This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Pyttacker Project"

From OWASP
Jump to: navigation, search
Line 20: Line 20:
  
 
==Licensing==
 
==Licensing==
OWASP Pyttacker is free to use. It is licensed under [http://www.gnu.org/licenses/agpl-3.0.html] AGPL 3.0, so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+
OWASP Pyttacker is free to use. It is licensed under GNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)
  
  
Line 41: Line 41:
  
  
== Related Projects ==
+
== Supporters ==
  
* [[OWASP_CISO_Survey]]
+
* [https://www.owasp.org/index.php/Costa_Rica OWASP Costa Rica]
 +
* [https://www.roblest.com RoblesT.com]
  
  
Line 52: Line 53:
  
 
* [https://github.com/RoblesT/pyttacker/archive/master.zip Download]
 
* [https://github.com/RoblesT/pyttacker/archive/master.zip Download]
* GitHub:
+
* [https://github.com/RoblesT/pyttacker GitHub]:
 
<pre>
 
<pre>
 
git clone https://github.com/RoblesT/pyttacker.git
 
git clone https://github.com/RoblesT/pyttacker.git
Line 58: Line 59:
 
[https://github.com/RoblesT/pyttacker/wiki Manual and How-to]
 
[https://github.com/RoblesT/pyttacker/wiki Manual and How-to]
  
== News and Events ==
+
== Timeline ==
 
* [25 March 2014] Project created
 
* [25 March 2014] Project created
 
* [26 April 2014] New Alpha made public
 
* [26