin architecture===<br />
'''Brief explanation:'''<br />
<br />
The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.<br />
<br />
This issue is documented in detail at https://github.com/owtf/owtf/issues/905.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
<br />
== OWASP CSRF Protector ==<br />
[[CSRFProtector Project|OWASP CSRF Protector Project]] is a project started with the goal to help developer to mitigate CSRF in web applications with ease. It's based on [[Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet|Synchronizer Token Pattern]] and leverages an injected java-script code to provide CSRF mitigation without much developer intervention. So far it has been implemented as a [https://github.com/mebjas/CSRF-Protector-PHP PHP Library] and an [[CSRFProtector Project|Apache 2.2.x module]]. Although different libraries and frameworks provide CSRF mitigation these days - all of them require developer to explicitly inject tokens with every form. <br />
===OWASP CSRF Protector - Extending the design as a python package to work with Flask and an Express JS (Node.JS) middleware===<br />
'''Brief explanation:'''<br />
<br />
The design of CSRF Protector involves a server side middle-ware that intercepts every incoming request and validates them for CSRF attacks. If the validation is successful the flow of control goes to business logic and the tokens are refreshed. In case of failed validation configured actions are taken. Post that, another middle ware takes care of injecting a JavaScript code (refer [https://github.com/mebjas/CSRF-Protector-PHP/blob/master/js/csrfprotector.js CSRF Protector PHP JS Code]) to HTML output. On the client side this code ensures that, for every request that require validation - the correct token is sent along with the request.<br />
<br />
Check [https://github.com/mebjas/CSRF-Protector-PHP/wiki GitHub Wiki] for some reference;<br />
<br />
The goal of this project would be to:<br />
# Port this design to a python module that can be used easily with Flask - [https://github.com/mebjas/CSRF-Protector-py/projects/1?add_cards_query=is%3Aopen Kanban Board]<br />
# Port this design to a node js module that can work well with express js (a popular Node.JS based framework). - [https://github.com/mebjas/CSRF-Protector-JS Initial Repo Link]<br />
# Fix some outstanding issues with java-script code used in library: [https://github.com/mebjas/CSRF-Protector-PHP/issues?q=is%3Aopen+is%3Aissue+label%3AJS Issues] <br />
'''Expected results:'''<br />
*'''IMPORTANT: Clean, maintainable (ES6 compatible and using recommended design patterns) in case of Node.JS'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Javascript (Client Side), Python (having worked with flask preferable), Node.JS (having worked with node.js and middle wares preferable)<br />
<br />
'''Mentors:''' Contact: [mailto:minhaz@owasp.org;minhazv@microsoft.com Minhaz A V]<br />
== OWASP BLT (Bug Logging Tool) ==<br />
===Brief Explanation:===<br />
<br />
BLT lets anyone report issues they find on the internet. Found something out of place on Amazon.com ? Let them know. Companies are held accountable and shows their response time and history. Get points for reporting bugs and help keep the internet bug free.<br />
<br />
Check OWASP WIKI PAGE [https://www.owasp.org/index.php/OWASP_Bug_Logging_Tool] for some reference;<br />
<br />
===Expected Results:===<br />
* Fuse app to allow easy bug reporting from phone.<br />
* BUG cryptocurrency rewarded for each bug reported - requires a way to verify bugs are valid and not duplicates<br />
* Allow for companies to do private (paid) bug bounties<br />
* allow for bug reporting via email <br />
* build a referral program<br />
* integrate an idea / suggestion feature<br />
<br />
===Knowledge Prerequisite:===<br />
BLT is written in Python / Django, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential. Fusetools will be used for the app and C++ (Bitcoin based) or Ethereum will be used for the cryptocurrency part.<br />
<br />
===Proposals from student:===<br />
* Proposal on new features <br />
* Recommendations on how to use social applications to promote OWASP BLT<br />
<br />
'''Mentors:'''<br />
* Sean Auriti [https://www.owasp.org/index.php/User:Sauriti Sean Auriti] [mailto:sean.auriti@owasp.org @] <br />
* Sourav Badami [https://www.owasp.org/index.php/User:Souravbadami Sourav Badami] [mailto:souravbadami@gmail.com @]<br />
<br />
==OWASP RailsGoat - 2017 OWASP Top Ten==<br />
<br />
===Brief Explanation:===<br />
Add support for multiple OWASP Top Ten versions, such as 2017 and 2010.<br />
Currently RailsGoat supports only the 2013 version of OWASP Top Ten.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that supports additional version(s) of OWASP Top Ten<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 305 [https://github.com/OWASP/railsgoat/issues/305] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, Mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Capture-The-Flag RailsGoat Image Creation Automation==<br />
<br />
===Brief Explanation:===<br />
Create automation to build a Capture-The-Flag competition (CTF) image (VM, ISO, etc) which contains everything needed, such as [Operating System, Rails Stack, RailsGoat], so RailsGoat can easily be used in more Capture-The-Flag competitions.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that automates the process of building RailsGoat CTF images.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 306 [https://github.com/OWASP/railsgoat/issues/306] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* Some background in creating VMs/ISOs would be helpful.<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Matt Robinson [mailto:brimstone@the.narro.ws] - OWASP RailsGoat Mentor<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Merge "Security on Rails" book's lunchedin examples into RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Merge "Security on Rails" book's lunchedin examples into RailsGoat. Need to get permission from publisher. @jasnow got permission previously.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* More teaching RailsGoat examples based on "Security on Rails" book's lunchedin project.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 307 [https://github.com/OWASP/railsgoat/issues/307] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security<br />
would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Add Devise Gem Support and Vulnerabilities to RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Add Devise Support to RailsGoat along with adding Devise-related vulnerabilities.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* Using Devise gem inside RailsGoat plus Devise-related vulnerabilities.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 207 [https://github.com/OWASP/railsgoat/issues/207] and * Issue 243 [https://github.com/OWASP/railsgoat/issues/243] has more details.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Your Idea==<br />
<br />
===Brief Explanation:===<br />
RailsGoat is a great framework for learning about OWASP Top 10 2013 using a vulnerable version of the Ruby on Rails (versions 3 to 5), as well as some "extras" that the initial project contributors felt worthwhile to share. This project is designed to educate both developers, as well as security professionals. Feel free to check out the [Railsgoat Github site](https://github.com/OWASP/railsgoat) for more details. If you have an idea that is not on this list then don't worry, you can still submit it.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that makes RailsGoat even better<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
=== Needs: ===<br />
* Student Developers<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
<br />
== OHP (OWASP Honeypot) ==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
=== Getting Start ===<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to add more modules and optimize the core.<br />
<br />
=== Technologies ===<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
=== Expected Results ===<br />
...<br />
<br />
=== Roadmap ===<br />
<br />
...<br />
<br />
=== Students Requirements ===<br />
<br />
* Python<br />
* Packet Analysis<br />
* Docker<br />
* Database<br />
<br />
=== Mentors and Leaders ===<br />
<br />
* Ali Razmjoo (Mentor & Project Leader)<br />
* Reza Espargham (Mentor)<br />
* Abbas Naderi (Mentor)</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSOC2018_Ideas&diff=246492GSOC2018 Ideas2019-01-10T09:43:00Z<p>Ali Razmjoo: /* Students Requirements */</p>
<hr />
<div>'''OWASP Foundation has been selected as an organization to be part of the GOOGLE SUMMER CODE 2018''' <br />
<br />
=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
==OWASP ZAP==<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.<br />
===Active Scanning WebSockets===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesnt current support active scanning (automated attacking) of websockets.<br />
:<br />
:We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.<br />
:<br />
:'''Expected Results:'''<br />
:* An plugable infrastructure that allows us to active scan websockets<br />
:* Converting the relevant existing scan rules to work with websockets<br />
:* Implementing new websocket specific scan rules<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== React Handling ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP doesnt understand React applications as well as it should be able to.<br />
:<br />
:It would be great if ZAP had a much better understanding of such applications, including how to explore and attack them more effectively.<br />
:<br />
:'''Expected Results:'''<br />
:* ZAP able to explore React applications more effectively<br />
:* ZAP able to attack React applications more effectively<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* As React is written in JavaScript, good knowledge of this language is recommended. ZAP is written in Java, so some knowledge of this language would be useful. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Backslash Powered Scanner ===<br />
:'''Brief Explanation:'''<br />
:<br />
:This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html<br />
:Their implementation is open source: https://github.com/PortSwigger/backslash-powered-scanner so hopefully shouldn't be too hard to port to ZAP :)<br />
:<br />
:''' Expected Results '''<br />
:* Extend ZAP's active scanner to leverage Backslash type scanning. (Including adapting some of the existing scan rules to leverage the new component.)<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:: '''Note''' This issue was previously undertaken, however, only partial progress was made. The [https://github.com/zaproxy/zap-extensions/pull/1014 Pull Request] is still open and can be built upon. The 2018 effort needs to ensure the code builds and is successfully put to use in some of the existing scan rules and unit tests.<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be very useful.<br />
:<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Automated authentication detection and configuration ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki><br />
:<br />
:This is time consuming and error prone.<br />
:<br />
:Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.<br />
:<br />
:'''Expected Results:'''<br />
:* Detect login and registration pages<br />
:* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible<br />
:* An option to completely automate the authentication process, for as many authentication mechanisms as possible<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Zest Text Representation and Parser ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.<br />
:<br />
:A standardized text representation and parser would be very useful and help its adoption.<br />
:<br />
:'''Expected Results:'''<br />
:* A documented definition of a text representation for Zest<br />
:* A parser that converts the text representation into a working Zest script<br />
:* An option in the Zest java implementation to output Zest scripts text format<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Develop Bamboo Addon ===<br />
:'''Brief Explanation:'''<br />
:<br />
:It would be great to have an official ZAP add-on for [https://www.atlassian.com/software/bamboo Bamboo], equivalent to the one we now have for [https://wiki.jenkins.io/display/JENKINS/zap+plugin Jenkins]<br />
:<br />
:For more information about Bamboo plugins see the [https://developer.atlassian.com/server/bamboo/bamboo-plugin-guide/ Bamboo plugin guide].<br />
:<br />
:'''Expected Results:'''<br />
:<br />
:A Bamboo addon that supports:<br />
:* Spidering (using the traditional and Ajax spiders)<br />
:* Active Scanning<br />
:* Authentication<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP and Bamboo are written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Your Idea ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.<br />
:<br />
:'''Expected Results:'''<br />
:* A new feature that makes ZAP even better<br />
:* Code that conforms to our Development Rules and Guidelines<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2018 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] user story])<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Frontend Technology Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frontend framework AngularJS 1.x along with Bootstrap 3. Several major releases later, there now are [https://github.com/bkimminich/juice-shop/issues/165 Angular 5] and [https://github.com/bkimminich/juice-shop/issues/400 Bootstrap 4] available as well as other mature web frontend frameworks. Migrating the OWASP Juice Shop to the latest version of Angular and Bootstrap is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.<br />
<br />
'''Expected Results:'''<br />
* High-level target client-architecture overview including a migration plan with intermediary milestones<br />
* Execution of migration without breaking functionality or losing tests along the way<br />
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, experience with latest Javascript frameworks for frontend, testing and building<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== UI/Graphics Design Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
The UI of OWASP Juice Shop was written following recommendations from Twitter Bootstrap to be responsive, but it never had an actual designer or graphics artist take a look or add some insight. Currently the look & feel comes "out of the box" from a [https://bootswatch.com Bootswatch] theme and [https://fontawesome.com Font Awesome 5] icons. This gives it a quite modern look, but also leaves it very generic. The project could greatly benefit from involvement of someone with actual UI/UX Design expertise. Having a matching theme for [https://ctfd.io CTFd] would be another big achievement for the Juice Shop.<br />
<br />
'''Expected Results:'''<br />
* Design concepts to pick or have the user community vote on (including color schemes, sample screens, icons etc.)<br />
* Overhauling the overall UI look & feel, e.g. by making an individual Bootswatch theme or designing some individual icons<br />
* <del>Getting rid of the stock images by providing individually designed product images for the standard inventory of the shop</del> ([https://github.com/bkimminich/juice-shop/issues/315 #315] in progress)<br />
* Add more flexibility and options to the existing theming/customization of the UI (see [https://github.com/bkimminich/juice-shop/issues/379 #379])<br />
* Design a [https://github.com/bkimminich/juice-shop-ctf/issues/9 "Juice Shop" CTFd-theme] playing well with the look & feel of the application<br />
* Execution of migration without breaking functionality or client-side unit and end-to-end tests along the way<br />
<br />
''' Getting started: '''<br />
* Get familiar with the existing HTML views and CSS of the frontend<br />
* Get a feeling for the high quality bar by inspecting the existing client-side unit and e2e test suites<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Strong web and graphic design experience<br />
* Sophisticated HTML and CSS experience<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP Security Knowledge Framework - Chatbot machine learning feature==<br />
<br />
=== Brief Explanation ===<br />
We want to create a SKF Chatbot service using the knowledge already inside SKF like the knowledge base items, code examples and the security controls like ASVS and PCI DSS.<br />
<br />
The chatbot service and core of this new feature can be consumed by website’s as an addon, IDE of developers and website chat channels like Gitter.im.<br />
<br />
The core of the SKF Chatbot will be using machine learning to accomplish the hard task of correlating data and merging different sources as a response/answer.<br />
<br />
=== Expected Results ===<br />
# A Defined Knowledge Base (Data Structure / DB) which can be used to define and search for entities. For example: if a query is:<br />
## How to mitigate CSRF in PHP the system should be able to understand or translate it to: {How: intent} to {mitigate: solution} {CSRF: attack} in {PHP: programming language} This kind of query can be further user to fetch right information in the knowledge base and provide right solution (code example) for mitigating CSRF in PHP.<br />
## What is CSRF? the system should be able to understand or translate it to: {What: intent} is {CSRF: attack/defense} This kind of query can be further user to fetch right information in the knowledge base that explains CSRF and provide the security control from example ASVS<br />
# An ETL process to convert existing SKF Knowledge data and ASVS data to above mentioned data structure.<br />
# A Chatbot (using existing frameworks) to:<br />
## Understand at least two intent like (How to, What is …..) and be able to enrich the user query as mentioned above.<br />
## Based on enriched query fetch relevant information from knowledge base and return.<br />
# An integration to some chat system like Gitter.im, IRC, Slack etc.<br />
<br />
=== Knowledge Prerequisites ===<br />
* Programming languages:<br />
** OWASP-SKF API is build in Python 3.6/3.7<br />
** OWASP-SKF Frontend is build with Angular 4 TS<br />
* Machine learning enthusiastic/interest<br />
<br />
=== Proposal from student ===<br />
* We want to ask from the student to write a proposal on how to approach the problem we described.<br />
'''Mentors''':<br />
<br />
Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org] Glenn ten Cate [mailto:glenn.ten.cate@owasp.org] Minhaz [mailto:minhaz@owasp.org]<br />
<br />
==OWASP Nettacker==<br />
===Brief Explanation===<br />
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
if you need more details please visit the [https://github.com/viraintel/OWASP-Nettacker GitHub page] or contact a leader([mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:reza.espargham@owasp.org Reza Espargham]).<br />
<br />
===Getting started===<br />
<br />
* You may read the available documents in the [https://github.com/viraintel/OWASP-Nettacker/wiki wiki page]. Developers and users documents are separated.<br />
<br />
'''A Better Penetration Testing Automated Framework'''<br />
<br />
===Expected Results===<br />
The expected results are to contribute the OWASP Nettacker framework [https://github.com/viraintel/OWASP-Nettacker/issues issues] (mostly help wanted or enhancement). Please check the GitHub repo to learn more.<br />
<br />
===Knowledge Prerequisites===<br />
<br />
* The whole framework was written in Python language. You must be familiar with Python 2.x, 3.x.<br />
* Good knowledge of computer security (and penetration testing)<br />
* Knowledge of OS (Linux, Windows, Mac...) and Services<br />
* Familiar with IDS/IPS/Firewalls and ...<br />
* To develop the API you should be familiar with HTTP, Database...<br />
<br />
===Mentors===<br />
Mentors are: [mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:abiusx@owasp.org Abbas Naderi Afooshteh], [mailto:sriharsha.g15@iiits.in SRI HARSHA Gajavalli]<br />
<br />
==OWASP OWTF==<br />
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.<br />
===OWASP OWTF - MiTM proxy interception and replay capabilities===<br />
'''Brief Explanation:'''<br />
<br />
The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).<br />
<br />
The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible<br />
*ability to intercept the transactions<br />
*modify or replay transaction on the fly<br />
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code<br />
Bonus:<br />
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).<br />
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)<br />
<br />
*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)<br />
*Create a browser instance and do the necessary login procedure<br />
*Handle the browser for the URI<br />
*When called to close the browser, do a clean logout and kill the browser instance.<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - Web interface enhancements===<br />
'''Brief explanation:'''<br />
<br />
The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - New plugin architecture===<br />
'''Brief explanation:'''<br />
<br />
The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.<br />
<br />
This issue is documented in detail at https://github.com/owtf/owtf/issues/905.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
<br />
== OWASP CSRF Protector ==<br />
[[CSRFProtector Project|OWASP CSRF Protector Project]] is a project started with the goal to help developer to mitigate CSRF in web applications with ease. It's based on [[Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet|Synchronizer Token Pattern]] and leverages an injected java-script code to provide CSRF mitigation without much developer intervention. So far it has been implemented as a [https://github.com/mebjas/CSRF-Protector-PHP PHP Library] and an [[CSRFProtector Project|Apache 2.2.x module]]. Although different libraries and frameworks provide CSRF mitigation these days - all of them require developer to explicitly inject tokens with every form. <br />
===OWASP CSRF Protector - Extending the design as a python package to work with Flask and an Express JS (Node.JS) middleware===<br />
'''Brief explanation:'''<br />
<br />
The design of CSRF Protector involves a server side middle-ware that intercepts every incoming request and validates them for CSRF attacks. If the validation is successful the flow of control goes to business logic and the tokens are refreshed. In case of failed validation configured actions are taken. Post that, another middle ware takes care of injecting a JavaScript code (refer [https://github.com/mebjas/CSRF-Protector-PHP/blob/master/js/csrfprotector.js CSRF Protector PHP JS Code]) to HTML output. On the client side this code ensures that, for every request that require validation - the correct token is sent along with the request.<br />
<br />
Check [https://github.com/mebjas/CSRF-Protector-PHP/wiki GitHub Wiki] for some reference;<br />
<br />
The goal of this project would be to:<br />
# Port this design to a python module that can be used easily with Flask - [https://github.com/mebjas/CSRF-Protector-py/projects/1?add_cards_query=is%3Aopen Kanban Board]<br />
# Port this design to a node js module that can work well with express js (a popular Node.JS based framework). - [https://github.com/mebjas/CSRF-Protector-JS Initial Repo Link]<br />
# Fix some outstanding issues with java-script code used in library: [https://github.com/mebjas/CSRF-Protector-PHP/issues?q=is%3Aopen+is%3Aissue+label%3AJS Issues] <br />
'''Expected results:'''<br />
*'''IMPORTANT: Clean, maintainable (ES6 compatible and using recommended design patterns) in case of Node.JS'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Javascript (Client Side), Python (having worked with flask preferable), Node.JS (having worked with node.js and middle wares preferable)<br />
<br />
'''Mentors:''' Contact: [mailto:minhaz@owasp.org;minhazv@microsoft.com Minhaz A V]<br />
== OWASP BLT (Bug Logging Tool) ==<br />
===Brief Explanation:===<br />
<br />
BLT lets anyone report issues they find on the internet. Found something out of place on Amazon.com ? Let them know. Companies are held accountable and shows their response time and history. Get points for reporting bugs and help keep the internet bug free.<br />
<br />
Check OWASP WIKI PAGE [https://www.owasp.org/index.php/OWASP_Bug_Logging_Tool] for some reference;<br />
<br />
===Expected Results:===<br />
* Fuse app to allow easy bug reporting from phone.<br />
* BUG cryptocurrency rewarded for each bug reported - requires a way to verify bugs are valid and not duplicates<br />
* Allow for companies to do private (paid) bug bounties<br />
* allow for bug reporting via email <br />
* build a referral program<br />
* integrate an idea / suggestion feature<br />
<br />
===Knowledge Prerequisite:===<br />
BLT is written in Python / Django, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential. Fusetools will be used for the app and C++ (Bitcoin based) or Ethereum will be used for the cryptocurrency part.<br />
<br />
===Proposals from student:===<br />
* Proposal on new features <br />
* Recommendations on how to use social applications to promote OWASP BLT<br />
<br />
'''Mentors:'''<br />
* Sean Auriti [https://www.owasp.org/index.php/User:Sauriti Sean Auriti] [mailto:sean.auriti@owasp.org @] <br />
* Sourav Badami [https://www.owasp.org/index.php/User:Souravbadami Sourav Badami] [mailto:souravbadami@gmail.com @]<br />
<br />
==OWASP RailsGoat - 2017 OWASP Top Ten==<br />
<br />
===Brief Explanation:===<br />
Add support for multiple OWASP Top Ten versions, such as 2017 and 2010.<br />
Currently RailsGoat supports only the 2013 version of OWASP Top Ten.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that supports additional version(s) of OWASP Top Ten<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 305 [https://github.com/OWASP/railsgoat/issues/305] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, Mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Capture-The-Flag RailsGoat Image Creation Automation==<br />
<br />
===Brief Explanation:===<br />
Create automation to build a Capture-The-Flag competition (CTF) image (VM, ISO, etc) which contains everything needed, such as [Operating System, Rails Stack, RailsGoat], so RailsGoat can easily be used in more Capture-The-Flag competitions.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that automates the process of building RailsGoat CTF images.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 306 [https://github.com/OWASP/railsgoat/issues/306] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* Some background in creating VMs/ISOs would be helpful.<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Matt Robinson [mailto:brimstone@the.narro.ws] - OWASP RailsGoat Mentor<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Merge "Security on Rails" book's lunchedin examples into RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Merge "Security on Rails" book's lunchedin examples into RailsGoat. Need to get permission from publisher. @jasnow got permission previously.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* More teaching RailsGoat examples based on "Security on Rails" book's lunchedin project.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 307 [https://github.com/OWASP/railsgoat/issues/307] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security<br />
would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Add Devise Gem Support and Vulnerabilities to RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Add Devise Support to RailsGoat along with adding Devise-related vulnerabilities.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* Using Devise gem inside RailsGoat plus Devise-related vulnerabilities.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 207 [https://github.com/OWASP/railsgoat/issues/207] and * Issue 243 [https://github.com/OWASP/railsgoat/issues/243] has more details.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Your Idea==<br />
<br />
===Brief Explanation:===<br />
RailsGoat is a great framework for learning about OWASP Top 10 2013 using a vulnerable version of the Ruby on Rails (versions 3 to 5), as well as some "extras" that the initial project contributors felt worthwhile to share. This project is designed to educate both developers, as well as security professionals. Feel free to check out the [Railsgoat Github site](https://github.com/OWASP/railsgoat) for more details. If you have an idea that is not on this list then don't worry, you can still submit it.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that makes RailsGoat even better<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
=== Needs: ===<br />
* Student Developers<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
<br />
== OHP (OWASP Honeypot) ==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
=== Getting Start ===<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to add more modules and optimize the core.<br />
<br />
=== Technologies ===<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
=== Expected Results ===<br />
...<br />
<br />
=== Roadmap ===<br />
<br />
...<br />
<br />
=== Students Requirements ===<br />
<br />
* Python<br />
* Packet Analysis<br />
* Docker<br />
* Database<br />
<br />
=== Mentors and Leaders ===<br />
<br />
...</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSOC2018_Ideas&diff=246491GSOC2018 Ideas2019-01-10T09:38:32Z<p>Ali Razmjoo: </p>
<hr />
<div>'''OWASP Foundation has been selected as an organization to be part of the GOOGLE SUMMER CODE 2018''' <br />
<br />
=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
==OWASP ZAP==<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.<br />
===Active Scanning WebSockets===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesnt current support active scanning (automated attacking) of websockets.<br />
:<br />
:We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.<br />
:<br />
:'''Expected Results:'''<br />
:* An plugable infrastructure that allows us to active scan websockets<br />
:* Converting the relevant existing scan rules to work with websockets<br />
:* Implementing new websocket specific scan rules<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== React Handling ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP doesnt understand React applications as well as it should be able to.<br />
:<br />
:It would be great if ZAP had a much better understanding of such applications, including how to explore and attack them more effectively.<br />
:<br />
:'''Expected Results:'''<br />
:* ZAP able to explore React applications more effectively<br />
:* ZAP able to attack React applications more effectively<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* As React is written in JavaScript, good knowledge of this language is recommended. ZAP is written in Java, so some knowledge of this language would be useful. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Backslash Powered Scanner ===<br />
:'''Brief Explanation:'''<br />
:<br />
:This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html<br />
:Their implementation is open source: https://github.com/PortSwigger/backslash-powered-scanner so hopefully shouldn't be too hard to port to ZAP :)<br />
:<br />
:''' Expected Results '''<br />
:* Extend ZAP's active scanner to leverage Backslash type scanning. (Including adapting some of the existing scan rules to leverage the new component.)<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:: '''Note''' This issue was previously undertaken, however, only partial progress was made. The [https://github.com/zaproxy/zap-extensions/pull/1014 Pull Request] is still open and can be built upon. The 2018 effort needs to ensure the code builds and is successfully put to use in some of the existing scan rules and unit tests.<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be very useful.<br />
:<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Automated authentication detection and configuration ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki><br />
:<br />
:This is time consuming and error prone.<br />
:<br />
:Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.<br />
:<br />
:'''Expected Results:'''<br />
:* Detect login and registration pages<br />
:* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible<br />
:* An option to completely automate the authentication process, for as many authentication mechanisms as possible<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Zest Text Representation and Parser ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.<br />
:<br />
:A standardized text representation and parser would be very useful and help its adoption.<br />
:<br />
:'''Expected Results:'''<br />
:* A documented definition of a text representation for Zest<br />
:* A parser that converts the text representation into a working Zest script<br />
:* An option in the Zest java implementation to output Zest scripts text format<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Develop Bamboo Addon ===<br />
:'''Brief Explanation:'''<br />
:<br />
:It would be great to have an official ZAP add-on for [https://www.atlassian.com/software/bamboo Bamboo], equivalent to the one we now have for [https://wiki.jenkins.io/display/JENKINS/zap+plugin Jenkins]<br />
:<br />
:For more information about Bamboo plugins see the [https://developer.atlassian.com/server/bamboo/bamboo-plugin-guide/ Bamboo plugin guide].<br />
:<br />
:'''Expected Results:'''<br />
:<br />
:A Bamboo addon that supports:<br />
:* Spidering (using the traditional and Ajax spiders)<br />
:* Active Scanning<br />
:* Authentication<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP and Bamboo are written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Your Idea ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.<br />
:<br />
:'''Expected Results:'''<br />
:* A new feature that makes ZAP even better<br />
:* Code that conforms to our Development Rules and Guidelines<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2018 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] user story])<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Frontend Technology Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frontend framework AngularJS 1.x along with Bootstrap 3. Several major releases later, there now are [https://github.com/bkimminich/juice-shop/issues/165 Angular 5] and [https://github.com/bkimminich/juice-shop/issues/400 Bootstrap 4] available as well as other mature web frontend frameworks. Migrating the OWASP Juice Shop to the latest version of Angular and Bootstrap is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.<br />
<br />
'''Expected Results:'''<br />
* High-level target client-architecture overview including a migration plan with intermediary milestones<br />
* Execution of migration without breaking functionality or losing tests along the way<br />
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, experience with latest Javascript frameworks for frontend, testing and building<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== UI/Graphics Design Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
The UI of OWASP Juice Shop was written following recommendations from Twitter Bootstrap to be responsive, but it never had an actual designer or graphics artist take a look or add some insight. Currently the look & feel comes "out of the box" from a [https://bootswatch.com Bootswatch] theme and [https://fontawesome.com Font Awesome 5] icons. This gives it a quite modern look, but also leaves it very generic. The project could greatly benefit from involvement of someone with actual UI/UX Design expertise. Having a matching theme for [https://ctfd.io CTFd] would be another big achievement for the Juice Shop.<br />
<br />
'''Expected Results:'''<br />
* Design concepts to pick or have the user community vote on (including color schemes, sample screens, icons etc.)<br />
* Overhauling the overall UI look & feel, e.g. by making an individual Bootswatch theme or designing some individual icons<br />
* <del>Getting rid of the stock images by providing individually designed product images for the standard inventory of the shop</del> ([https://github.com/bkimminich/juice-shop/issues/315 #315] in progress)<br />
* Add more flexibility and options to the existing theming/customization of the UI (see [https://github.com/bkimminich/juice-shop/issues/379 #379])<br />
* Design a [https://github.com/bkimminich/juice-shop-ctf/issues/9 "Juice Shop" CTFd-theme] playing well with the look & feel of the application<br />
* Execution of migration without breaking functionality or client-side unit and end-to-end tests along the way<br />
<br />
''' Getting started: '''<br />
* Get familiar with the existing HTML views and CSS of the frontend<br />
* Get a feeling for the high quality bar by inspecting the existing client-side unit and e2e test suites<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Strong web and graphic design experience<br />
* Sophisticated HTML and CSS experience<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP Security Knowledge Framework - Chatbot machine learning feature==<br />
<br />
=== Brief Explanation ===<br />
We want to create a SKF Chatbot service using the knowledge already inside SKF like the knowledge base items, code examples and the security controls like ASVS and PCI DSS.<br />
<br />
The chatbot service and core of this new feature can be consumed by website’s as an addon, IDE of developers and website chat channels like Gitter.im.<br />
<br />
The core of the SKF Chatbot will be using machine learning to accomplish the hard task of correlating data and merging different sources as a response/answer.<br />
<br />
=== Expected Results ===<br />
# A Defined Knowledge Base (Data Structure / DB) which can be used to define and search for entities. For example: if a query is:<br />
## How to mitigate CSRF in PHP the system should be able to understand or translate it to: {How: intent} to {mitigate: solution} {CSRF: attack} in {PHP: programming language} This kind of query can be further user to fetch right information in the knowledge base and provide right solution (code example) for mitigating CSRF in PHP.<br />
## What is CSRF? the system should be able to understand or translate it to: {What: intent} is {CSRF: attack/defense} This kind of query can be further user to fetch right information in the knowledge base that explains CSRF and provide the security control from example ASVS<br />
# An ETL process to convert existing SKF Knowledge data and ASVS data to above mentioned data structure.<br />
# A Chatbot (using existing frameworks) to:<br />
## Understand at least two intent like (How to, What is …..) and be able to enrich the user query as mentioned above.<br />
## Based on enriched query fetch relevant information from knowledge base and return.<br />
# An integration to some chat system like Gitter.im, IRC, Slack etc.<br />
<br />
=== Knowledge Prerequisites ===<br />
* Programming languages:<br />
** OWASP-SKF API is build in Python 3.6/3.7<br />
** OWASP-SKF Frontend is build with Angular 4 TS<br />
* Machine learning enthusiastic/interest<br />
<br />
=== Proposal from student ===<br />
* We want to ask from the student to write a proposal on how to approach the problem we described.<br />
'''Mentors''':<br />
<br />
Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org] Glenn ten Cate [mailto:glenn.ten.cate@owasp.org] Minhaz [mailto:minhaz@owasp.org]<br />
<br />
==OWASP Nettacker==<br />
===Brief Explanation===<br />
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
if you need more details please visit the [https://github.com/viraintel/OWASP-Nettacker GitHub page] or contact a leader([mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:reza.espargham@owasp.org Reza Espargham]).<br />
<br />
===Getting started===<br />
<br />
* You may read the available documents in the [https://github.com/viraintel/OWASP-Nettacker/wiki wiki page]. Developers and users documents are separated.<br />
<br />
'''A Better Penetration Testing Automated Framework'''<br />
<br />
===Expected Results===<br />
The expected results are to contribute the OWASP Nettacker framework [https://github.com/viraintel/OWASP-Nettacker/issues issues] (mostly help wanted or enhancement). Please check the GitHub repo to learn more.<br />
<br />
===Knowledge Prerequisites===<br />
<br />
* The whole framework was written in Python language. You must be familiar with Python 2.x, 3.x.<br />
* Good knowledge of computer security (and penetration testing)<br />
* Knowledge of OS (Linux, Windows, Mac...) and Services<br />
* Familiar with IDS/IPS/Firewalls and ...<br />
* To develop the API you should be familiar with HTTP, Database...<br />
<br />
===Mentors===<br />
Mentors are: [mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:abiusx@owasp.org Abbas Naderi Afooshteh], [mailto:sriharsha.g15@iiits.in SRI HARSHA Gajavalli]<br />
<br />
==OWASP OWTF==<br />
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.<br />
===OWASP OWTF - MiTM proxy interception and replay capabilities===<br />
'''Brief Explanation:'''<br />
<br />
The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).<br />
<br />
The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible<br />
*ability to intercept the transactions<br />
*modify or replay transaction on the fly<br />
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code<br />
Bonus:<br />
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).<br />
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)<br />
<br />
*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)<br />
*Create a browser instance and do the necessary login procedure<br />
*Handle the browser for the URI<br />
*When called to close the browser, do a clean logout and kill the browser instance.<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - Web interface enhancements===<br />
'''Brief explanation:'''<br />
<br />
The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - New plugin architecture===<br />
'''Brief explanation:'''<br />
<br />
The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.<br />
<br />
This issue is documented in detail at https://github.com/owtf/owtf/issues/905.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
<br />
== OWASP CSRF Protector ==<br />
[[CSRFProtector Project|OWASP CSRF Protector Project]] is a project started with the goal to help developer to mitigate CSRF in web applications with ease. It's based on [[Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet|Synchronizer Token Pattern]] and leverages an injected java-script code to provide CSRF mitigation without much developer intervention. So far it has been implemented as a [https://github.com/mebjas/CSRF-Protector-PHP PHP Library] and an [[CSRFProtector Project|Apache 2.2.x module]]. Although different libraries and frameworks provide CSRF mitigation these days - all of them require developer to explicitly inject tokens with every form. <br />
===OWASP CSRF Protector - Extending the design as a python package to work with Flask and an Express JS (Node.JS) middleware===<br />
'''Brief explanation:'''<br />
<br />
The design of CSRF Protector involves a server side middle-ware that intercepts every incoming request and validates them for CSRF attacks. If the validation is successful the flow of control goes to business logic and the tokens are refreshed. In case of failed validation configured actions are taken. Post that, another middle ware takes care of injecting a JavaScript code (refer [https://github.com/mebjas/CSRF-Protector-PHP/blob/master/js/csrfprotector.js CSRF Protector PHP JS Code]) to HTML output. On the client side this code ensures that, for every request that require validation - the correct token is sent along with the request.<br />
<br />
Check [https://github.com/mebjas/CSRF-Protector-PHP/wiki GitHub Wiki] for some reference;<br />
<br />
The goal of this project would be to:<br />
# Port this design to a python module that can be used easily with Flask - [https://github.com/mebjas/CSRF-Protector-py/projects/1?add_cards_query=is%3Aopen Kanban Board]<br />
# Port this design to a node js module that can work well with express js (a popular Node.JS based framework). - [https://github.com/mebjas/CSRF-Protector-JS Initial Repo Link]<br />
# Fix some outstanding issues with java-script code used in library: [https://github.com/mebjas/CSRF-Protector-PHP/issues?q=is%3Aopen+is%3Aissue+label%3AJS Issues] <br />
'''Expected results:'''<br />
*'''IMPORTANT: Clean, maintainable (ES6 compatible and using recommended design patterns) in case of Node.JS'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Javascript (Client Side), Python (having worked with flask preferable), Node.JS (having worked with node.js and middle wares preferable)<br />
<br />
'''Mentors:''' Contact: [mailto:minhaz@owasp.org;minhazv@microsoft.com Minhaz A V]<br />
== OWASP BLT (Bug Logging Tool) ==<br />
===Brief Explanation:===<br />
<br />
BLT lets anyone report issues they find on the internet. Found something out of place on Amazon.com ? Let them know. Companies are held accountable and shows their response time and history. Get points for reporting bugs and help keep the internet bug free.<br />
<br />
Check OWASP WIKI PAGE [https://www.owasp.org/index.php/OWASP_Bug_Logging_Tool] for some reference;<br />
<br />
===Expected Results:===<br />
* Fuse app to allow easy bug reporting from phone.<br />
* BUG cryptocurrency rewarded for each bug reported - requires a way to verify bugs are valid and not duplicates<br />
* Allow for companies to do private (paid) bug bounties<br />
* allow for bug reporting via email <br />
* build a referral program<br />
* integrate an idea / suggestion feature<br />
<br />
===Knowledge Prerequisite:===<br />
BLT is written in Python / Django, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential. Fusetools will be used for the app and C++ (Bitcoin based) or Ethereum will be used for the cryptocurrency part.<br />
<br />
===Proposals from student:===<br />
* Proposal on new features <br />
* Recommendations on how to use social applications to promote OWASP BLT<br />
<br />
'''Mentors:'''<br />
* Sean Auriti [https://www.owasp.org/index.php/User:Sauriti Sean Auriti] [mailto:sean.auriti@owasp.org @] <br />
* Sourav Badami [https://www.owasp.org/index.php/User:Souravbadami Sourav Badami] [mailto:souravbadami@gmail.com @]<br />
<br />
==OWASP RailsGoat - 2017 OWASP Top Ten==<br />
<br />
===Brief Explanation:===<br />
Add support for multiple OWASP Top Ten versions, such as 2017 and 2010.<br />
Currently RailsGoat supports only the 2013 version of OWASP Top Ten.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that supports additional version(s) of OWASP Top Ten<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 305 [https://github.com/OWASP/railsgoat/issues/305] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, Mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Capture-The-Flag RailsGoat Image Creation Automation==<br />
<br />
===Brief Explanation:===<br />
Create automation to build a Capture-The-Flag competition (CTF) image (VM, ISO, etc) which contains everything needed, such as [Operating System, Rails Stack, RailsGoat], so RailsGoat can easily be used in more Capture-The-Flag competitions.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that automates the process of building RailsGoat CTF images.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 306 [https://github.com/OWASP/railsgoat/issues/306] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* Some background in creating VMs/ISOs would be helpful.<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Matt Robinson [mailto:brimstone@the.narro.ws] - OWASP RailsGoat Mentor<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Merge "Security on Rails" book's lunchedin examples into RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Merge "Security on Rails" book's lunchedin examples into RailsGoat. Need to get permission from publisher. @jasnow got permission previously.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* More teaching RailsGoat examples based on "Security on Rails" book's lunchedin project.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 307 [https://github.com/OWASP/railsgoat/issues/307] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security<br />
would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Add Devise Gem Support and Vulnerabilities to RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Add Devise Support to RailsGoat along with adding Devise-related vulnerabilities.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* Using Devise gem inside RailsGoat plus Devise-related vulnerabilities.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 207 [https://github.com/OWASP/railsgoat/issues/207] and * Issue 243 [https://github.com/OWASP/railsgoat/issues/243] has more details.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Your Idea==<br />
<br />
===Brief Explanation:===<br />
RailsGoat is a great framework for learning about OWASP Top 10 2013 using a vulnerable version of the Ruby on Rails (versions 3 to 5), as well as some "extras" that the initial project contributors felt worthwhile to share. This project is designed to educate both developers, as well as security professionals. Feel free to check out the [Railsgoat Github site](https://github.com/OWASP/railsgoat) for more details. If you have an idea that is not on this list then don't worry, you can still submit it.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that makes RailsGoat even better<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
=== Needs: ===<br />
* Student Developers<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
<br />
== OHP (OWASP Honeypot) ==<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
=== Getting Start ===<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to add more modules and optimize the core.<br />
<br />
=== Technologies ===<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
=== Expected Results ===<br />
...<br />
<br />
=== Roadmap ===<br />
<br />
...<br />
<br />
=== Students Requirements ===<br />
<br />
...<br />
<br />
=== Mentors and Leaders ===<br />
<br />
...</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=GSOC2018_Ideas&diff=246490GSOC2018 Ideas2019-01-10T09:37:30Z<p>Ali Razmjoo: add ohp</p>
<hr />
<div>'''OWASP Foundation has been selected as an organization to be part of the GOOGLE SUMMER CODE 2018''' <br />
<br />
=OWASP Project Requests=<br />
<br />
'''Tips to get you started in no particular order:''' <br />
'''* Read [https://developers.google.com/open-source/gsoc/ Google Summer of Code Program(GSOC)]`'''<br />
'''* Read the [[GSoC SAT]] '''<br />
* Read the [https://www.owasp.org/index.php/GSoC GSOC Student Guidelines]<br />
* Contact us through the mailing list or irc channel.<br />
* Check our [https://github.com/OWASP github organization]<br />
==OWASP ZAP==<br />
[[OWASP Zed Attack Proxy Project]] (ZAP) The OWASP Zed Attack Proxy (ZAP) is one of the world’s most popular free security tools and is actively maintained by hundreds of international volunteers. Previous GSoC students have implemented key parts of the ZAP core functionality and have been offered (and accepted) jobs based on their work on ZAP.<br />
<br />
We have just included a few of the ideas we have here, for a more complete list see the issues on the ZAP bug tracker with the [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3Aproject project] label.<br />
===Active Scanning WebSockets===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP has good support for websockets, and allows them to be intercepted, changed and fuzzed. Unfortunately it doesnt current support active scanning (automated attacking) of websockets.<br />
:<br />
:We would like to add active scanning support to websockets, ideally in a generic way which would allow us to reuse as many of our existing rules as are relevant. Adding additional websocket specific attacks would also be very useful.<br />
:<br />
:'''Expected Results:'''<br />
:* An plugable infrastructure that allows us to active scan websockets<br />
:* Converting the relevant existing scan rules to work with websockets<br />
:* Implementing new websocket specific scan rules<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== React Handling ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP doesnt understand React applications as well as it should be able to.<br />
:<br />
:It would be great if ZAP had a much better understanding of such applications, including how to explore and attack them more effectively.<br />
:<br />
:'''Expected Results:'''<br />
:* ZAP able to explore React applications more effectively<br />
:* ZAP able to attack React applications more effectively<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* As React is written in JavaScript, good knowledge of this language is recommended. ZAP is written in Java, so some knowledge of this language would be useful. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Backslash Powered Scanner ===<br />
:'''Brief Explanation:'''<br />
:<br />
:This is a brand new technique developed by one of the Burp guys: http://blog.portswigger.net/2016/11/backslash-powered-scanning-hunting.html<br />
:Their implementation is open source: https://github.com/PortSwigger/backslash-powered-scanner so hopefully shouldn't be too hard to port to ZAP :)<br />
:<br />
:''' Expected Results '''<br />
:* Extend ZAP's active scanner to leverage Backslash type scanning. (Including adapting some of the existing scan rules to leverage the new component.)<br />
:* Code that conforms to our [https://github.com/zaproxy/zaproxy/wiki/DevGuidelines Development Rules and Guidelines]<br />
:: '''Note''' This issue was previously undertaken, however, only partial progress was made. The [https://github.com/zaproxy/zap-extensions/pull/1014 Pull Request] is still open and can be built upon. The 2018 effort needs to ensure the code builds and is successfully put to use in some of the existing scan rules and unit tests.<br />
:<br />
:''' Knowledge Prerequisite: '''<br />
:ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be very useful.<br />
:<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Automated authentication detection and configuration ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Currently a user must manually configure ZAP to handle authentication, eg as per <nowiki>https://github.com/zaproxy/zaproxy/wiki/FAQformauth</nowiki><br />
:<br />
:This is time consuming and error prone.<br />
:<br />
:Ideally ZAP would help detect login and registration pages and provide more assistance when configuring authentication, ideally being able to completely automate the task for as many sort of webapps as possible.<br />
:<br />
:'''Expected Results:'''<br />
:* Detect login and registration pages<br />
:* Provide a wizard to walk users through the process of setting up authentication, with as much assistance as possible<br />
:* An option to completely automate the authentication process, for as many authentication mechanisms as possible<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Zest Text Representation and Parser ===<br />
:'''Brief Explanation:'''<br />
:<br />
:Zest is a graphical scripting language from the Mozilla Security team, and is used as the ZAP macro language.<br />
:<br />
:A standardized text representation and parser would be very useful and help its adoption.<br />
:<br />
:'''Expected Results:'''<br />
:* A documented definition of a text representation for Zest<br />
:* A parser that converts the text representation into a working Zest script<br />
:* An option in the Zest java implementation to output Zest scripts text format<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* The Zest reference implementation is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Develop Bamboo Addon ===<br />
:'''Brief Explanation:'''<br />
:<br />
:It would be great to have an official ZAP add-on for [https://www.atlassian.com/software/bamboo Bamboo], equivalent to the one we now have for [https://wiki.jenkins.io/display/JENKINS/zap+plugin Jenkins]<br />
:<br />
:For more information about Bamboo plugins see the [https://developer.atlassian.com/server/bamboo/bamboo-plugin-guide/ Bamboo plugin guide].<br />
:<br />
:'''Expected Results:'''<br />
:<br />
:A Bamboo addon that supports:<br />
:* Spidering (using the traditional and Ajax spiders)<br />
:* Active Scanning<br />
:* Authentication<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP and Bamboo are written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
=== Your Idea ===<br />
:'''Brief Explanation:'''<br />
:<br />
:ZAP is a great framework for building new and innovative security testing solutions. If you have an idea that is not on this list then don't worry, you can still submit it, we have accepted original projects in previous years and have even paid a student to work on their idea when we did not get enough GSoC slots to accept all of the projects we wanted.<br />
:<br />
:'''Expected Results:'''<br />
:* A new feature that makes ZAP even better<br />
:* Code that conforms to our Development Rules and Guidelines<br />
:<br />
:''' Getting started: '''<br />
:* Have a look at the ZAP [https://github.com/zaproxy/zaproxy/blob/develop/CONTRIBUTING.md CONTRIBUTING.md] file, especially the 'Coding section.<br />
:* We like to see students who have already contributed to ZAP, so try fixing one of the bugs flagged as [https://github.com/zaproxy/zaproxy/issues?q=is%3Aopen+is%3Aissue+label%3AIdealFirstBug IdealFirstBug].<br />
:<br />
:'''Knowledge Prerequisites:'''<br />
:* ZAP is written in Java, so a good knowledge of this language is recommended. Some knowledge of application security would be useful, but not essential.<br />
:'''Mentors:''' [https://www.owasp.org/index.php/User:Psiinon Simon Bennetts] [mailto:psiinon@gmail.com @] and the rest of the ZAP Core Team<br />
<br />
== OWASP Juice Shop ==<br />
<br />
[[OWASP Juice Shop Project]] is an intentionally insecure webapp for security trainings written entirely in Javascript which encompasses the entire OWASP Top Ten and other severe security flaws. Juice Shop is written in Node.js, Express and AngularJS. The application contains more than 30 challenges of varying difficulty where the user is supposed to exploit the underlying vulnerabilities. Apart from the hacker and awareness training use case, pentesting proxies or security scanners can use Juice Shop as a "guinea pig"-application to check how well their tools cope with Javascript-heavy application frontends and REST APIs.<br />
The best way to get in touch with us is the '''community chat on https://gitter.im/bkimminich/juice-shop<nowiki/>.''' You can also send PMs to the mentors (@bkimminich, @wurstbrot and @J12934) there if you like!<br />
<br />
To receive early feedback please '''put your proposal on Google Docs and submit it to the OWASP Organization on Google's GSoC page''' in ''Draft Shared'' mode. Please pick '''''juice shop'' as Proposal Tag''' to make them easier to find for us. '''Thank you!'''<br />
<br />
=== Challenge Pack 2018 ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Ideas for potential new hacking challenges are collected in [https://github.com/bkimminich/juice-shop/issues?q=is%3Aissue+is%3Aopen+label%3Achallenge GitHub issues labeled "challenge"]. This project could implement a whole bunch of challenges one by one and release them over the course of several small releases. This would allow the student to work in a professional Continuous Delivery kind of way while bringing benefit to the Juice Shop over the duration of the project.<br />
<br />
Coming up with additional ideas for challenges would be part of the project scope, as the list of pre-existing ideas might not be sufficient for a GSoC project.<br />
<br />
'''Expected Results:'''<br />
* 10 or more new challenges for OWASP Juice Shop (including required functional enhancements to place the challenges in, e.g. the [https://github.com/bkimminich/juice-shop/issues/244 Order Dashboard] user story])<br />
* Each challenge comes with full functional unit and integration tests<br />
* Each challenge is verified to be exploitable by corresponding end-to-end tests<br />
* Hint and solution sections for each new challenge are added to the "Pwning OWASP Juice Shop" ebook<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS (1.x) and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Frontend Technology Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
Development of OWASP Juice Shop started in 2014 and was based on - back then - quite recent Javascript frontend framework AngularJS 1.x along with Bootstrap 3. Several major releases later, there now are [https://github.com/bkimminich/juice-shop/issues/165 Angular 5] and [https://github.com/bkimminich/juice-shop/issues/400 Bootstrap 4] available as well as other mature web frontend frameworks. Migrating the OWASP Juice Shop to the latest version of Angular and Bootstrap is an important step to keep the application relevant as ''the most modern'' intentionally broken web application. Moving to entirely different frameworks might be taken into considerationas well.<br />
<br />
'''Expected Results:'''<br />
* High-level target client-architecture overview including a migration plan with intermediary milestones<br />
* Execution of migration without breaking functionality or losing tests along the way<br />
* Code follows existing (or new) styleguides and passes all existing (or new) quality gates regarding code smells, test coverage etc.<br />
<br />
''' Getting started: '''<br />
* Get familiar with the architecture and code base of the application's rich Javascript frontend and RESTful backend<br />
* Get a feeling for the high code & test quality bar by inspecting the existing test suites and static code analysis results<br />
* Get familiar with the CI/CD process based on Travis-CI and several associated 3rd party services<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, experience with latest Javascript frameworks for frontend, testing and building<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== UI/Graphics Design Update ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
The UI of OWASP Juice Shop was written following recommendations from Twitter Bootstrap to be responsive, but it never had an actual designer or graphics artist take a look or add some insight. Currently the look & feel comes "out of the box" from a [https://bootswatch.com Bootswatch] theme and [https://fontawesome.com Font Awesome 5] icons. This gives it a quite modern look, but also leaves it very generic. The project could greatly benefit from involvement of someone with actual UI/UX Design expertise. Having a matching theme for [https://ctfd.io CTFd] would be another big achievement for the Juice Shop.<br />
<br />
'''Expected Results:'''<br />
* Design concepts to pick or have the user community vote on (including color schemes, sample screens, icons etc.)<br />
* Overhauling the overall UI look & feel, e.g. by making an individual Bootswatch theme or designing some individual icons<br />
* <del>Getting rid of the stock images by providing individually designed product images for the standard inventory of the shop</del> ([https://github.com/bkimminich/juice-shop/issues/315 #315] in progress)<br />
* Add more flexibility and options to the existing theming/customization of the UI (see [https://github.com/bkimminich/juice-shop/issues/379 #379])<br />
* Design a [https://github.com/bkimminich/juice-shop-ctf/issues/9 "Juice Shop" CTFd-theme] playing well with the look & feel of the application<br />
* Execution of migration without breaking functionality or client-side unit and end-to-end tests along the way<br />
<br />
''' Getting started: '''<br />
* Get familiar with the existing HTML views and CSS of the frontend<br />
* Get a feeling for the high quality bar by inspecting the existing client-side unit and e2e test suites<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Strong web and graphic design experience<br />
* Sophisticated HTML and CSS experience<br />
<br />
'''Mentors:'''<br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
* [[User:Timo Pagel|Timo Pagel]] - OWASP Juice Shop Project Collaborator<br />
* Jannik Hollenbach - OWASP Juice Shop Project Collaborator<br />
<br />
=== Your idea ===<br />
<br />
'''Brief Explanation:'''<br />
<br />
You have an awesome idea to improve OWASP Juice Shop that is not on this list? Great, please submit it!<br />
<br />
''' Getting started '''<br />
* Get in touch with [https://www.owasp.org/index.php/User:Bjoern_Kimminich Bjoern Kimminich]<br />
<br />
'''Expected Results:'''<br />
* A new feature that makes OWASP Juice Shop even better<br />
* Code follows existing styleguides and passes all existing quality gates regarding code smells, test coverage etc.<br />
<br />
'''Knowledge Prerequisites:'''<br />
* Javascript, Unit/Integration testing, experience with (or willingness to learn) AngularJS and NodeJS/Express, some security knowledge would be preferable.<br />
<br />
'''Mentors:''' <br />
* [[User:Bjoern_Kimminich|Bjoern Kimminich]] - OWASP Juice Shop Project Leader<br />
<br />
==OWASP Security Knowledge Framework - Chatbot machine learning feature==<br />
<br />
=== Brief Explanation ===<br />
We want to create a SKF Chatbot service using the knowledge already inside SKF like the knowledge base items, code examples and the security controls like ASVS and PCI DSS.<br />
<br />
The chatbot service and core of this new feature can be consumed by website’s as an addon, IDE of developers and website chat channels like Gitter.im.<br />
<br />
The core of the SKF Chatbot will be using machine learning to accomplish the hard task of correlating data and merging different sources as a response/answer.<br />
<br />
=== Expected Results ===<br />
# A Defined Knowledge Base (Data Structure / DB) which can be used to define and search for entities. For example: if a query is:<br />
## How to mitigate CSRF in PHP the system should be able to understand or translate it to: {How: intent} to {mitigate: solution} {CSRF: attack} in {PHP: programming language} This kind of query can be further user to fetch right information in the knowledge base and provide right solution (code example) for mitigating CSRF in PHP.<br />
## What is CSRF? the system should be able to understand or translate it to: {What: intent} is {CSRF: attack/defense} This kind of query can be further user to fetch right information in the knowledge base that explains CSRF and provide the security control from example ASVS<br />
# An ETL process to convert existing SKF Knowledge data and ASVS data to above mentioned data structure.<br />
# A Chatbot (using existing frameworks) to:<br />
## Understand at least two intent like (How to, What is …..) and be able to enrich the user query as mentioned above.<br />
## Based on enriched query fetch relevant information from knowledge base and return.<br />
# An integration to some chat system like Gitter.im, IRC, Slack etc.<br />
<br />
=== Knowledge Prerequisites ===<br />
* Programming languages:<br />
** OWASP-SKF API is build in Python 3.6/3.7<br />
** OWASP-SKF Frontend is build with Angular 4 TS<br />
* Machine learning enthusiastic/interest<br />
<br />
=== Proposal from student ===<br />
* We want to ask from the student to write a proposal on how to approach the problem we described.<br />
'''Mentors''':<br />
<br />
Riccardo ten Cate [mailto:riccardo.ten.cate@owasp.org] Glenn ten Cate [mailto:glenn.ten.cate@owasp.org] Minhaz [mailto:minhaz@owasp.org]<br />
<br />
==OWASP Nettacker==<br />
===Brief Explanation===<br />
OWASP Nettacker project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
if you need more details please visit the [https://github.com/viraintel/OWASP-Nettacker GitHub page] or contact a leader([mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:reza.espargham@owasp.org Reza Espargham]).<br />
<br />
===Getting started===<br />
<br />
* You may read the available documents in the [https://github.com/viraintel/OWASP-Nettacker/wiki wiki page]. Developers and users documents are separated.<br />
<br />
'''A Better Penetration Testing Automated Framework'''<br />
<br />
===Expected Results===<br />
The expected results are to contribute the OWASP Nettacker framework [https://github.com/viraintel/OWASP-Nettacker/issues issues] (mostly help wanted or enhancement). Please check the GitHub repo to learn more.<br />
<br />
===Knowledge Prerequisites===<br />
<br />
* The whole framework was written in Python language. You must be familiar with Python 2.x, 3.x.<br />
* Good knowledge of computer security (and penetration testing)<br />
* Knowledge of OS (Linux, Windows, Mac...) and Services<br />
* Familiar with IDS/IPS/Firewalls and ...<br />
* To develop the API you should be familiar with HTTP, Database...<br />
<br />
===Mentors===<br />
Mentors are: [mailto:ali.razmjoo@owasp.org Ali Razmjoo Qalaei], [mailto:abiusx@owasp.org Abbas Naderi Afooshteh], [mailto:sriharsha.g15@iiits.in SRI HARSHA Gajavalli]<br />
<br />
==OWASP OWTF==<br />
'''[https://github.com/owtf/owtf Offensive Web Testing Framework (OWTF)]''' is a project focused on penetration testing efficiency and alignment of security tests to security standards like the OWASP Testing Guide (v3 and v4), the OWASP Top 10, PTES and NIST. Most of the ideas below focus on rewrite of some major components of OWTF to make it more modular. OWTF is moving to a fresh codebase with a fully Docker testing and deployment environment. If you want to get a jumpstart, check out https://github.com/owtf/owtf/tree/new-arch.<br />
===OWASP OWTF - MiTM proxy interception and replay capabilities===<br />
'''Brief Explanation:'''<br />
<br />
The OWTF man-in-the-middle proxy is written completely in Python (based on the excellent Tornado framework) and was benchmarked to be the fastest MiTM python proxy. However it lacks the useful and much need interception and replay capabilities of mitmproxy (https://github.com/mitmproxy/mitmproxy).<br />
<br />
The current implementation of the MiTM proxy serves its purpose very well. Its fast but its not extensible. There are a number of good use cases for being extensible<br />
*ability to intercept the transactions<br />
*modify or replay transaction on the fly<br />
*add additional capabilities to the proxy (such as session marking/changing) without polluting the main proxy code<br />
Bonus:<br />
*Design and implement a proxy plugin (middleware) architecture so that the plugins can be defined separately and the user can choose what plugins to include dynamically (from the web interface).<br />
*Replace the current Requester (based on urllib, urllib2) with a more robust Requester based on the new urllib3 with support for a real headless browser factory. The typical flow when requested for an authenticated browser instance (using PhantomJS)<br />
<br />
*The "Requester" module checks if there is any login parameters provided (i.e form-based or script - look at https://github.com/owtf/login-sessions-plugin)<br />
*Create a browser instance and do the necessary login procedure<br />
*Handle the browser for the URI<br />
*When called to close the browser, do a clean logout and kill the browser instance.<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
'''Knowledge Prerequisite:''' Python proficiency, some previous exposure to security concepts and penetration testing is welcome but not strictly necessary as long as there is will to learn.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - Web interface enhancements===<br />
'''Brief explanation:'''<br />
<br />
The current web interface is a mixture of Tornado Jinja templates and ReactJS. A complete UI change to a stable ReactJS-based interface should be the deliverable for this project. Most of the hard part for the change has already been done and added in a separate branch at https://github.com/owtf/owtf/tree/develop.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT:Clean, maintainable (ES6 compatible and using recommended design patterns) React (JavaScript) code. ([https://github.com/getsentry/zeus/tree/master/webapp This] is a good example!)'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Python (reading API source code and endpoints), React.JS (high proficiency) and general JavaScript proficiency.<br />
<br />
'''OWASP OWTF Mentors:''' Contact: [mailto:Abraham.Aranguren@owasp.org Abraham Aranguren][mailto:viyat.bhalodia@owasp.org Viyat Bhalodia][mailto:bharadwaj.machiraju@gmail.com Bharadwaj Machiraju] OWASP OWTF Project Leaders<br />
===OWASP OWTF - New plugin architecture===<br />
'''Brief explanation:'''<br />
<br />
The current plugin system is not very useful and it is painful to browse many plugins. Most of the plugins do have much code and most of is repeated - much refactoring needed there.<br />
<br />
This issue is documented in detail at https://github.com/owtf/owtf/issues/905.<br />
<br />
For background on OWASP OWTF please see: https://www.owasp.org/index.php/OWASP_OWTF<br />
<br />
'''Expected results:'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: [https://github.com/7a/owtf/wiki/Contributor%27s-README OWTF contributor README compliant code]'''<br />
*'''IMPORTANT: [http://sphinx-doc.org/ Sphinx-friendly python comments] [http://owtf.github.io/ptp/_modules/ptp/tools/w3af/parser.html#W3AFXMLParser example Sphinx-friendly python comments here]'''<br />
*CRITICAL: Excellent reliability<br />
*Good performance<br />
*Unit tests / Functional tests<br />
*Good documentation<br />
<br />
== OWASP CSRF Protector ==<br />
[[CSRFProtector Project|OWASP CSRF Protector Project]] is a project started with the goal to help developer to mitigate CSRF in web applications with ease. It's based on [[Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet|Synchronizer Token Pattern]] and leverages an injected java-script code to provide CSRF mitigation without much developer intervention. So far it has been implemented as a [https://github.com/mebjas/CSRF-Protector-PHP PHP Library] and an [[CSRFProtector Project|Apache 2.2.x module]]. Although different libraries and frameworks provide CSRF mitigation these days - all of them require developer to explicitly inject tokens with every form. <br />
===OWASP CSRF Protector - Extending the design as a python package to work with Flask and an Express JS (Node.JS) middleware===<br />
'''Brief explanation:'''<br />
<br />
The design of CSRF Protector involves a server side middle-ware that intercepts every incoming request and validates them for CSRF attacks. If the validation is successful the flow of control goes to business logic and the tokens are refreshed. In case of failed validation configured actions are taken. Post that, another middle ware takes care of injecting a JavaScript code (refer [https://github.com/mebjas/CSRF-Protector-PHP/blob/master/js/csrfprotector.js CSRF Protector PHP JS Code]) to HTML output. On the client side this code ensures that, for every request that require validation - the correct token is sent along with the request.<br />
<br />
Check [https://github.com/mebjas/CSRF-Protector-PHP/wiki GitHub Wiki] for some reference;<br />
<br />
The goal of this project would be to:<br />
# Port this design to a python module that can be used easily with Flask - [https://github.com/mebjas/CSRF-Protector-py/projects/1?add_cards_query=is%3Aopen Kanban Board]<br />
# Port this design to a node js module that can work well with express js (a popular Node.JS based framework). - [https://github.com/mebjas/CSRF-Protector-JS Initial Repo Link]<br />
# Fix some outstanding issues with java-script code used in library: [https://github.com/mebjas/CSRF-Protector-PHP/issues?q=is%3Aopen+is%3Aissue+label%3AJS Issues] <br />
'''Expected results:'''<br />
*'''IMPORTANT: Clean, maintainable (ES6 compatible and using recommended design patterns) in case of Node.JS'''<br />
*'''IMPORTANT: [http://legacy.python.org/dev/peps/pep-0008/ PEP-8 compliant code] in all modified code and surrounding areas.'''<br />
*'''IMPORTANT: Thoroughly documented code along with API examples and example future components.'''<br />
*'''CRITICAL''': Excellent reliability and performance.<br />
*Unit tests / Functional tests and easy to setup testing environment (preferably automated).<br />
'''Knowledge Prerequisite:''' Javascript (Client Side), Python (having worked with flask preferable), Node.JS (having worked with node.js and middle wares preferable)<br />
<br />
'''Mentors:''' Contact: [mailto:minhaz@owasp.org;minhazv@microsoft.com Minhaz A V]<br />
== OWASP BLT (Bug Logging Tool) ==<br />
===Brief Explanation:===<br />
<br />
BLT lets anyone report issues they find on the internet. Found something out of place on Amazon.com ? Let them know. Companies are held accountable and shows their response time and history. Get points for reporting bugs and help keep the internet bug free.<br />
<br />
Check OWASP WIKI PAGE [https://www.owasp.org/index.php/OWASP_Bug_Logging_Tool] for some reference;<br />
<br />
===Expected Results:===<br />
* Fuse app to allow easy bug reporting from phone.<br />
* BUG cryptocurrency rewarded for each bug reported - requires a way to verify bugs are valid and not duplicates<br />
* Allow for companies to do private (paid) bug bounties<br />
* allow for bug reporting via email <br />
* build a referral program<br />
* integrate an idea / suggestion feature<br />
<br />
===Knowledge Prerequisite:===<br />
BLT is written in Python / Django, so a good knowledge of this language and framework is recommended, as is knowledge of HTML. Some knowledge of application security would be useful, but not essential. Fusetools will be used for the app and C++ (Bitcoin based) or Ethereum will be used for the cryptocurrency part.<br />
<br />
===Proposals from student:===<br />
* Proposal on new features <br />
* Recommendations on how to use social applications to promote OWASP BLT<br />
<br />
'''Mentors:'''<br />
* Sean Auriti [https://www.owasp.org/index.php/User:Sauriti Sean Auriti] [mailto:sean.auriti@owasp.org @] <br />
* Sourav Badami [https://www.owasp.org/index.php/User:Souravbadami Sourav Badami] [mailto:souravbadami@gmail.com @]<br />
<br />
==OWASP RailsGoat - 2017 OWASP Top Ten==<br />
<br />
===Brief Explanation:===<br />
Add support for multiple OWASP Top Ten versions, such as 2017 and 2010.<br />
Currently RailsGoat supports only the 2013 version of OWASP Top Ten.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that supports additional version(s) of OWASP Top Ten<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 305 [https://github.com/OWASP/railsgoat/issues/305] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, Mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Capture-The-Flag RailsGoat Image Creation Automation==<br />
<br />
===Brief Explanation:===<br />
Create automation to build a Capture-The-Flag competition (CTF) image (VM, ISO, etc) which contains everything needed, such as [Operating System, Rails Stack, RailsGoat], so RailsGoat can easily be used in more Capture-The-Flag competitions.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that automates the process of building RailsGoat CTF images.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 306 [https://github.com/OWASP/railsgoat/issues/306] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* Some background in creating VMs/ISOs would be helpful.<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Matt Robinson [mailto:brimstone@the.narro.ws] - OWASP RailsGoat Mentor<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Merge "Security on Rails" book's lunchedin examples into RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Merge "Security on Rails" book's lunchedin examples into RailsGoat. Need to get permission from publisher. @jasnow got permission previously.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* More teaching RailsGoat examples based on "Security on Rails" book's lunchedin project.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 307 [https://github.com/OWASP/railsgoat/issues/307] has more details. <br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security<br />
would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Add Devise Gem Support and Vulnerabilities to RailsGoat==<br />
<br />
===Brief Explanation:===<br />
Add Devise Support to RailsGoat along with adding Devise-related vulnerabilities.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* Using Devise gem inside RailsGoat plus Devise-related vulnerabilities.<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
* We have created a dedicated wiki for the OWASP GSOC initiative: https://github.com/OWASP/railsgoat/wiki/RailsGoat-Summer-of-Code-Type-Project-Information<br />
* Issue 207 [https://github.com/OWASP/railsgoat/issues/207] and * Issue 243 [https://github.com/OWASP/railsgoat/issues/243] has more details.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
==OWASP RailsGoat - Your Idea==<br />
<br />
===Brief Explanation:===<br />
RailsGoat is a great framework for learning about OWASP Top 10 2013 using a vulnerable version of the Ruby on Rails (versions 3 to 5), as well as some "extras" that the initial project contributors felt worthwhile to share. This project is designed to educate both developers, as well as security professionals. Feel free to check out the [Railsgoat Github site](https://github.com/OWASP/railsgoat) for more details. If you have an idea that is not on this list then don't worry, you can still submit it.<br />
<br />
===Expected Results:===<br />
* Wonderful experience for Student Developers, Mentors, and Technical Advisors<br />
* A new feature that makes RailsGoat even better<br />
* Code that conforms to our Development Rules and Guidelines<br />
<br />
=== Needs: ===<br />
* Student Developers<br />
<br />
===Getting Started===<br />
* Have a look at the RailsGoat https://github.com/OWASP/railsgoat/blob/master/README.md file, especially the 'Getting Started' section. We like to see student developers who have already contributed to RailsGoat, so try fixing one of the bugs.<br />
<br />
===Knowledge Prerequisite:===<br />
* RailsGoat is written in Ruby and Ruby-on-Rails, so a good knowledge of this language ecosystem is recommended. Some knowledge of application security would be useful, but not essential.<br />
'''Mentors:'''<br />
* Frank Rietta [mailto:frank@rietta.com] - OWASP RailsGoat Mentor<br />
* [https://www.owasp.org/index.php/User:Ken Ken Johnson @] - OWASP RailsGoat "Technical Advisor, mentor"<br />
* John Poulin [mailto:john.m.poulin@gmail.com] - OWASP RailsGoat Mentor<br />
* Al Snow [mailto:jasnow@hotmail.com] - OWASP RailsGoat Project Coordinator<br />
<br />
<br />
= OHP (OWASP Honeypot) =<br />
<br />
OWASP Honeypot is an open source software in Python language which designed for creating honeypot and honeynet in an easy and secure way! This project is compatible with Python 2.x and 3.x and tested on Windows, Mac OS X and Linux.<br />
<br />
== Getting Start ==<br />
<br />
It's best to start from [https://github.com/zdresearch/OWASP-Honeypot/wiki GitHub wiki page], we are looking forward to add more modules and optimize the core.<br />
<br />
== Technologies ==<br />
<br />
Currently we are using<br />
<br />
* Docker<br />
* Python<br />
* MongoDB<br />
* TShark<br />
* Flask<br />
* ChartJS<br />
* And more linux services<br />
<br />
== Expected Results ==<br />
...<br />
<br />
== Roadmap ==<br />
<br />
...<br />
<br />
== Students Requirements ==<br />
<br />
...<br />
<br />
== Mentors and Leaders ==<br />
<br />
...</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_ZSC_Tool_Project&diff=242517OWASP ZSC Tool Project2018-08-14T19:24:26Z<p>Ali Razmjoo: events</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP ZSC Tool Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
'''Donate to OWASP ZSC''' {{#widget:PayPal Donation |target=_blank |budget=OWASP ZSC }}<br />
<br />
====What is OWASP ZSC ?====<br />
http://zsc.z3r0d4y.com/images/Snapshot_2015-07-26_191951-half.png<br />
<br />
'''OWASP ZSC''' is an open source software in Python language which lets you '''generate customized shellcodes''' and '''convert scripts to an obfuscated script'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
[[File:Zsc1.png|200px]]<br />
<br />
==Description==<br />
====Usage of shellcodes====<br />
<br />
Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
====Usage of Obfuscate Codes====<br />
<br />
Can be used for bypassing antiviruses, code protections, same stuff etc … <br />
<br />
====Why use OWASP ZSC ?====<br />
<br />
Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators.<br />
Anti-virus work with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.<br />
<br />
Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.<br />
<br />
According to other shellcode generators same as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect.<br />
OWASP ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP ZSC one of the best! <br />
During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods.<br />
We are working on the next version that will allow you to generate OSX.<br />
<br />
==Licensing==<br />
<br />
====GNU GENERAL PUBLIC LICENSE , Version 3, 29 June 2007====<br />
<br />
Copyright (C) 2007 Free Software Foundation, Inc. http://fsf.org/ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [https://github.com/Ali-Razmjoo/OWASP-ZSC/blob/master/LICENSE.md Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact it is encouraged!!!<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
== Project Leaders ==<br />
* [https://www.owasp.org/index.php/User:Ali_Razmjoo Ali Razmjoo]<br />
<br />
* [https://www.owasp.org/index.php/User:Johanna_Curiel Johanna Curiel]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [http://pratikpatelp.blogspot.in Pratik Patel] (Google Summer of Code student 2016) <br />
* [https://codemaxx.github.io Akash Trehan] (CodeMaxx)<br />
* [https://paraschetal.in Paras Chetal] (Gsoc candidate 2016)<br />
* Brian Beaudry (Gsoc Mentor 2016)<br />
* Hamid Zamani (HAMIDx9)<br />
<br />
== Links ==<br />
<br />
* [http://api.z3r0d4y.com/ API]<br />
* [https://github.com/Ali-Razmjoo/OWASP-ZSC Project on Github]<br />
* [https://groups.google.com/d/forum/owasp-zsc Mailing List]<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Home]<br />
* [https://www.openhub.net/p/OWASP-ZSC OpenHub]<br />
* [http://zsc.z3r0d4y.com/table.html Last Version Features]<br />
* [http://zsc.z3r0d4y.com/wiki Wiki]<br />
* [http://zsc.z3r0d4y.com/download Download]<br />
* [https://github.com/Ali-Razmjoo/ZCR-Shellcoder-Archive Archive]<br />
<br />
== Shellcode Generating ==<br />
With using '''OWASP ZSC''' you would be able to generate any customized '''Shellcode''' in your mind including encodes and Disassembly code in few seconds.<br />
<br />
== Be an OWASP ZSC developer ==<br />
* [https://www.owasp.org/index.php?title=OWASP_ZSC_Tool_Project&action=submit#Developers Quick Developing Help]<br />
<br />
== Last Tricks in Home ==<br />
* [http://zsc.z3r0d4y.com/blog/archives/ All Tricks]<br />
* [http://zsc.z3r0d4y.com/blog/2015/08/01/generate-pe-file-with-zsc-shellcodes/ Shellcode to PE File]<br />
* [http://zsc.z3r0d4y.com/blog/2015/07/27/video-how-to-install-and-generate-shellcode-using-zsc/ Video: Install&Generate Shellcode]<br />
<br />
==Related links==<br />
*[https://www.youtube.com/watch?v=nkx0HQhYdmY| Appsec Presentation 2013 Beef and Custome shellcodes]<br />
*[https://www.owasp.org/index.php/File:Introduction_to_shellcode_development.pdf| Introduction to Shellcode Development]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zscproject/OWASP-ZSC Github Page.]<br />
<br />
[http://zsc.z3r0d4y.com/download/ Download Page.]<br />
<br />
* [https://github.com/zscproject/OWASP-ZSC/zipball/master .zip file.]<br />
* [https://github.com/zscproject/OWASP-ZSC/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
* [https://www.owasp.org/index.php/Iran#tab=Past_Events OWASP Nettacker Presented By Ali Razmjoo in OWASP Iran Chapter Meeting July 2018]<br />
* [https://www.owasp.org/index.php/OWASP_Code_Sprint_2017#OWASP_ZSC OWASP ZSC in OWASP Code Sprint 2017]<br />
* [http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/ OWASP ZSC Selected as Top 10 Security tools in 2016 By ToolsWatch]<br />
* [https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k OWASP ZSC Presented in OFFSECONF 2016]<br />
* [https://www.blackhat.com/eu-16/arsenal.html#brian-beaudry Been Selected for Blackhat EU Arsenal 2016]<br />
* [https://www.defcon.org/html/defcon-24/dc-24-demolabs.html#Curiel OWASP ZSC has been selected for Defcon Demo Lab 2016]<br />
* [https://summerofcode.withgoogle.com/archive/2016/projects/5969824152813568/ OWASP ZSC applied and was selected to participate in the Google Summer of Code 2016]<br />
* [https://www.linkedin.com/pulse/lessons-from-cyber-underworld-how-understand-software-ali-razmjoo Press Release 12th February 2015 ]<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Version 1.0.9.1 Released!]<br />
* [https://github.com/longld/peda OWASP ZSC in GDB-PEDA]<br />
<br />
== Docs ==<br />
* [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc Developers and Users Documents].<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Home]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
To see full guides please visit our [http://zsc.z3r0d4y.com/wiki wiki page].<br />
<br />
====Help Menu====<br />
<br />
'''PLEASE CLICK [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc HERE] TO SEE FULL DEVELOPERS AND USERS DOCUMENTS'''<br />
<br />
<br />
======OWASP ZSC Project======<br />
<br />
<br />
OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under python.<br />
<br />
<br />
======Usage of shellcodes======<br />
<br />
<br />
Shellcodes are small codes in Assembly Languagewhich could be used as the payload in software exploiting. Other usages are in malwares, bypassing anti viruses, obfuscated codes and etc.<br />
<br />
<br />
======Usage of Obfuscate Codes======<br />
<br />
<br />
Can be used for bypassing antiviruses, code protections, same stuff etc … <br />
<br />
<br />
======Why use OWASP ZSC ?======<br />
<br />
<br />
According to other shellcode generators such as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shell codes with random encodes that allows you to generate thousands of new dynamic shell codes with the same job in just a second, it means you will not get the same code if you use random encodes with the same commands, and that makes OWASP ZSC one of the best! <br />
OWASP ZSC can generate shellcode for Linux and Windows _x86<br />
Upcoming features will allow generating shellcodes for OSX <br />
And new encodes for the code obfuscation.<br />
<br />
======User Guides======<br />
<br />
To run '''OWASP ZSC''', You need to install python `2.x|3.x` on your operation system `Windows|Linux|OSX`, Then it could be run directly with executing `zsc.py` or run the software after you installed it! To see the user manuals, Please follow the next steps!<br />
<br />
<br />
======Generating Shellcode======<br />
<br />
Via `zsc` command, you are able to enter the software [or run python zsc.py if you don’t want to install it], Then you can have a list of menu with entering `help`. You can have your choices with pressing `tab` key on each step. To generate shellcode, you have to type `shellcode` and then press enter, after that, you can see what’s available in `shellcode` section. There is `generate` , `search` and `download` choices in here which use for `generate shellcodes`, `search` and `download` shellcode from shellstorm. To generate a shellcode, type `generate` and press enter, after that with a `tab` key, you can have list of operation systems available in there. With pressing `tab` key again, functions will be shown for you in this step [ such as `exec` ,`systm`,`write` and `etc`]. choose your function by writing the name `example: exec` and press inter. In the next section you have to fill the argv of function which exec() function have one `example: exec("/bin/bash")`, all you need in this section is pressing a `tab` and then `enter` key, software will automatically ask you for function argv. Fill them and next section software will ask you for shellcode type which can be `none` or choose one of listed encoding types. After entering that, your shellcode is ready!<br />
There is one more way to have a shellcode from software, which is using shellstorm API. Following the `shellcode`, and then `search` commands to search for a shellcode. After that shellcodes will be listed for you with title name , ID and etc. you can download them with following `shellcode` and then `download` command to download them with the ID which shown to you in the past section! For canceling each section, you can use `restart` command to restart the software and start new task!<br />
<br />
<br />
======Generating Obfuscate Code======<br />
<br />
With the following `obfuscate` command, you can begin the step for obfuscating a code. With a `tab` key , you can see the list of languages along with the obfuscating module ready. After choosing the language software will ask you for a filename which is a filename of file you want to obfuscate that! Next step software will ask you for encode type. With a `tab` key list the encode modules and choose your encode name. your file rewrited and converted to a obfuscate with encode type you chosen. And do not worry about your original code, it’s saved in file as a comment!<br />
<br />
Please click '''[https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc HERE]''' to read more!<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
'''Installation'''<br />
Go to download page, and download last version in github. Extract and run installer.py, then you are able to run software with OWASP ZSC command or you can directly execute zsc.py without installing it.or you can follow these commands to install the last version:<br />
<br />
<pre><nowiki>wget https://github.com/Ali-Razmjoo/OWASP-ZSC/archive/master.zip -O owasp-zsc.zip && unzip owasp-zsc.zip && <br />
rm -rf owasp-zsc.zip && mv OWASP-ZSC-master owasp-zsc && cd owasp-zsc && python installer.py</nowiki></pre><br />
<br />
<br />
http://zsc.z3r0d4y.com/images/Snapshot_2015-07-27_114843.png<br />
<br />
<br />
'''Note''': Software could be '''uninstall''' with executing '''uninstaller.py'''<br />
<br />
'''Note''': Software installation directory is "'''/usr/share/owasp-zsc'''"<br />
<br />
'''Note''': <strong>OWASP ZSC</strong> Tool could be execute on <strong>Linux</strong> and <strong>Python 2.7.x </strong>is required.<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>August, 2016, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Develop future [http://zsc.z3r0d4y.com/table.html features] list , Add Operation Systems and new encode types<br />
* Planing for activate features<br />
* Build ZSC API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the ZSC Tool Project provide feedback<br />
* Incorporate feedback into changes in the Tool Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
OWASP ZSC could be improving with handling module [http://zsc.z3r0d4y.com/table.html features]. MVP of this project is build and active the first module which could be usable to generate/encode Shellcode which already some of them [modules] activated.<br />
<br />
Highest usage of OWASP ZSC Tool could be when users are able to use all [http://zsc.z3r0d4y.com/table.html features] with best User Interface and <strong>API</strong> performance.<br />
https://www.owasp.org/images/3/33/Zsc.png<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
==Developers==<br />
Architect & Creator: Ali Razmjoo<br />
* Pratik Patel (Google Summer of Code student 2016)<br />
* Akash Trehan (CodeMaxx)<br />
* Paras Chetal (Google Summer of Code candidate 2016)<br />
* Hamid Samani (HAMIDx9)<br />
<br />
==Testers ==<br />
*Johanna Curiel<br />
*Brian Beaudry<br />
<br />
===Be an OWASP ZSC developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zscproject/OWASP-ZSC/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-zsc-tool-project@lists.owasp.org mail us]. do not forget to register on our [https://lists.owasp.org/mailman/listinfo/owasp-zsc-tool-project mailing list].<br />
<br />
'''AND DON'T FORGET TO READ [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc DEVELOPERS DOCUMENTS]'''<br />
<br />
Also this [https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details GitBook]<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_ZSC_Tool_Project}}<br />
<br />
<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Breakers]] [[Category:OWASP_Code]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_ZSC_Tool_Project&diff=242515OWASP ZSC Tool Project2018-08-14T19:23:57Z<p>Ali Razmjoo: event</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP ZSC Tool Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
'''Donate to OWASP ZSC''' {{#widget:PayPal Donation |target=_blank |budget=OWASP ZSC }}<br />
<br />
====What is OWASP ZSC ?====<br />
http://zsc.z3r0d4y.com/images/Snapshot_2015-07-26_191951-half.png<br />
<br />
'''OWASP ZSC''' is an open source software in Python language which lets you '''generate customized shellcodes''' and '''convert scripts to an obfuscated script'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
[[File:Zsc1.png|200px]]<br />
<br />
==Description==<br />
====Usage of shellcodes====<br />
<br />
Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
====Usage of Obfuscate Codes====<br />
<br />
Can be used for bypassing antiviruses, code protections, same stuff etc … <br />
<br />
====Why use OWASP ZSC ?====<br />
<br />
Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators.<br />
Anti-virus work with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.<br />
<br />
Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.<br />
<br />
According to other shellcode generators same as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect.<br />
OWASP ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP ZSC one of the best! <br />
During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods.<br />
We are working on the next version that will allow you to generate OSX.<br />
<br />
==Licensing==<br />
<br />
====GNU GENERAL PUBLIC LICENSE , Version 3, 29 June 2007====<br />
<br />
Copyright (C) 2007 Free Software Foundation, Inc. http://fsf.org/ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [https://github.com/Ali-Razmjoo/OWASP-ZSC/blob/master/LICENSE.md Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact it is encouraged!!!<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
== Project Leaders ==<br />
* [https://www.owasp.org/index.php/User:Ali_Razmjoo Ali Razmjoo]<br />
<br />
* [https://www.owasp.org/index.php/User:Johanna_Curiel Johanna Curiel]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [http://pratikpatelp.blogspot.in Pratik Patel] (Google Summer of Code student 2016) <br />
* [https://codemaxx.github.io Akash Trehan] (CodeMaxx)<br />
* [https://paraschetal.in Paras Chetal] (Gsoc candidate 2016)<br />
* Brian Beaudry (Gsoc Mentor 2016)<br />
* Hamid Zamani (HAMIDx9)<br />
<br />
== Links ==<br />
<br />
* [http://api.z3r0d4y.com/ API]<br />
* [https://github.com/Ali-Razmjoo/OWASP-ZSC Project on Github]<br />
* [https://groups.google.com/d/forum/owasp-zsc Mailing List]<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Home]<br />
* [https://www.openhub.net/p/OWASP-ZSC OpenHub]<br />
* [http://zsc.z3r0d4y.com/table.html Last Version Features]<br />
* [http://zsc.z3r0d4y.com/wiki Wiki]<br />
* [http://zsc.z3r0d4y.com/download Download]<br />
* [https://github.com/Ali-Razmjoo/ZCR-Shellcoder-Archive Archive]<br />
<br />
== Shellcode Generating ==<br />
With using '''OWASP ZSC''' you would be able to generate any customized '''Shellcode''' in your mind including encodes and Disassembly code in few seconds.<br />
<br />
== Be an OWASP ZSC developer ==<br />
* [https://www.owasp.org/index.php?title=OWASP_ZSC_Tool_Project&action=submit#Developers Quick Developing Help]<br />
<br />
== Last Tricks in Home ==<br />
* [http://zsc.z3r0d4y.com/blog/archives/ All Tricks]<br />
* [http://zsc.z3r0d4y.com/blog/2015/08/01/generate-pe-file-with-zsc-shellcodes/ Shellcode to PE File]<br />
* [http://zsc.z3r0d4y.com/blog/2015/07/27/video-how-to-install-and-generate-shellcode-using-zsc/ Video: Install&Generate Shellcode]<br />
<br />
==Related links==<br />
*[https://www.youtube.com/watch?v=nkx0HQhYdmY| Appsec Presentation 2013 Beef and Custome shellcodes]<br />
*[https://www.owasp.org/index.php/File:Introduction_to_shellcode_development.pdf| Introduction to Shellcode Development]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zscproject/OWASP-ZSC Github Page.]<br />
<br />
[http://zsc.z3r0d4y.com/download/ Download Page.]<br />
<br />
* [https://github.com/zscproject/OWASP-ZSC/zipball/master .zip file.]<br />
* [https://github.com/zscproject/OWASP-ZSC/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
* OWASP Nettacker Presented By Ali Razmjoo in OWASP Iran Chapter Meeting July 2018 [https://www.owasp.org/index.php/Iran#tab=Past_Events 1]<br />
* [https://www.owasp.org/index.php/OWASP_Code_Sprint_2017#OWASP_ZSC OWASP ZSC in OWASP Code Sprint 2017]<br />
* [http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/ OWASP ZSC Selected as Top 10 Security tools in 2016 By ToolsWatch]<br />
* [https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k OWASP ZSC Presented in OFFSECONF 2016]<br />
* [https://www.blackhat.com/eu-16/arsenal.html#brian-beaudry Been Selected for Blackhat EU Arsenal 2016]<br />
* [https://www.defcon.org/html/defcon-24/dc-24-demolabs.html#Curiel OWASP ZSC has been selected for Defcon Demo Lab 2016]<br />
* [https://summerofcode.withgoogle.com/archive/2016/projects/5969824152813568/ OWASP ZSC applied and was selected to participate in the Google Summer of Code 2016]<br />
* [https://www.linkedin.com/pulse/lessons-from-cyber-underworld-how-understand-software-ali-razmjoo Press Release 12th February 2015 ]<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Version 1.0.9.1 Released!]<br />
* [https://github.com/longld/peda OWASP ZSC in GDB-PEDA]<br />
<br />
== Docs ==<br />
* [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc Developers and Users Documents].<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Home]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
To see full guides please visit our [http://zsc.z3r0d4y.com/wiki wiki page].<br />
<br />
====Help Menu====<br />
<br />
'''PLEASE CLICK [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc HERE] TO SEE FULL DEVELOPERS AND USERS DOCUMENTS'''<br />
<br />
<br />
======OWASP ZSC Project======<br />
<br />
<br />
OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under python.<br />
<br />
<br />
======Usage of shellcodes======<br />
<br />
<br />
Shellcodes are small codes in Assembly Languagewhich could be used as the payload in software exploiting. Other usages are in malwares, bypassing anti viruses, obfuscated codes and etc.<br />
<br />
<br />
======Usage of Obfuscate Codes======<br />
<br />
<br />
Can be used for bypassing antiviruses, code protections, same stuff etc … <br />
<br />
<br />
======Why use OWASP ZSC ?======<br />
<br />
<br />
According to other shellcode generators such as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shell codes with random encodes that allows you to generate thousands of new dynamic shell codes with the same job in just a second, it means you will not get the same code if you use random encodes with the same commands, and that makes OWASP ZSC one of the best! <br />
OWASP ZSC can generate shellcode for Linux and Windows _x86<br />
Upcoming features will allow generating shellcodes for OSX <br />
And new encodes for the code obfuscation.<br />
<br />
======User Guides======<br />
<br />
To run '''OWASP ZSC''', You need to install python `2.x|3.x` on your operation system `Windows|Linux|OSX`, Then it could be run directly with executing `zsc.py` or run the software after you installed it! To see the user manuals, Please follow the next steps!<br />
<br />
<br />
======Generating Shellcode======<br />
<br />
Via `zsc` command, you are able to enter the software [or run python zsc.py if you don’t want to install it], Then you can have a list of menu with entering `help`. You can have your choices with pressing `tab` key on each step. To generate shellcode, you have to type `shellcode` and then press enter, after that, you can see what’s available in `shellcode` section. There is `generate` , `search` and `download` choices in here which use for `generate shellcodes`, `search` and `download` shellcode from shellstorm. To generate a shellcode, type `generate` and press enter, after that with a `tab` key, you can have list of operation systems available in there. With pressing `tab` key again, functions will be shown for you in this step [ such as `exec` ,`systm`,`write` and `etc`]. choose your function by writing the name `example: exec` and press inter. In the next section you have to fill the argv of function which exec() function have one `example: exec("/bin/bash")`, all you need in this section is pressing a `tab` and then `enter` key, software will automatically ask you for function argv. Fill them and next section software will ask you for shellcode type which can be `none` or choose one of listed encoding types. After entering that, your shellcode is ready!<br />
There is one more way to have a shellcode from software, which is using shellstorm API. Following the `shellcode`, and then `search` commands to search for a shellcode. After that shellcodes will be listed for you with title name , ID and etc. you can download them with following `shellcode` and then `download` command to download them with the ID which shown to you in the past section! For canceling each section, you can use `restart` command to restart the software and start new task!<br />
<br />
<br />
======Generating Obfuscate Code======<br />
<br />
With the following `obfuscate` command, you can begin the step for obfuscating a code. With a `tab` key , you can see the list of languages along with the obfuscating module ready. After choosing the language software will ask you for a filename which is a filename of file you want to obfuscate that! Next step software will ask you for encode type. With a `tab` key list the encode modules and choose your encode name. your file rewrited and converted to a obfuscate with encode type you chosen. And do not worry about your original code, it’s saved in file as a comment!<br />
<br />
Please click '''[https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc HERE]''' to read more!<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
'''Installation'''<br />
Go to download page, and download last version in github. Extract and run installer.py, then you are able to run software with OWASP ZSC command or you can directly execute zsc.py without installing it.or you can follow these commands to install the last version:<br />
<br />
<pre><nowiki>wget https://github.com/Ali-Razmjoo/OWASP-ZSC/archive/master.zip -O owasp-zsc.zip && unzip owasp-zsc.zip && <br />
rm -rf owasp-zsc.zip && mv OWASP-ZSC-master owasp-zsc && cd owasp-zsc && python installer.py</nowiki></pre><br />
<br />
<br />
http://zsc.z3r0d4y.com/images/Snapshot_2015-07-27_114843.png<br />
<br />
<br />
'''Note''': Software could be '''uninstall''' with executing '''uninstaller.py'''<br />
<br />
'''Note''': Software installation directory is "'''/usr/share/owasp-zsc'''"<br />
<br />
'''Note''': <strong>OWASP ZSC</strong> Tool could be execute on <strong>Linux</strong> and <strong>Python 2.7.x </strong>is required.<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>August, 2016, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Develop future [http://zsc.z3r0d4y.com/table.html features] list , Add Operation Systems and new encode types<br />
* Planing for activate features<br />
* Build ZSC API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the ZSC Tool Project provide feedback<br />
* Incorporate feedback into changes in the Tool Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
OWASP ZSC could be improving with handling module [http://zsc.z3r0d4y.com/table.html features]. MVP of this project is build and active the first module which could be usable to generate/encode Shellcode which already some of them [modules] activated.<br />
<br />
Highest usage of OWASP ZSC Tool could be when users are able to use all [http://zsc.z3r0d4y.com/table.html features] with best User Interface and <strong>API</strong> performance.<br />
https://www.owasp.org/images/3/33/Zsc.png<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
==Developers==<br />
Architect & Creator: Ali Razmjoo<br />
* Pratik Patel (Google Summer of Code student 2016)<br />
* Akash Trehan (CodeMaxx)<br />
* Paras Chetal (Google Summer of Code candidate 2016)<br />
* Hamid Samani (HAMIDx9)<br />
<br />
==Testers ==<br />
*Johanna Curiel<br />
*Brian Beaudry<br />
<br />
===Be an OWASP ZSC developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zscproject/OWASP-ZSC/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-zsc-tool-project@lists.owasp.org mail us]. do not forget to register on our [https://lists.owasp.org/mailman/listinfo/owasp-zsc-tool-project mailing list].<br />
<br />
'''AND DON'T FORGET TO READ [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc DEVELOPERS DOCUMENTS]'''<br />
<br />
Also this [https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details GitBook]<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_ZSC_Tool_Project}}<br />
<br />
<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Breakers]] [[Category:OWASP_Code]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=242511OWASP Nettacker2018-08-14T19:15:05Z<p>Ali Razmjoo: add contributors link</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders & Mentors & Contributors ==<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:reza.espargham@owasp.org Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
* [mailto:abiusx@owasp.org Abbas Naderi Afooshteh]<br />
* [mailto:sriharsha.g15@ii Sri Harsha Gajavalli]<br />
* [mailto:bran0793@umn.edu Hannah Brand]<br />
* [mailto:shaddygarg1@gmail.com Shaddy Garg]<br />
* [mailto:pradeepjairamani22@gmail.com Pradeep Jairamani]<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mr.zamiri@ieee.org Mohammad Reza Zamiri]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* Click for [https://github.com/zdresearch/OWASP-Nettacker/wiki/Contributors FULL LIST]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki/Events ALL EVENTS AND NEWS]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=Iran&diff=242509Iran2018-08-14T19:09:53Z<p>Ali Razmjoo: </p>
<hr />
<div>= Chapter Information =<br />
{{Chapter Template|chaptername=Iran|extra=The chapter leaders are [mailto:abiusx@owasp.org Abbas Naderi], [mailto:Ali.Razmjoo@owasp.org Ali Ramjoo] and [mailto:Reza.Espargham@owasp.org MohammadReza Espargham].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-iran|emailarchives=http://lists.owasp.org/pipermail/owasp-iran}}<br />
<br />
== Incoming Events ==<br />
OWASP Iran Chapter Meeting (Public Meeting) 2018 - (Details will be published soon)<br />
<br />
=Membership=<br />
== Sponsorship/Membership ==<br />
<br />
[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.<br />
<br />
Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]]<br />
<br />
<br />
= Chapter News =<br />
<br />
==Sponsorship/Membership==<br />
After months of exhaustive work, a new membership approach is available for Iranians. Check the membership tab.<br />
<br />
== Chapter Meeting ==<br />
The next chapter meeting would be in upcoming month. More information in the mailing list and here alter.<br />
<br />
<br />
<br />
= Active Projects =<br />
== OWASP Nettacker ==<br />
'''[https://www.owasp.org/index.php/OWASP_Nettacker OWASP Nettacker]''' project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
== OWASP JoomScan Project ==<br />
'''[https://github.com/rezasp/joomscan OWASP JoomScan]''' (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in Perl programming language to detect Joomla CMS vulnerabilities and analyses them.<br />
<br />
== OWASP VBScan Project ==<br />
<br />
'''[https://www.owasp.org/index.php/OWASP_VBScan_Project OWASP VBScan]''' is an opensource project in Perl programming language to detect VBulletin CMS vulnerabilities and analyses them.<br />
<br />
== OWASP ZSC Project ==<br />
'''[https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project OWASP ZSC]''' is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script.<br />
<br />
= Past Events =<br />
<br />
=== OWASP Iran Chapter Meeting July 2018 ===<br />
OWASP Nettacker, OWASP JoomScan, OWASP VBScan, OWASP ZSC, OWASP Honeypot, OWASP PHP Security, OWASP WebgoatPHP, OWASP RBAC and etc presented in the small meeting, and we decided to organize a public meeting at the end of 2018.<br />
<br />
=== OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity ===<br />
OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity: Opportunities and challenges in Digital Transformation 2018 by Mohammad Reza Zamiri<br />
( [https://github.com/zdresearch/OWASP-Nettacker/tree/master/lib/payload/scanner/ics_honeypot 1] ) ( [https://ics.kaspersky.com/conference/ 2] )<br />
<br />
=== OWASP JoomScan at Blackhat Arsenal - USA 2018 ===<br />
OWASP JoomScan at OWASP Blackhat Arsenal - Las Vegas 2018. This project will present on 8 August 10am to 11:20am by Mohammad Reza Espargham, Babak Amin Azad, Vahid Behzadan. <br />
( [https://www.blackhat.com/us-18/arsenal/schedule/index.html#owasp-joomscan-project-10824 1] ) ( [https://www.blackhat.com/us-18/arsenal.html#owasp-joomscan-project 2] )<br />
<br />
<br />
=== OWASP Nettacker in OWASP Bay Area meetup 2018 ===<br />
OWASP Nettacker Tutorial by at OWASP Bay Area meetup. Thanks to Vahid Behzadan for the presentation and OWASP Bay Area for hosting and sponsoring us. <br />
( [https://www.youtube.com/watch?v=4pu4hJMk6m8 1] )<br />
<br />
<br />
=== OWASP JoomScan at Blackhat Arsenal - Asia 2018 ===<br />
OWASP JoomScan at OWASP Blackhat Arsenal - Singapore 2018. Presented by Mohammad Reza Espargham, Esmaeil Rahimian. and Blackhat for hosting.<br />
( [http://lists.owasp.org/pipermail/owasp-leaders/2018-March/019076.html Experiences and Pictures] ) ( [https://www.blackhat.com/asia-18/arsenal.html#mohammad-reza-espargham 1] ) ( [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-joomscan-project-9875 1] )<br />
<br />
<br />
=== OWASP Nettacker Accepted for Google Summer of Code 2018 ===<br />
( [https://www.owasp.org/index.php/GSOC2018_Ideas 1] ) ( [https://summerofcode.withgoogle.com/organizations/6664778743808000/ 2] ) <br><br />
OWASP Nettacker Video Conference/Webinar for GSoC Team 1 May 2018 - Vahid Behzadan - ML/AI in CyberSecurity ( [https://www.youtube.com/watch?v=7RQH8oECSyg 1] ) <br />
<br />
<br />
=== OWASP Nettacker in OFFSECONF 2017 ===<br />
OWASP Nettacker was introduced in OFFSECONF 2017. ([https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 Experiences and Pictures])<br />
<br />
<br />
=== OWASP VBScan in OFFSECONF 2017 ===<br />
OWASP VBScan presented in OFFSECONF 2017. Click [https://www.owasp.org/index.php/OWASP_VBScan_Project here] for additional information.<br />
<br />
<br />
=== OWASP ZSC in OFFSECONF 2016 ===<br />
OWASP ZSC project presented in OFFSECONF 2016 K. N. Toosi University of Technology in Tehran ([https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k Experiences and Pictures])<br />
<br />
<br />
=== the First National Web Application Security Conference ===<br />
[http://wasc.ir WASC.ir]<br />
April 2011, Shahid Beheshti University<br />
<br />
<br />
=== 4th Intl. Digital Media Fair ===<br />
Tehran, Great Mosalla of Imam Khomeini, '''October 7th-16th'''<br />
Two workshops by Abbas Naderi (aka) AbiusX :<br />
* Common Web Security for People (including Social Engineering issues)<br />
* Cryptography and Cryptanalysis<br />
<br />
Both being held at October 9th <br />
<br />
<br />
=== 3rd Intl. Digital Media Fair ===<br />
Tehran , Great Mosalla of Imam Khomeini, '''October 01st-8th'''<br />
<br />
سومین نمایشگاه بینالمللی رسانههای دیجیتال، ۸ الی ۱۵، مصلی امام خمینی<br />
<br />
Two security related presentations by '''Abbas Naderi (aka AbiusX)''':<br />
* OWASP Top Ten in Persian for common web developers (2 Oct, 19-21 local time) ([http://abiusx.com/archive/presentation/OWASP_Top_10_Farsi.pptx download link])<br />
* General Security and Privacy for the public (3 Oct, 19-21 local time) ([http://abiusx.com/archive/presentation/security-privacy2.pptx download link])<br />
(Powerpoint and OpenOffice slides would be uploaded asap.)<br />
* ۱۰ خطر اصلی در نرم افزارهای تحت وب - برای توسعه دهندگان وب<br />
* امنیت عمومی در وب، حفاظت از اطلاعات شخصی برای عموم مردم<br />
<br />
Attendance is free of charge.<br />
<br />
<br />
=== Software security vulnerabilities and defense ===<br />
seminar presented in YAZD University by Hamid kashfi (26 June 2008). ([http://strcpy.persiangig.com/Attacking_Software.ppt download link] ) <br />
<br />
= Volunteer Events =<br />
از کسانی که دوست دارند داوطلبانه پروژه های این بنیاد را ارائه دارند دعوت میشود، جهت هماهنگی به یکی از مدیران ایرانی پیغام دهند. متشکرم.<br />
<br />
* '''[[http://bostandoust.ir/wp-content/uploads/2018/07/0853.pdf 1]] نشست امنیت نرم افزار های وب'''<br />
این نشست در دانشگاه فنی مهندسی شیراز با همکاری لاگ شیراز مورخ 4 تیر 97 تشکیل شد و آسیب پذیری های پی اچ پی توسط سعید بستان دوست ارائه گردیده.<br />
<br />
= Resources =<br />
== OWASP Top 10 Persian ==<br />
(24/09/2009) Persian translation of OWASP TOP 10 Project is published by "Mitra Moosavi" and "Anahita Taheri". ([http://www.scribd.com/doc/20164417/OWASP-Top-10-2007-Persian download link])<br />
<br />
لطفا پيشنهادات يا اصلاحات احتمالی را از طريق ايميل به تهيه کنندگان اين سند ارسال نماييد<br />
<br />
<br />
<headertabs></headertabs> <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:Middle East]]<br />
[[Category:Asia/Pacific/Middle East]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=Iran&diff=241742Iran2018-07-10T11:03:10Z<p>Ali Razmjoo: </p>
<hr />
<div>= Chapter Information =<br />
{{Chapter Template|chaptername=Iran|extra=The chapter leaders are [mailto:abiusx@owasp.org Abbas Naderi], [mailto:Ali.Razmjoo@owasp.org Ali Ramjoo] and [mailto:Reza.Espargham@owasp.org MohammadReza Espargham].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-iran|emailarchives=http://lists.owasp.org/pipermail/owasp-iran}}<br />
<br />
== Incoming Events ==<br />
OWASP Iran Chapter Meeting - (Details will be published soon)<br />
<br />
=Membership=<br />
== Sponsorship/Membership ==<br />
<br />
[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.<br />
<br />
Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]]<br />
<br />
<br />
= Chapter News =<br />
<br />
==Sponsorship/Membership==<br />
After months of exhaustive work, a new membership approach is available for Iranians. Check the membership tab.<br />
<br />
== Chapter Meeting ==<br />
The next chapter meeting would be in upcoming month. More information in the mailing list and here alter.<br />
<br />
<br />
<br />
= Active Projects =<br />
== OWASP Nettacker ==<br />
'''[https://www.owasp.org/index.php/OWASP_Nettacker OWASP Nettacker]''' project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
== OWASP JoomScan Project ==<br />
'''[https://github.com/rezasp/joomscan OWASP JoomScan]''' (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in Perl programming language to detect Joomla CMS vulnerabilities and analyses them.<br />
<br />
== OWASP VBScan Project ==<br />
<br />
'''[https://www.owasp.org/index.php/OWASP_VBScan_Project OWASP VBScan]''' is an opensource project in Perl programming language to detect VBulletin CMS vulnerabilities and analyses them.<br />
<br />
== OWASP ZSC Project ==<br />
'''[https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project OWASP ZSC]''' is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script.<br />
<br />
= Past Events =<br />
<br />
=== OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity ===<br />
OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity: Opportunities and challenges in Digital Transformation 2018 by Mohammad Reza Zamiri<br />
( [https://github.com/zdresearch/OWASP-Nettacker/tree/master/lib/payload/scanner/ics_honeypot 1] ) ( [https://ics.kaspersky.com/conference/ 2] )<br />
<br />
=== OWASP JoomScan at Blackhat Arsenal - USA 2018 ===<br />
OWASP JoomScan at OWASP Blackhat Arsenal - Las Vegas 2018. This project will present on 8 August 10am to 11:20am by Mohammad Reza Espargham, Babak Amin Azad, Vahid Behzadan. <br />
( [https://www.blackhat.com/us-18/arsenal/schedule/index.html#owasp-joomscan-project-10824 1] ) ( [https://www.blackhat.com/us-18/arsenal.html#owasp-joomscan-project 2] )<br />
<br />
<br />
=== OWASP Nettacker in OWASP Bay Area meetup 2018 ===<br />
OWASP Nettacker Tutorial by at OWASP Bay Area meetup. Thanks to Vahid Behzadan for the presentation and OWASP Bay Area for hosting and sponsoring us. <br />
( [https://www.youtube.com/watch?v=4pu4hJMk6m8 1] )<br />
<br />
<br />
=== OWASP JoomScan at Blackhat Arsenal - Asia 2018 ===<br />
OWASP JoomScan at OWASP Blackhat Arsenal - Singapore 2018. Presented by Mohammad Reza Espargham, Esmaeil Rahimian. and Blackhat for hosting.<br />
( [http://lists.owasp.org/pipermail/owasp-leaders/2018-March/019076.html Experiences and Pictures] ) ( [https://www.blackhat.com/asia-18/arsenal.html#mohammad-reza-espargham 1] ) ( [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-joomscan-project-9875 1] )<br />
<br />
<br />
=== OWASP Nettacker Accepted for Google Summer of Code 2018 ===<br />
( [https://www.owasp.org/index.php/GSOC2018_Ideas 1] ) ( [https://summerofcode.withgoogle.com/organizations/6664778743808000/ 2] ) <br><br />
OWASP Nettacker Video Conference/Webinar for GSoC Team 1 May 2018 - Vahid Behzadan - ML/AI in CyberSecurity ( [https://www.youtube.com/watch?v=7RQH8oECSyg 1] ) <br />
<br />
<br />
=== OWASP Nettacker in OFFSECONF 2017 ===<br />
OWASP Nettacker was introduced in OFFSECONF 2017. ([https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 Experiences and Pictures])<br />
<br />
<br />
=== OWASP VBScan in OFFSECONF 2017 ===<br />
OWASP VBScan presented in OFFSECONF 2017. Click [https://www.owasp.org/index.php/OWASP_VBScan_Project here] for additional information.<br />
<br />
<br />
=== OWASP ZSC in OFFSECONF 2016 ===<br />
OWASP ZSC project presented in OFFSECONF 2016 K. N. Toosi University of Technology in Tehran ([https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k Experiences and Pictures])<br />
<br />
<br />
=== the First National Web Application Security Conference ===<br />
[http://wasc.ir WASC.ir]<br />
April 2011, Shahid Beheshti University<br />
<br />
<br />
=== 4th Intl. Digital Media Fair ===<br />
Tehran, Great Mosalla of Imam Khomeini, '''October 7th-16th'''<br />
Two workshops by Abbas Naderi (aka) AbiusX :<br />
* Common Web Security for People (including Social Engineering issues)<br />
* Cryptography and Cryptanalysis<br />
<br />
Both being held at October 9th <br />
<br />
<br />
=== 3rd Intl. Digital Media Fair ===<br />
Tehran , Great Mosalla of Imam Khomeini, '''October 01st-8th'''<br />
<br />
سومین نمایشگاه بینالمللی رسانههای دیجیتال، ۸ الی ۱۵، مصلی امام خمینی<br />
<br />
Two security related presentations by '''Abbas Naderi (aka AbiusX)''':<br />
* OWASP Top Ten in Persian for common web developers (2 Oct, 19-21 local time) ([http://abiusx.com/archive/presentation/OWASP_Top_10_Farsi.pptx download link])<br />
* General Security and Privacy for the public (3 Oct, 19-21 local time) ([http://abiusx.com/archive/presentation/security-privacy2.pptx download link])<br />
(Powerpoint and OpenOffice slides would be uploaded asap.)<br />
* ۱۰ خطر اصلی در نرم افزارهای تحت وب - برای توسعه دهندگان وب<br />
* امنیت عمومی در وب، حفاظت از اطلاعات شخصی برای عموم مردم<br />
<br />
Attendance is free of charge.<br />
<br />
<br />
=== Software security vulnerabilities and defense ===<br />
seminar presented in YAZD University by Hamid kashfi (26 June 2008). ([http://strcpy.persiangig.com/Attacking_Software.ppt download link] ) <br />
<br />
= Volunteer Events =<br />
از کسانی که دوست دارند داوطلبانه پروژه های این بنیاد را ارائه دارند دعوت میشود، جهت هماهنگی به یکی از مدیران ایرانی پیغام دهند. متشکرم.<br />
<br />
* '''[[http://bostandoust.ir/wp-content/uploads/2018/07/0853.pdf 1]] نشست امنیت نرم افزار های وب'''<br />
این نشست در دانشگاه فنی مهندسی شیراز با همکاری لاگ شیراز مورخ 4 تیر 97 تشکیل شد و آسیب پذیری های پی اچ پی توسط سعید بستان دوست ارائه گردیده.<br />
<br />
= Resources =<br />
== OWASP Top 10 Persian ==<br />
(24/09/2009) Persian translation of OWASP TOP 10 Project is published by "Mitra Moosavi" and "Anahita Taheri". ([http://www.scribd.com/doc/20164417/OWASP-Top-10-2007-Persian download link])<br />
<br />
لطفا پيشنهادات يا اصلاحات احتمالی را از طريق ايميل به تهيه کنندگان اين سند ارسال نماييد<br />
<br />
<br />
<headertabs></headertabs> <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:Middle East]]<br />
[[Category:Asia/Pacific/Middle East]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=Iran&diff=241741Iran2018-07-10T10:57:49Z<p>Ali Razmjoo: add description</p>
<hr />
<div>= Chapter Information =<br />
{{Chapter Template|chaptername=Iran|extra=The chapter leaders are [mailto:abiusx@owasp.org Abbas Naderi], [mailto:Ali.Razmjoo@owasp.org Ali Ramjoo] and [mailto:Reza.Espargham@owasp.org MohammadReza Espargham].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-iran|emailarchives=http://lists.owasp.org/pipermail/owasp-iran}}<br />
<br />
== Incoming Events ==<br />
OWASP Iran Chapter Meeting - (Details will be published soon)<br />
<br />
=Membership=<br />
== Sponsorship/Membership ==<br />
<br />
[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.<br />
<br />
Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]]<br />
<br />
<br />
= Chapter News =<br />
<br />
==Sponsorship/Membership==<br />
After months of exhaustive work, a new membership approach is available for Iranians. Check the membership tab.<br />
<br />
== Chapter Meeting ==<br />
The next chapter meeting would be in upcoming month. More information in the mailing list and here alter.<br />
<br />
<br />
<br />
= Active Projects =<br />
== OWASP Nettacker ==<br />
'''[https://www.owasp.org/index.php/OWASP_Nettacker OWASP Nettacker]''' project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
== OWASP JoomScan Project ==<br />
'''[https://github.com/rezasp/joomscan OWASP JoomScan]''' (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in Perl programming language to detect Joomla CMS vulnerabilities and analyses them.<br />
<br />
== OWASP VBScan Project ==<br />
<br />
'''[https://www.owasp.org/index.php/OWASP_VBScan_Project OWASP VBScan]''' is an opensource project in Perl programming language to detect VBulletin CMS vulnerabilities and analyses them.<br />
<br />
== OWASP ZSC Project ==<br />
'''[https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project OWASP ZSC]''' is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script.<br />
<br />
= Past Events =<br />
<br />
=== '''OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity''' ===<br />
OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity: Opportunities and challenges in Digital Transformation 2018 by Mohammad Reza Zamiri<br />
( [https://github.com/zdresearch/OWASP-Nettacker/tree/master/lib/payload/scanner/ics_honeypot 1] ) ( [https://ics.kaspersky.com/conference/ 2] )<br />
<br />
=== '''OWASP JoomScan at Blackhat Arsenal - USA 2018''' ===<br />
OWASP JoomScan at OWASP Blackhat Arsenal - Las Vegas 2018. This project will present on 8 August 10am to 11:20am by Mohammad Reza Espargham, Babak Amin Azad, Vahid Behzadan. <br />
( [https://www.blackhat.com/us-18/arsenal/schedule/index.html#owasp-joomscan-project-10824 1] ) ( [https://www.blackhat.com/us-18/arsenal.html#owasp-joomscan-project 2] )<br />
<br />
<br />
=== '''OWASP Nettacker in OWASP Bay Area meetup 2018''' ===<br />
OWASP Nettacker Tutorial by at OWASP Bay Area meetup. Thanks to Vahid Behzadan for the presentation and OWASP Bay Area for hosting and sponsoring us. <br />
( [https://www.youtube.com/watch?v=4pu4hJMk6m8 1] )<br />
<br />
<br />
=== '''OWASP JoomScan at Blackhat Arsenal - Asia 2018''' ===<br />
OWASP JoomScan at OWASP Blackhat Arsenal - Singapore 2018. Presented by Mohammad Reza Espargham, Esmaeil Rahimian. and Blackhat for hosting.<br />
( [http://lists.owasp.org/pipermail/owasp-leaders/2018-March/019076.html Experiences and Pictures] ) ( [https://www.blackhat.com/asia-18/arsenal.html#mohammad-reza-espargham 1] ) ( [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-joomscan-project-9875 1] )<br />
<br />
<br />
=== '''OWASP Nettacker Accepted for Google Summer of Code 2018''' ===<br />
( [https://www.owasp.org/index.php/GSOC2018_Ideas 1] ) ( [https://summerofcode.withgoogle.com/organizations/6664778743808000/ 2] ) <br><br />
OWASP Nettacker Video Conference/Webinar for GSoC Team 1 May 2018 - Vahid Behzadan - ML/AI in CyberSecurity ( [https://www.youtube.com/watch?v=7RQH8oECSyg 1] ) <br />
<br />
<br />
=== OWASP Nettacker in OFFSECONF 2017 ===<br />
OWASP Nettacker was introduced in OFFSECONF 2017. ([https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 Experiences and Pictures])<br />
<br />
<br />
=== OWASP VBScan in OFFSECONF 2017 ===<br />
OWASP VBScan presented in OFFSECONF 2017. Click [https://www.owasp.org/index.php/OWASP_VBScan_Project here] for additional information.<br />
<br />
<br />
=== OWASP ZSC in OFFSECONF 2016 ===<br />
OWASP ZSC project presented in OFFSECONF 2016 K. N. Toosi University of Technology in Tehran ([https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k Experiences and Pictures])<br />
<br />
<br />
=== the First National Web Application Security Conference ===<br />
[http://wasc.ir WASC.ir]<br />
April 2011, Shahid Beheshti University<br />
<br />
<br />
=== 4th Intl. Digital Media Fair ===<br />
Tehran, Great Mosalla of Imam Khomeini, '''October 7th-16th'''<br />
Two workshops by Abbas Naderi (aka) AbiusX :<br />
* Common Web Security for People (including Social Engineering issues)<br />
* Cryptography and Cryptanalysis<br />
<br />
Both being held at October 9th <br />
<br />
<br />
=== 3rd Intl. Digital Media Fair ===<br />
Tehran , Great Mosalla of Imam Khomeini, '''October 01st-8th'''<br />
<br />
سومین نمایشگاه بینالمللی رسانههای دیجیتال، ۸ الی ۱۵، مصلی امام خمینی<br />
<br />
Two security related presentations by '''Abbas Naderi (aka AbiusX)''':<br />
* OWASP Top Ten in Persian for common web developers (2 Oct, 19-21 local time) ([http://abiusx.com/archive/presentation/OWASP_Top_10_Farsi.pptx download link])<br />
* General Security and Privacy for the public (3 Oct, 19-21 local time) ([http://abiusx.com/archive/presentation/security-privacy2.pptx download link])<br />
(Powerpoint and OpenOffice slides would be uploaded asap.)<br />
* ۱۰ خطر اصلی در نرم افزارهای تحت وب - برای توسعه دهندگان وب<br />
* امنیت عمومی در وب، حفاظت از اطلاعات شخصی برای عموم مردم<br />
<br />
Attendance is free of charge.<br />
<br />
<br />
=== Software security vulnerabilities and defense ===<br />
seminar presented in YAZD University by Hamid kashfi (26 June 2008). ([http://strcpy.persiangig.com/Attacking_Software.ppt download link] ) <br />
<br />
= Volunteer Events =<br />
از کسانی که دوست دارند داوطلبانه پروژه های این بنیاد را ارائه دارند دعوت میشود، جهت هماهنگی به یکی از مدیران ایرانی پیغام دهند. متشکرم.<br />
<br />
* '''[[http://bostandoust.ir/wp-content/uploads/2018/07/0853.pdf 1]] نشست امنیت نرم افزار های وب'''<br />
این نشست در دانشگاه فنی مهندسی شیراز با همکاری لاگ شیراز مورخ 4 تیر 97 تشکیل شد و آسیب پذیری های پی اچ پی توسط سعید بستان دوست ارائه گردیده.<br />
<br />
= Resources =<br />
== OWASP Top 10 Persian ==<br />
(24/09/2009) Persian translation of OWASP TOP 10 Project is published by "Mitra Moosavi" and "Anahita Taheri". ([http://www.scribd.com/doc/20164417/OWASP-Top-10-2007-Persian download link])<br />
<br />
لطفا پيشنهادات يا اصلاحات احتمالی را از طريق ايميل به تهيه کنندگان اين سند ارسال نماييد<br />
<br />
<br />
<headertabs></headertabs> <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:Middle East]]<br />
[[Category:Asia/Pacific/Middle East]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=Iran&diff=241740Iran2018-07-10T10:51:56Z<p>Ali Razmjoo: volunteer events</p>
<hr />
<div>= Chapter Information =<br />
{{Chapter Template|chaptername=Iran|extra=The chapter leaders are [mailto:abiusx@owasp.org Abbas Naderi], [mailto:Ali.Razmjoo@owasp.org Ali Ramjoo] and [mailto:Reza.Espargham@owasp.org MohammadReza Espargham].|mailinglistsite=http://lists.owasp.org/mailman/listinfo/owasp-iran|emailarchives=http://lists.owasp.org/pipermail/owasp-iran}}<br />
<br />
== Incoming Events ==<br />
OWASP Iran Chapter Meeting - (Details will be published soon)<br />
<br />
=Membership=<br />
== Sponsorship/Membership ==<br />
<br />
[[Image:Btn_donate_SM.gif|link=http://www.regonline.com/donation_1044369]] to this chapter or become a local chapter supporter.<br />
<br />
Or consider the value of [[Membership | Individual, Corporate, or Academic Supporter membership]]. Ready to become a member? [[Image:Join_Now_BlueIcon.JPG|75px|link=https://myowasp.force.com/]]<br />
<br />
<br />
= Chapter News =<br />
<br />
==Sponsorship/Membership==<br />
After months of exhaustive work, a new membership approach is available for Iranians. Check the membership tab.<br />
<br />
== Chapter Meeting ==<br />
The next chapter meeting would be in upcoming month. More information in the mailing list and here alter.<br />
<br />
<br />
<br />
= Active Projects =<br />
== OWASP Nettacker ==<br />
'''[https://www.owasp.org/index.php/OWASP_Nettacker OWASP Nettacker]''' project is created to automate information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and other information. This software will utilize TCP SYN, ACK, ICMP and many other protocols in order to detect and bypass Firewall/IDS/IPS devices. By leveraging a unique method in OWASP Nettacker for discovering protected services and devices such as SCADA. It would make a competitive edge compared to other scanner making it one of the bests.<br />
<br />
== OWASP JoomScan Project ==<br />
'''[https://github.com/rezasp/joomscan OWASP JoomScan]''' (short for [Joom]la Vulnerability [Scan]ner) is an opensource project in Perl programming language to detect Joomla CMS vulnerabilities and analyses them.<br />
<br />
== OWASP VBScan Project ==<br />
<br />
'''[https://www.owasp.org/index.php/OWASP_VBScan_Project OWASP VBScan]''' is an opensource project in Perl programming language to detect VBulletin CMS vulnerabilities and analyses them.<br />
<br />
== OWASP ZSC Project ==<br />
'''[https://www.owasp.org/index.php/OWASP_ZSC_Tool_Project OWASP ZSC]''' is an open source software in python language which lets you generate customized shellcodes and convert scripts to an obfuscated script.<br />
<br />
= Past Events =<br />
<br />
=== '''OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity''' ===<br />
OWASP Nettacker ICS Section will be presented in KasperSky Industrial Cybersecurity: Opportunities and challenges in Digital Transformation 2018 by Mohammad Reza Zamiri<br />
( [https://github.com/zdresearch/OWASP-Nettacker/tree/master/lib/payload/scanner/ics_honeypot 1] ) ( [https://ics.kaspersky.com/conference/ 2] )<br />
<br />
=== '''OWASP JoomScan at Blackhat Arsenal - USA 2018''' ===<br />
OWASP JoomScan at OWASP Blackhat Arsenal - Las Vegas 2018. This project will present on 8 August 10am to 11:20am by Mohammad Reza Espargham, Babak Amin Azad, Vahid Behzadan. <br />
( [https://www.blackhat.com/us-18/arsenal/schedule/index.html#owasp-joomscan-project-10824 1] ) ( [https://www.blackhat.com/us-18/arsenal.html#owasp-joomscan-project 2] )<br />
<br />
<br />
=== '''OWASP Nettacker in OWASP Bay Area meetup 2018''' ===<br />
OWASP Nettacker Tutorial by at OWASP Bay Area meetup. Thanks to Vahid Behzadan for the presentation and OWASP Bay Area for hosting and sponsoring us. <br />
( [https://www.youtube.com/watch?v=4pu4hJMk6m8 1] )<br />
<br />
<br />
=== '''OWASP JoomScan at Blackhat Arsenal - Asia 2018''' ===<br />
OWASP JoomScan at OWASP Blackhat Arsenal - Singapore 2018. Presented by Mohammad Reza Espargham, Esmaeil Rahimian. and Blackhat for hosting.<br />
( [http://lists.owasp.org/pipermail/owasp-leaders/2018-March/019076.html Experiences and Pictures] ) ( [https://www.blackhat.com/asia-18/arsenal.html#mohammad-reza-espargham 1] ) ( [https://www.blackhat.com/asia-18/arsenal/schedule/index.html#owasp-joomscan-project-9875 1] )<br />
<br />
<br />
=== '''OWASP Nettacker Accepted for Google Summer of Code 2018''' ===<br />
( [https://www.owasp.org/index.php/GSOC2018_Ideas 1] ) ( [https://summerofcode.withgoogle.com/organizations/6664778743808000/ 2] ) <br><br />
OWASP Nettacker Video Conference/Webinar for GSoC Team 1 May 2018 - Vahid Behzadan - ML/AI in CyberSecurity ( [https://www.youtube.com/watch?v=7RQH8oECSyg 1] ) <br />
<br />
<br />
=== OWASP Nettacker in OFFSECONF 2017 ===<br />
OWASP Nettacker was introduced in OFFSECONF 2017. ([https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 Experiences and Pictures])<br />
<br />
<br />
=== OWASP VBScan in OFFSECONF 2017 ===<br />
OWASP VBScan presented in OFFSECONF 2017. Click [https://www.owasp.org/index.php/OWASP_VBScan_Project here] for additional information.<br />
<br />
<br />
=== OWASP ZSC in OFFSECONF 2016 ===<br />
OWASP ZSC project presented in OFFSECONF 2016 K. N. Toosi University of Technology in Tehran ([https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k Experiences and Pictures])<br />
<br />
<br />
=== the First National Web Application Security Conference ===<br />
[http://wasc.ir WASC.ir]<br />
April 2011, Shahid Beheshti University<br />
<br />
<br />
=== 4th Intl. Digital Media Fair ===<br />
Tehran, Great Mosalla of Imam Khomeini, '''October 7th-16th'''<br />
Two workshops by Abbas Naderi (aka) AbiusX :<br />
* Common Web Security for People (including Social Engineering issues)<br />
* Cryptography and Cryptanalysis<br />
<br />
Both being held at October 9th <br />
<br />
<br />
=== 3rd Intl. Digital Media Fair ===<br />
Tehran , Great Mosalla of Imam Khomeini, '''October 01st-8th'''<br />
<br />
سومین نمایشگاه بینالمللی رسانههای دیجیتال، ۸ الی ۱۵، مصلی امام خمینی<br />
<br />
Two security related presentations by '''Abbas Naderi (aka AbiusX)''':<br />
* OWASP Top Ten in Persian for common web developers (2 Oct, 19-21 local time) ([http://abiusx.com/archive/presentation/OWASP_Top_10_Farsi.pptx download link])<br />
* General Security and Privacy for the public (3 Oct, 19-21 local time) ([http://abiusx.com/archive/presentation/security-privacy2.pptx download link])<br />
(Powerpoint and OpenOffice slides would be uploaded asap.)<br />
* ۱۰ خطر اصلی در نرم افزارهای تحت وب - برای توسعه دهندگان وب<br />
* امنیت عمومی در وب، حفاظت از اطلاعات شخصی برای عموم مردم<br />
<br />
Attendance is free of charge.<br />
<br />
<br />
=== Software security vulnerabilities and defense ===<br />
seminar presented in YAZD University by Hamid kashfi (26 June 2008). ([http://strcpy.persiangig.com/Attacking_Software.ppt download link] ) <br />
<br />
= Volunteer Events =<br />
* [[http://bostandoust.ir/wp-content/uploads/2018/07/0853.pdf 1]] نشست امنیت نرم افزار های وب<br />
این نشست در دانشگاه فنی مهندسی شیراز با همکاری لاگ شیراز مورخ 4 تیر 97 تشکیل شد و آسیب پذیری های پی اچ پی توسط سعید بستان دوست ارائه گردیده.<br />
<br />
= Resources =<br />
== OWASP Top 10 Persian ==<br />
(24/09/2009) Persian translation of OWASP TOP 10 Project is published by "Mitra Moosavi" and "Anahita Taheri". ([http://www.scribd.com/doc/20164417/OWASP-Top-10-2007-Persian download link])<br />
<br />
لطفا پيشنهادات يا اصلاحات احتمالی را از طريق ايميل به تهيه کنندگان اين سند ارسال نماييد<br />
<br />
<br />
<headertabs></headertabs> <br />
<br />
[[Category:OWASP_Chapter]]<br />
[[Category:Middle East]]<br />
[[Category:Asia/Pacific/Middle East]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=241593OWASP Nettacker2018-07-02T09:29:57Z<p>Ali Razmjoo: add m r z</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders & Mentors ==<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:reza.espargham@owasp.org Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
* [mailto:abiusx@owasp.org Abbas Naderi Afooshteh]<br />
* [mailto:sriharsha.g15@ii Sri Harsha Gajavalli]<br />
<br />
== GSoC Interns ==<br />
* [mailto:bran0793@umn.edu Hannah Brand]<br />
* [mailto:shaddygarg1@gmail.com Shaddy Garg]<br />
* [mailto:pradeepjairamani22@gmail.com Pradeep Jairamani]<br />
<br />
== Contributors & Main Developers ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mr.zamiri@ieee.org Mohammad Reza Zamiri]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [mailto:harsha010@outlook.com Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
* [mailto:mahdirasouli007@gmail.com Mahdi Rasouli]<br />
* [mailto:timonalma81@gmail.com Tikam Singh Alma]<br />
* [mailto:mailto:ht974@nyu.edu Jecky]<br />
* [https://github.com/VictorSuraj VictorSuraj]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki/Events ALL EVENTS AND NEWS]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
== Project Leaders ==<br />
* Ali Razmjoo<br />
* Mohammad Reza Espargham<br />
<br />
== Contributors ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [https://github.com/avhvr Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=240530OWASP Nettacker2018-05-08T16:26:17Z<p>Ali Razmjoo: events</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders & Mentors ==<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:reza.espargham@owasp.org Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
* [mailto:abiusx@owasp.org Abbas Naderi Afooshteh]<br />
* [mailto:sriharsha.g15@ii Sri Harsha Gajavalli]<br />
<br />
== GSoC Interns ==<br />
* [mailto:bran0793@umn.edu Hannah Brand]<br />
* [mailto:shaddygarg1@gmail.com Shaddy Garg]<br />
* [mailto:pradeepjairamani22@gmail.com Pradeep Jairamani]<br />
<br />
== Contributors & Main Developers ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [mailto:harsha010@outlook.com Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
* [mailto:mahdirasouli007@gmail.com Mahdi Rasouli]<br />
* [mailto:timonalma81@gmail.com Tikam Singh Alma]<br />
* [mailto:mailto:ht974@nyu.edu Jecky]<br />
* [https://github.com/VictorSuraj VictorSuraj]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki/Events ALL EVENTS AND NEWS]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
== Project Leaders ==<br />
* Ali Razmjoo<br />
* Mohammad Reza Espargham<br />
<br />
== Contributors ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [https://github.com/avhvr Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=240184OWASP Nettacker2018-04-23T18:32:27Z<p>Ali Razmjoo: </p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders & Mentors ==<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:reza.espargham@owasp.org Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
* [mailto:abiusx@owasp.org Abbas Naderi Afooshteh]<br />
* [mailto:sriharsha.g15@ii Sri Harsha Gajavalli]<br />
<br />
== GSoC Interns ==<br />
* [mailto:bran0793@umn.edu Hannah Brand]<br />
* [mailto:shaddygarg1@gmail.com Shaddy Garg]<br />
* [mailto:pradeepjairamani22@gmail.com Pradeep Jairamani]<br />
<br />
== Contributors & Main Developers ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [mailto:harsha010@outlook.com Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
* [mailto:mahdirasouli007@gmail.com Mahdi Rasouli]<br />
* [mailto:timonalma81@gmail.com Tikam Singh Alma]<br />
* [mailto:mailto:ht974@nyu.edu Jecky]<br />
* [https://github.com/VictorSuraj VictorSuraj]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 OWASP Nettacker was introduced in OFFSECONF 2017]<br />
* OWASP Nettacker Accepted for Google Summer of Code 2018 [[https://www.owasp.org/index.php/GSOC2018_Ideas 1]] [[https://summerofcode.withgoogle.com/organizations/6664778743808000/ 2]]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
== Project Leaders ==<br />
* Ali Razmjoo<br />
* Mohammad Reza Espargham<br />
<br />
== Contributors ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [https://github.com/avhvr Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=240183OWASP Nettacker2018-04-23T18:30:50Z<p>Ali Razmjoo: /* Contributors & Main Developers */</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders & Mentors ==<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:reza.espargham@owasp.org Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
* [mailto:abiusx@owasp.org Abbas Naderi Afooshteh]<br />
* [mailto:sriharsha.g15@ii Sri Harsha Gajavalli]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [mailto:harsha010@outlook.com Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
* [mailto:mahdirasouli007@gmail.com Mahdi Rasouli]<br />
* [mailto:timonalma81@gmail.com Tikam Singh Alma]<br />
* [mailto:mailto:ht974@nyu.edu Jecky]<br />
* [https://github.com/VictorSuraj VictorSuraj]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 OWASP Nettacker was introduced in OFFSECONF 2017]<br />
* OWASP Nettacker Accepted for Google Summer of Code 2018 [[https://www.owasp.org/index.php/GSOC2018_Ideas 1]] [[https://summerofcode.withgoogle.com/organizations/6664778743808000/ 2]]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
== Project Leaders ==<br />
* Ali Razmjoo<br />
* Mohammad Reza Espargham<br />
<br />
== Contributors ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [https://github.com/avhvr Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=240182OWASP Nettacker2018-04-23T18:28:41Z<p>Ali Razmjoo: </p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders & Mentors ==<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:reza.espargham@owasp.org Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
* [mailto:abiusx@owasp.org Abbas Naderi Afooshteh]<br />
* [mailto:sriharsha.g15@ii Sri Harsha Gajavalli]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [mailto:harsha010@outlook.com Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
* [mailto:mahdirasouli007@gmail.com Mahdi Rasouli]<br />
* [mailto:shaddygarg1@gmail.com Shaddy Garg]<br />
* [mailto:pradeepjairamani22@gmail.com Pradeep Jairamani]<br />
* [mailto:timonalma81@gmail.com Tikam Singh Alma]<br />
* [mailto:mailto:ht974@nyu.edu Jecky]<br />
* [https://github.com/VictorSuraj VictorSuraj]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 OWASP Nettacker was introduced in OFFSECONF 2017]<br />
* OWASP Nettacker Accepted for Google Summer of Code 2018 [[https://www.owasp.org/index.php/GSOC2018_Ideas 1]] [[https://summerofcode.withgoogle.com/organizations/6664778743808000/ 2]]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
== Project Leaders ==<br />
* Ali Razmjoo<br />
* Mohammad Reza Espargham<br />
<br />
== Contributors ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [https://github.com/avhvr Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=240181OWASP Nettacker2018-04-23T18:27:37Z<p>Ali Razmjoo: /* Project Leaders */</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders & Mentors ==<br />
* [mailto:ali.razmjoo@owasp.org Ali Razmjoo]<br />
* [mailto:reza.espargham@owasp.org Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
* [mailto:abiusx@owasp.org Abbas Naderi Afooshteh]<br />
* [mailto:sriharsha.g15@ii Sri Harsha Gajavalli]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [mailto:harsha010@outlook.com Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
* [mailto:mahdirasouli007@gmail.com Mahdi Rasouli]<br />
* [mailto:shaddygarg1@gmail.com Shaddy Garg]<br />
* [mailto:pradeepjairamani22@gmail.com Pradeep Jairamani]<br />
* [mailto:timonalma81@gmail.com Tikam Singh Alma]<br />
* [mailto:mailto:ht974@nyu.edu Jecky]<br />
* [https://github.com/VictorSuraj VictorSuraj]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 OWASP Nettacker was introduced in OFFSECONF 2017]<br />
* OWASP Nettacker Accepted for Google Summer of Code 2018 [[https://www.owasp.org/index.php/GSOC2018_Ideas 1]]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
== Project Leaders ==<br />
* Ali Razmjoo<br />
* Mohammad Reza Espargham<br />
<br />
== Contributors ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [https://github.com/avhvr Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=240171OWASP Nettacker2018-04-23T09:37:09Z<p>Ali Razmjoo: add developer</p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders ==<br />
* [https://www.owasp.org/index.php/User:Ali_Razmjoo Ali Razmjoo]<br />
* [https://www.owasp.org/index.php/User:Rezasp Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [mailto:harsha010@outlook.com Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
* [mailto:mahdirasouli007@gmail.com Mahdi Rasouli]<br />
* [mailto:shaddygarg1@gmail.com Shaddy Garg]<br />
* [mailto:pradeepjairamani22@gmail.com Pradeep Jairamani]<br />
* [mailto:timonalma81@gmail.com Tikam Singh Alma]<br />
* [mailto:mailto:ht974@nyu.edu Jecky]<br />
* [https://github.com/VictorSuraj VictorSuraj]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 OWASP Nettacker was introduced in OFFSECONF 2017]<br />
* OWASP Nettacker Accepted for Google Summer of Code 2018 [[https://www.owasp.org/index.php/GSOC2018_Ideas 1]]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
== Project Leaders ==<br />
* Ali Razmjoo<br />
* Mohammad Reza Espargham<br />
<br />
== Contributors ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [https://github.com/avhvr Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_ZSC_Tool_Project&diff=240119OWASP ZSC Tool Project2018-04-20T18:44:20Z<p>Ali Razmjoo: </p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP ZSC Tool Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
'''Donate to OWASP ZSC''' {{#widget:PayPal Donation |target=_blank |budget=OWASP ZSC }}<br />
<br />
====What is OWASP ZSC ?====<br />
http://zsc.z3r0d4y.com/images/Snapshot_2015-07-26_191951-half.png<br />
<br />
'''OWASP ZSC''' is an open source software in Python language which lets you '''generate customized shellcodes''' and '''convert scripts to an obfuscated script'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
[[File:Zsc1.png|200px]]<br />
<br />
==Description==<br />
====Usage of shellcodes====<br />
<br />
Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
====Usage of Obfuscate Codes====<br />
<br />
Can be used for bypassing antiviruses, code protections, same stuff etc … <br />
<br />
====Why use OWASP ZSC ?====<br />
<br />
Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators.<br />
Anti-virus work with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.<br />
<br />
Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.<br />
<br />
According to other shellcode generators same as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect.<br />
OWASP ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP ZSC one of the best! <br />
During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods.<br />
We are working on the next version that will allow you to generate OSX.<br />
<br />
==Licensing==<br />
<br />
====GNU GENERAL PUBLIC LICENSE , Version 3, 29 June 2007====<br />
<br />
Copyright (C) 2007 Free Software Foundation, Inc. http://fsf.org/ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [https://github.com/Ali-Razmjoo/OWASP-ZSC/blob/master/LICENSE.md Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact it is encouraged!!!<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
== Project Leaders ==<br />
* [https://www.owasp.org/index.php/User:Ali_Razmjoo Ali Razmjoo]<br />
<br />
* [https://www.owasp.org/index.php/User:Johanna_Curiel Johanna Curiel]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [http://pratikpatelp.blogspot.in Pratik Patel] (Google Summer of Code student 2016) <br />
* [https://codemaxx.github.io Akash Trehan] (CodeMaxx)<br />
* [https://paraschetal.in Paras Chetal] (Gsoc candidate 2016)<br />
* Brian Beaudry (Gsoc Mentor 2016)<br />
* Hamid Zamani (HAMIDx9)<br />
<br />
== Links ==<br />
<br />
* [http://api.z3r0d4y.com/ API]<br />
* [https://github.com/Ali-Razmjoo/OWASP-ZSC Project on Github]<br />
* [https://groups.google.com/d/forum/owasp-zsc Mailing List]<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Home]<br />
* [https://www.openhub.net/p/OWASP-ZSC OpenHub]<br />
* [http://zsc.z3r0d4y.com/table.html Last Version Features]<br />
* [http://zsc.z3r0d4y.com/wiki Wiki]<br />
* [http://zsc.z3r0d4y.com/download Download]<br />
* [https://github.com/Ali-Razmjoo/ZCR-Shellcoder-Archive Archive]<br />
<br />
== Shellcode Generating ==<br />
With using '''OWASP ZSC''' you would be able to generate any customized '''Shellcode''' in your mind including encodes and Disassembly code in few seconds.<br />
<br />
== Be an OWASP ZSC developer ==<br />
* [https://www.owasp.org/index.php?title=OWASP_ZSC_Tool_Project&action=submit#Developers Quick Developing Help]<br />
<br />
== Last Tricks in Home ==<br />
* [http://zsc.z3r0d4y.com/blog/archives/ All Tricks]<br />
* [http://zsc.z3r0d4y.com/blog/2015/08/01/generate-pe-file-with-zsc-shellcodes/ Shellcode to PE File]<br />
* [http://zsc.z3r0d4y.com/blog/2015/07/27/video-how-to-install-and-generate-shellcode-using-zsc/ Video: Install&Generate Shellcode]<br />
<br />
==Related links==<br />
*[https://www.youtube.com/watch?v=nkx0HQhYdmY| Appsec Presentation 2013 Beef and Custome shellcodes]<br />
*[https://www.owasp.org/index.php/File:Introduction_to_shellcode_development.pdf| Introduction to Shellcode Development]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zscproject/OWASP-ZSC Github Page.]<br />
<br />
[http://zsc.z3r0d4y.com/download/ Download Page.]<br />
<br />
* [https://github.com/zscproject/OWASP-ZSC/zipball/master .zip file.]<br />
* [https://github.com/zscproject/OWASP-ZSC/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
* [https://www.owasp.org/index.php/OWASP_Code_Sprint_2017#OWASP_ZSC OWASP ZSC in OWASP Code Sprint 2017]<br />
* [http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/ OWASP ZSC Selected as Top 10 Security tools in 2016 By ToolsWatch]<br />
* [https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k OWASP ZSC Presented in OFFSECONF 2016]<br />
* [https://www.blackhat.com/eu-16/arsenal.html#brian-beaudry Been Selected for Blackhat EU Arsenal 2016]<br />
* [https://www.defcon.org/html/defcon-24/dc-24-demolabs.html#Curiel OWASP ZSC has been selected for Defcon Demo Lab 2016]<br />
* [https://summerofcode.withgoogle.com/archive/2016/projects/5969824152813568/ OWASP ZSC applied and was selected to participate in the Google Summer of Code 2016]<br />
* [https://www.linkedin.com/pulse/lessons-from-cyber-underworld-how-understand-software-ali-razmjoo Press Release 12th February 2015 ]<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Version 1.0.9.1 Released!]<br />
* [https://github.com/longld/peda OWASP ZSC in GDB-PEDA]<br />
<br />
== Docs ==<br />
* [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc Developers and Users Documents].<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Home]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
To see full guides please visit our [http://zsc.z3r0d4y.com/wiki wiki page].<br />
<br />
====Help Menu====<br />
<br />
'''PLEASE CLICK [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc HERE] TO SEE FULL DEVELOPERS AND USERS DOCUMENTS'''<br />
<br />
<br />
======OWASP ZSC Project======<br />
<br />
<br />
OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under python.<br />
<br />
<br />
======Usage of shellcodes======<br />
<br />
<br />
Shellcodes are small codes in Assembly Languagewhich could be used as the payload in software exploiting. Other usages are in malwares, bypassing anti viruses, obfuscated codes and etc.<br />
<br />
<br />
======Usage of Obfuscate Codes======<br />
<br />
<br />
Can be used for bypassing antiviruses, code protections, same stuff etc … <br />
<br />
<br />
======Why use OWASP ZSC ?======<br />
<br />
<br />
According to other shellcode generators such as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shell codes with random encodes that allows you to generate thousands of new dynamic shell codes with the same job in just a second, it means you will not get the same code if you use random encodes with the same commands, and that makes OWASP ZSC one of the best! <br />
OWASP ZSC can generate shellcode for Linux and Windows _x86<br />
Upcoming features will allow generating shellcodes for OSX <br />
And new encodes for the code obfuscation.<br />
<br />
======User Guides======<br />
<br />
To run '''OWASP ZSC''', You need to install python `2.x|3.x` on your operation system `Windows|Linux|OSX`, Then it could be run directly with executing `zsc.py` or run the software after you installed it! To see the user manuals, Please follow the next steps!<br />
<br />
<br />
======Generating Shellcode======<br />
<br />
Via `zsc` command, you are able to enter the software [or run python zsc.py if you don’t want to install it], Then you can have a list of menu with entering `help`. You can have your choices with pressing `tab` key on each step. To generate shellcode, you have to type `shellcode` and then press enter, after that, you can see what’s available in `shellcode` section. There is `generate` , `search` and `download` choices in here which use for `generate shellcodes`, `search` and `download` shellcode from shellstorm. To generate a shellcode, type `generate` and press enter, after that with a `tab` key, you can have list of operation systems available in there. With pressing `tab` key again, functions will be shown for you in this step [ such as `exec` ,`systm`,`write` and `etc`]. choose your function by writing the name `example: exec` and press inter. In the next section you have to fill the argv of function which exec() function have one `example: exec("/bin/bash")`, all you need in this section is pressing a `tab` and then `enter` key, software will automatically ask you for function argv. Fill them and next section software will ask you for shellcode type which can be `none` or choose one of listed encoding types. After entering that, your shellcode is ready!<br />
There is one more way to have a shellcode from software, which is using shellstorm API. Following the `shellcode`, and then `search` commands to search for a shellcode. After that shellcodes will be listed for you with title name , ID and etc. you can download them with following `shellcode` and then `download` command to download them with the ID which shown to you in the past section! For canceling each section, you can use `restart` command to restart the software and start new task!<br />
<br />
<br />
======Generating Obfuscate Code======<br />
<br />
With the following `obfuscate` command, you can begin the step for obfuscating a code. With a `tab` key , you can see the list of languages along with the obfuscating module ready. After choosing the language software will ask you for a filename which is a filename of file you want to obfuscate that! Next step software will ask you for encode type. With a `tab` key list the encode modules and choose your encode name. your file rewrited and converted to a obfuscate with encode type you chosen. And do not worry about your original code, it’s saved in file as a comment!<br />
<br />
Please click '''[https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc HERE]''' to read more!<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
'''Installation'''<br />
Go to download page, and download last version in github. Extract and run installer.py, then you are able to run software with OWASP ZSC command or you can directly execute zsc.py without installing it.or you can follow these commands to install the last version:<br />
<br />
<pre><nowiki>wget https://github.com/Ali-Razmjoo/OWASP-ZSC/archive/master.zip -O owasp-zsc.zip && unzip owasp-zsc.zip && <br />
rm -rf owasp-zsc.zip && mv OWASP-ZSC-master owasp-zsc && cd owasp-zsc && python installer.py</nowiki></pre><br />
<br />
<br />
http://zsc.z3r0d4y.com/images/Snapshot_2015-07-27_114843.png<br />
<br />
<br />
'''Note''': Software could be '''uninstall''' with executing '''uninstaller.py'''<br />
<br />
'''Note''': Software installation directory is "'''/usr/share/owasp-zsc'''"<br />
<br />
'''Note''': <strong>OWASP ZSC</strong> Tool could be execute on <strong>Linux</strong> and <strong>Python 2.7.x </strong>is required.<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>August, 2016, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Develop future [http://zsc.z3r0d4y.com/table.html features] list , Add Operation Systems and new encode types<br />
* Planing for activate features<br />
* Build ZSC API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the ZSC Tool Project provide feedback<br />
* Incorporate feedback into changes in the Tool Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
OWASP ZSC could be improving with handling module [http://zsc.z3r0d4y.com/table.html features]. MVP of this project is build and active the first module which could be usable to generate/encode Shellcode which already some of them [modules] activated.<br />
<br />
Highest usage of OWASP ZSC Tool could be when users are able to use all [http://zsc.z3r0d4y.com/table.html features] with best User Interface and <strong>API</strong> performance.<br />
https://www.owasp.org/images/3/33/Zsc.png<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
==Developers==<br />
Architect & Creator: Ali Razmjoo<br />
* Pratik Patel (Google Summer of Code student 2016)<br />
* Akash Trehan (CodeMaxx)<br />
* Paras Chetal (Google Summer of Code candidate 2016)<br />
* Hamid Samani (HAMIDx9)<br />
<br />
==Testers ==<br />
*Johanna Curiel<br />
*Brian Beaudry<br />
<br />
===Be an OWASP ZSC developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zscproject/OWASP-ZSC/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-zsc-tool-project@lists.owasp.org mail us]. do not forget to register on our [https://lists.owasp.org/mailman/listinfo/owasp-zsc-tool-project mailing list].<br />
<br />
'''AND DON'T FORGET TO READ [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc DEVELOPERS DOCUMENTS]'''<br />
<br />
Also this [https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details GitBook]<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_ZSC_Tool_Project}}<br />
<br />
<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Breakers]] [[Category:OWASP_Code]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_ZSC_Tool_Project&diff=240118OWASP ZSC Tool Project2018-04-20T18:44:08Z<p>Ali Razmjoo: </p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP ZSC Tool Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP ZSC }}<br />
<br />
====What is OWASP ZSC ?====<br />
http://zsc.z3r0d4y.com/images/Snapshot_2015-07-26_191951-half.png<br />
<br />
'''OWASP ZSC''' is an open source software in Python language which lets you '''generate customized shellcodes''' and '''convert scripts to an obfuscated script'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
[[File:Zsc1.png|200px]]<br />
<br />
==Description==<br />
====Usage of shellcodes====<br />
<br />
Shellcodes are small codes in Assembly language which could be used as the payload in software exploitation. Other usages are in malwares, bypassing antiviruses, obfuscated codes and etc.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
====Usage of Obfuscate Codes====<br />
<br />
Can be used for bypassing antiviruses, code protections, same stuff etc … <br />
<br />
====Why use OWASP ZSC ?====<br />
<br />
Another good reason for obfuscating files or generating shellcode with ZSC is that it can be used during your pen-testing. Malicious hackers use these techniques to bypass anti-virus and load malicious files in systems they have hacked using customized shellcode generators.<br />
Anti-virus work with signatures in order to identify harmful files. When using very well known encoders such as msfvenom, files generated by this program might be already flagged by Anti-virus programs.<br />
<br />
Our purpose is not to provide a way to bypass anti-virus with malicious intentions, instead, we want to provide pen-testers a way to challenge the security provided by Anti-virus programs and Intrusion Detection systems during a pen test.In this way, they can verify the security just as a black-hat will do.<br />
<br />
According to other shellcode generators same as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect.<br />
OWASP ZSC encoders are able to generate shell codes with random encodes and that allows you to generate thousands of new dynamic shellcodes with the same job in just a second, that means, you will not get the same code if you use random encodes with same commands, And that make OWASP ZSC one of the best! <br />
During the Google Summer of Code we are working on to generate Windows Shellcode and new obfuscation methods.<br />
We are working on the next version that will allow you to generate OSX.<br />
<br />
==Licensing==<br />
<br />
====GNU GENERAL PUBLIC LICENSE , Version 3, 29 June 2007====<br />
<br />
Copyright (C) 2007 Free Software Foundation, Inc. http://fsf.org/ Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [https://github.com/Ali-Razmjoo/OWASP-ZSC/blob/master/LICENSE.md Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact it is encouraged!!!<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
<br />
== Project Leaders ==<br />
* [https://www.owasp.org/index.php/User:Ali_Razmjoo Ali Razmjoo]<br />
<br />
* [https://www.owasp.org/index.php/User:Johanna_Curiel Johanna Curiel]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [http://pratikpatelp.blogspot.in Pratik Patel] (Google Summer of Code student 2016) <br />
* [https://codemaxx.github.io Akash Trehan] (CodeMaxx)<br />
* [https://paraschetal.in Paras Chetal] (Gsoc candidate 2016)<br />
* Brian Beaudry (Gsoc Mentor 2016)<br />
* Hamid Zamani (HAMIDx9)<br />
<br />
== Links ==<br />
<br />
* [http://api.z3r0d4y.com/ API]<br />
* [https://github.com/Ali-Razmjoo/OWASP-ZSC Project on Github]<br />
* [https://groups.google.com/d/forum/owasp-zsc Mailing List]<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Home]<br />
* [https://www.openhub.net/p/OWASP-ZSC OpenHub]<br />
* [http://zsc.z3r0d4y.com/table.html Last Version Features]<br />
* [http://zsc.z3r0d4y.com/wiki Wiki]<br />
* [http://zsc.z3r0d4y.com/download Download]<br />
* [https://github.com/Ali-Razmjoo/ZCR-Shellcoder-Archive Archive]<br />
<br />
== Shellcode Generating ==<br />
With using '''OWASP ZSC''' you would be able to generate any customized '''Shellcode''' in your mind including encodes and Disassembly code in few seconds.<br />
<br />
== Be an OWASP ZSC developer ==<br />
* [https://www.owasp.org/index.php?title=OWASP_ZSC_Tool_Project&action=submit#Developers Quick Developing Help]<br />
<br />
== Last Tricks in Home ==<br />
* [http://zsc.z3r0d4y.com/blog/archives/ All Tricks]<br />
* [http://zsc.z3r0d4y.com/blog/2015/08/01/generate-pe-file-with-zsc-shellcodes/ Shellcode to PE File]<br />
* [http://zsc.z3r0d4y.com/blog/2015/07/27/video-how-to-install-and-generate-shellcode-using-zsc/ Video: Install&Generate Shellcode]<br />
<br />
==Related links==<br />
*[https://www.youtube.com/watch?v=nkx0HQhYdmY| Appsec Presentation 2013 Beef and Custome shellcodes]<br />
*[https://www.owasp.org/index.php/File:Introduction_to_shellcode_development.pdf| Introduction to Shellcode Development]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zscproject/OWASP-ZSC Github Page.]<br />
<br />
[http://zsc.z3r0d4y.com/download/ Download Page.]<br />
<br />
* [https://github.com/zscproject/OWASP-ZSC/zipball/master .zip file.]<br />
* [https://github.com/zscproject/OWASP-ZSC/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
* [https://www.owasp.org/index.php/OWASP_Code_Sprint_2017#OWASP_ZSC OWASP ZSC in OWASP Code Sprint 2017]<br />
* [http://www.toolswatch.org/2017/02/2016-top-security-tools-as-voted-by-toolswatch-org-readers/ OWASP ZSC Selected as Top 10 Security tools in 2016 By ToolsWatch]<br />
* [https://groups.google.com/forum/#!topic/owasp-zsc/t12M2fxn78k OWASP ZSC Presented in OFFSECONF 2016]<br />
* [https://www.blackhat.com/eu-16/arsenal.html#brian-beaudry Been Selected for Blackhat EU Arsenal 2016]<br />
* [https://www.defcon.org/html/defcon-24/dc-24-demolabs.html#Curiel OWASP ZSC has been selected for Defcon Demo Lab 2016]<br />
* [https://summerofcode.withgoogle.com/archive/2016/projects/5969824152813568/ OWASP ZSC applied and was selected to participate in the Google Summer of Code 2016]<br />
* [https://www.linkedin.com/pulse/lessons-from-cyber-underworld-how-understand-software-ali-razmjoo Press Release 12th February 2015 ]<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Version 1.0.9.1 Released!]<br />
* [https://github.com/longld/peda OWASP ZSC in GDB-PEDA]<br />
<br />
== Docs ==<br />
* [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc Developers and Users Documents].<br />
* [http://zsc.z3r0d4y.com/ OWASP ZSC Home]<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| align="center" valign="top" width="50%" rowspan="2"| [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%"| [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
To see full guides please visit our [http://zsc.z3r0d4y.com/wiki wiki page].<br />
<br />
====Help Menu====<br />
<br />
'''PLEASE CLICK [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc HERE] TO SEE FULL DEVELOPERS AND USERS DOCUMENTS'''<br />
<br />
<br />
======OWASP ZSC Project======<br />
<br />
<br />
OWASP ZSC is an open source software in Python language which lets you generate customized shellcodes and convert scripts to an obfuscated script. This software can be run on Windows/Linux/OSX under python.<br />
<br />
<br />
======Usage of shellcodes======<br />
<br />
<br />
Shellcodes are small codes in Assembly Languagewhich could be used as the payload in software exploiting. Other usages are in malwares, bypassing anti viruses, obfuscated codes and etc.<br />
<br />
<br />
======Usage of Obfuscate Codes======<br />
<br />
<br />
Can be used for bypassing antiviruses, code protections, same stuff etc … <br />
<br />
<br />
======Why use OWASP ZSC ?======<br />
<br />
<br />
According to other shellcode generators such as Metasploit tools and etc, OWASP ZSC using new encodes and methods which antiviruses won't detect. OWASP ZSC encoders are able to generate shell codes with random encodes that allows you to generate thousands of new dynamic shell codes with the same job in just a second, it means you will not get the same code if you use random encodes with the same commands, and that makes OWASP ZSC one of the best! <br />
OWASP ZSC can generate shellcode for Linux and Windows _x86<br />
Upcoming features will allow generating shellcodes for OSX <br />
And new encodes for the code obfuscation.<br />
<br />
======User Guides======<br />
<br />
To run '''OWASP ZSC''', You need to install python `2.x|3.x` on your operation system `Windows|Linux|OSX`, Then it could be run directly with executing `zsc.py` or run the software after you installed it! To see the user manuals, Please follow the next steps!<br />
<br />
<br />
======Generating Shellcode======<br />
<br />
Via `zsc` command, you are able to enter the software [or run python zsc.py if you don’t want to install it], Then you can have a list of menu with entering `help`. You can have your choices with pressing `tab` key on each step. To generate shellcode, you have to type `shellcode` and then press enter, after that, you can see what’s available in `shellcode` section. There is `generate` , `search` and `download` choices in here which use for `generate shellcodes`, `search` and `download` shellcode from shellstorm. To generate a shellcode, type `generate` and press enter, after that with a `tab` key, you can have list of operation systems available in there. With pressing `tab` key again, functions will be shown for you in this step [ such as `exec` ,`systm`,`write` and `etc`]. choose your function by writing the name `example: exec` and press inter. In the next section you have to fill the argv of function which exec() function have one `example: exec("/bin/bash")`, all you need in this section is pressing a `tab` and then `enter` key, software will automatically ask you for function argv. Fill them and next section software will ask you for shellcode type which can be `none` or choose one of listed encoding types. After entering that, your shellcode is ready!<br />
There is one more way to have a shellcode from software, which is using shellstorm API. Following the `shellcode`, and then `search` commands to search for a shellcode. After that shellcodes will be listed for you with title name , ID and etc. you can download them with following `shellcode` and then `download` command to download them with the ID which shown to you in the past section! For canceling each section, you can use `restart` command to restart the software and start new task!<br />
<br />
<br />
======Generating Obfuscate Code======<br />
<br />
With the following `obfuscate` command, you can begin the step for obfuscating a code. With a `tab` key , you can see the list of languages along with the obfuscating module ready. After choosing the language software will ask you for a filename which is a filename of file you want to obfuscate that! Next step software will ask you for encode type. With a `tab` key list the encode modules and choose your encode name. your file rewrited and converted to a obfuscate with encode type you chosen. And do not worry about your original code, it’s saved in file as a comment!<br />
<br />
Please click '''[https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc HERE]''' to read more!<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
'''Installation'''<br />
Go to download page, and download last version in github. Extract and run installer.py, then you are able to run software with OWASP ZSC command or you can directly execute zsc.py without installing it.or you can follow these commands to install the last version:<br />
<br />
<pre><nowiki>wget https://github.com/Ali-Razmjoo/OWASP-ZSC/archive/master.zip -O owasp-zsc.zip && unzip owasp-zsc.zip && <br />
rm -rf owasp-zsc.zip && mv OWASP-ZSC-master owasp-zsc && cd owasp-zsc && python installer.py</nowiki></pre><br />
<br />
<br />
http://zsc.z3r0d4y.com/images/Snapshot_2015-07-27_114843.png<br />
<br />
<br />
'''Note''': Software could be '''uninstall''' with executing '''uninstaller.py'''<br />
<br />
'''Note''': Software installation directory is "'''/usr/share/owasp-zsc'''"<br />
<br />
'''Note''': <strong>OWASP ZSC</strong> Tool could be execute on <strong>Linux</strong> and <strong>Python 2.7.x </strong>is required.<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>August, 2016, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Develop future [http://zsc.z3r0d4y.com/table.html features] list , Add Operation Systems and new encode types<br />
* Planing for activate features<br />
* Build ZSC API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the ZSC Tool Project provide feedback<br />
* Incorporate feedback into changes in the Tool Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
OWASP ZSC could be improving with handling module [http://zsc.z3r0d4y.com/table.html features]. MVP of this project is build and active the first module which could be usable to generate/encode Shellcode which already some of them [modules] activated.<br />
<br />
Highest usage of OWASP ZSC Tool could be when users are able to use all [http://zsc.z3r0d4y.com/table.html features] with best User Interface and <strong>API</strong> performance.<br />
https://www.owasp.org/images/3/33/Zsc.png<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject={{FULLPAGENAMEE}}&body={{FULLPAGENAMEE}}:%0A{{fullurle:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u={{fullurle:{{FULLPAGENAME}}}}&t={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}} }}]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url={{fullurle:{{FULLPAGENAME}}}}&title={{urlencode:{{FULLPAGENAME}}}}]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status={{fullurle:{{FULLPAGENAME}}}}|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u={{fullurle:{{FULLPAGENAME}}}}]]</span><br />
</div><br />
<br />
==Developers==<br />
Architect & Creator: Ali Razmjoo<br />
* Pratik Patel (Google Summer of Code student 2016)<br />
* Akash Trehan (CodeMaxx)<br />
* Paras Chetal (Google Summer of Code candidate 2016)<br />
* Hamid Samani (HAMIDx9)<br />
<br />
==Testers ==<br />
*Johanna Curiel<br />
*Brian Beaudry<br />
<br />
===Be an OWASP ZSC developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zscproject/OWASP-ZSC/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-zsc-tool-project@lists.owasp.org mail us]. do not forget to register on our [https://lists.owasp.org/mailman/listinfo/owasp-zsc-tool-project mailing list].<br />
<br />
'''AND DON'T FORGET TO READ [https://github.com/Ali-Razmjoo/OWASP-ZSC/tree/master/doc DEVELOPERS DOCUMENTS]'''<br />
<br />
Also this [https://www.gitbook.com/book/ali-razmjoo/owasp-zsc/details GitBook]<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_ZSC_Tool_Project}}<br />
<br />
<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] [[Category:OWASP_Breakers]] [[Category:OWASP_Code]] [[Category:OWASP_Tool]] [[Category:OWASP_Download]] [[Category:Shellcode]]</div>Ali Razmjoohttps://wiki.owasp.org/index.php?title=OWASP_Nettacker&diff=240117OWASP Nettacker2018-04-20T18:41:55Z<p>Ali Razmjoo: </p>
<hr />
<div>=Main=<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
<div style="width:100%;height:160px;border:0,margin:0;overflow: hidden;">[[File:OWASP_Project_Header.jpg|link=]]</div><br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-<br />
| valign="top" style="border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
==OWASP Nettacker Project==<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Donate to OWASP Nettacker''' {{#widget:PayPal Donation |target=_blank |budget=OWASP Nettacker }}<br />
====What is OWASP Nettacker ?====<br />
https://www.owasp.org/images/1/1a/Nettacker_Demp.png<br />
<br />
'''OWASP Nettacker''' is an open source software in Python language which lets you '''automated penetration testing''' and '''automated Information Gathering'''. This software can be run on Windows/Linux/OSX under Python.<br />
<br />
==Description==<br />
Nettacker project was created to automated for information gathering, vulnerability scanning and eventually generating a report for networks, including services, bugs, vulnerabilities, misconfigurations, and information. This software is able to use SYN, ACK, TCP, ICMP and many other protocols to detect and bypass the Firewalls/IDS/IPS and devices. By using a unique solution in Nettacker to find protected services such as SCADA We could make a point to be one of the bests of scanners.<br />
<br />
====DISCLAIMER====<br />
This tool is related to IT, Hacking, Programming, and Computer|Network|Software Security. The word “Hack”, "Pen testing",“Hacking” that is used on these project pages shall be regarded as “Ethical Hack” or “Ethical Hacking” respectively. This is not a tool that provides any illegal information.We do not promote hacking or software cracking. All the information provided on these pages is for educational purposes only.<br />
<br />
The authors of this tool are not responsible for any misuse of the information.You shall not misuse the information to gain unauthorized access and/or write malicious programs.This information shall only be used to expand knowledge and not for causing malicious or damaging attacks.You may try all of these techniques on your own computer at your own risk.Performing any hack attempts/tests without written permission from the owner of the computer system is illegal.<br />
<br />
IN NO EVENT SHALL THE CREATORS, OWNER, OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.<br />
<br />
<br />
==== Features ====<br />
<br />
'''IoT Scanner'''<br><br />
Python Multi-Thread & Multi Process Network Information Gathering Vulnerability Scanner<br><br />
Service and Device Detection ( SCADA, Restricted Areas, Routers, HTTP Servers, Logins and Authentications, None-Indexed HTTP, Paradox System, Cameras, Firewalls, UTM, WebMails, VPN, RDP, SSH, FTP, TELNET Services, Proxy Servers and Many Devices like Juniper, Cisco, Switches and much more… )<br><br />
Network Service Analysis<br><br />
Services Brute Force Testing<br><br />
Services Vulnerability Testing<br><br />
HTTP/HTTPS Crawling, Fuzzing, Information Gathering and …<br><br />
HTML and Text Outputs<br><br />
This project is at the moment in research and development phase and most of results/codes are not published yet.<br><br />
<br />
==Licensing==<br />
<br />
====Apache License Version 2.0, January 2004====<br />
<br />
The OWASP Nettacker is free to use and is licensed under the Apache 2 License. [https://github.com/zdresearch/OWASP-Nettacker/blob/master/LICENSE Click to see the full license]<br />
<br />
<br />
'''The OWASP Security Principles are free to use. In fact, it is encouraged!!!'''<br />
'' Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together.''<br />
<br />
The OWASP Security Principles are licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |<br />
<br />
== Project Leaders ==<br />
* [https://www.owasp.org/index.php/User:Ali_Razmjoo Ali Razmjoo]<br />
* [https://www.owasp.org/index.php/User:Rezasp Mohammad Reza Espargham]<br />
* [mailto:johanna.curiel@owasp.org Johanna Curiel]<br />
<br />
== Contributors & Main Developers ==<br />
<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [mailto:harsha010@outlook.com Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
* [mailto:mahdirasouli007@gmail.com Mahdi Rasouli]<br />
* [mailto:shaddygarg1@gmail.com Shaddy Garg]<br />
* [mailto:pradeepjairamani22@gmail.com Pradeep Jairamani]<br />
* [mailto:timonalma81@gmail.com Tikam Singh Alma]<br />
<br />
== Links ==<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker on Github]<br />
* [https://groups.google.com/forum/#!forum/owasp-nettacker Mailing List]<br />
* [http://nettacker.z3r0d4y.com/ OWASP Nettacker Home]<br />
<br />
== Be an OWASP Nettacker Developer ==<br />
* [https://www.owasp.org/index.php/OWASP_Nettacker#Developers Quick Developing Help]<br />
<br />
==Related links==<br />
*[https://github.com/zdresearch/OWASP-Nettacker Github]<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE --><br />
| valign="top" style="padding-left:25px;width:200px;" |<br />
<br />
== Quick Download ==<br />
<br />
[https://github.com/zdresearch/OWASP-Nettacker Github Page.]<br />
<br />
[Download Page.]<br />
<br />
* [https://github.com/zdresearch/OWASP-Nettacker/zipball/master .zip file.]<br />
* [https://github.com/zdresearch/OWASP-Nettacker/tarball/master .tgz file.]<br />
<br />
== News and Events ==<br />
<br />
* [https://groups.google.com/forum/#!topic/owasp-nettacker/3gscDww2sf4 OWASP Nettacker was introduced in OFFSECONF 2017]<br />
* OWASP Nettacker Accepted for Google Summer of Code 2018 [[https://www.owasp.org/index.php/GSOC2018_Ideas 1]]<br />
<br />
== Docs ==<br />
* [https://github.com/zdresearch/OWASP-Nettacker/wiki Wiki].<br />
<br />
<br />
==Classifications==<br />
<br />
{| width="200" cellpadding="2"<br />
|-<br />
| rowspan="2" align="center" valign="top" width="50%" | [[File:New projects.png|100px|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]<br />
| align="center" valign="top" width="50%" | [[File:Owasp-breakers-small.png|link=]] <br />
|-<br />
|<br />
|-<br />
| <br />
|-<br />
| colspan="2" align="center" | [[File:Project_Type_Files_TOOL.jpg|link=]] <br />
|}<br />
<br />
|}<br />
<br />
=FAQs=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
To see full guides please visit our [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki page].<br />
<br />
<br />
=Requirement / Installation=<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
'''Installation'''<br />
You can install OWASP Nettacker by using pip install -r requirements.txt && python setup.py install. In the feature, you will be able to install this tools from PyPi library by pip install OWASP-Nettacker (It's not available yet!). After the installation, you can run the software by using the nettacker command line on Windows, Mac OS X, Linux.<br />
<br />
<br />
= Road Map and Getting Involved =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
==Roadmap==<br />
As of <strong>October, 2017, the highest priorities for the next one year</strong> are:<br />
<strong><br />
* Planning for activating features<br />
* Build Nettacker API<br />
* Find developers to get better performance, quality, optimizing and best improvement in minimum possible time<br />
* Get other people to review the OWASP Nettacker Project provide feedback<br />
* Incorporate feedback into changes in the Project and the features<br />
* Keep test, developing and updating with best new methods<br />
* Build and update documents in several languages for developers/users guiding <br />
</strong><br />
<br />
Subsequent Releases will add<br />
<strong><br />
* Internationalization Support<br />
* Additional Unit Tests<br />
* Automated Regression tests<br />
</strong><br />
<br />
=Minimum Viable Product=<br />
<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
<br />
<br />
= Developers =<br />
<div class="plainlinks"><br />
'''Share this:'''&nbsp;<br />
<span title="Share via e-mail" class="plainlinks">[[File:social-email.png|E-mail this story|link=mailto:?subject=OWASP_Nettacker&body=OWASP_Nettacker:%0Ahttps://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
<span title="Share on Facebook">[[File:social-facebook.png|Bookmark with Facebook|link=http://www.facebook.com/sharer.php?u=https://www.owasp.org/index.php/OWASP_Nettacker&t=OWASP+Nettacker]]</span><br />
<span title="Share on Digg">[[File:social-digg.png|Share on Digg.com|link=http://digg.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on delicious">[[File:social-delicious.png|16px|Share on delicious|link=http://delicious.com/post?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on reddit">[[File:social-reddit.png|Share on reddit.com|link=http://reddit.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on StumbleUpon">[[File:social-stumbleupon.png|16px|Share on stumbleupon.com|link=http://stumbleupon.com/submit?url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on LinkedIn">[[File:social-linkedin.png|16px|Share on LinkedIn.com|link=http://www.linkedin.com/shareArticle?mini=true&url=https://www.owasp.org/index.php/OWASP_Nettacker&title=OWASP+Nettacker]]</span><br />
<span title="Share on Twitter">[[File:social-twitter.png|alt=Share on twitter.com|link=http://twitter.com/?status=https://www.owasp.org/index.php/OWASP_Nettacker|Share on twitter.com]]</span><br />
<span title="Seed on Newsvine">[[File:social-newsvine.png|16px|Seed on Newsvine|link=http://www.newsvine.com/_wine/save?popoff=1&u=https://www.owasp.org/index.php/OWASP_Nettacker]]</span><br />
</div><br />
<br />
== Project Leaders ==<br />
* Ali Razmjoo<br />
* Mohammad Reza Espargham<br />
<br />
== Contributors ==<br />
* [mailto:behzadan@ksu.edu Vahid Behzadan]<br />
* [mailto:mojtaba6892@gmail.com Mojtaba MasoumPour]<br />
* [mailto:ehsan.empire1@gmail.com Ehsan Nezami]<br />
* [https://github.com/camel32bit camel32bit]<br />
* [mailto:sha.ravindra1307@gmail.com Ravindra Sharma]<br />
* [https://github.com/avhvr Harshavardhan Reddy]<br />
* [mailto:pandkhahiarian@gmail.com ArianPH]<br />
* [mailto:om.mo1375@gmail.com omdmhd]<br />
<br />
===Be an OWASP Nettacker developer===<br />
<br />
Developers can add new features and if you don’t have an idea but like to develop, you can submit the issue, which software needs to be fix/add/done in [https://github.com/zdresearch/OWASP-Nettacker/issues HERE].<br />
<br />
After fix/add or develop something, please send your pull request and remember that your code must be compatible with python2 and python3.<br />
If you have any question you can open an issue or just [mailto:owasp-nettacker@googlegroups.com mail us]. do not forget to register on our [https://groups.google.com/forum/#!forum/owasp-nettacker mailing list].<br />
<br />
=Project About=<br />
<br />
<br />
{{:Projects/OWASP_Nettacker_About_Page}}<br />
<br />
Please check the project [https://github.com/zdresearch/OWASP-Nettacker/wiki wiki] on Github.<br />
<br />
[[File:2018-01-19 0-45-07.gif|OWASP Nettacker Demo]]<br />
<br />
<br />
<!-- DO NOT ALTER OR REMOVE THE TEXT ON NEXT LINE -->__NOTOC__ <headertabs /> <br />
<br />
[[Category:OWASP Project]] <br />
[[Category:OWASP_Breakers]] <br />
[[Category:OWASP_Code]] <br />
[[Category:OWASP_Tool]] <br />
[[Category:OWASP_Download]] <br />
[[Category:Shellcode]]</div>Ali Razmjoo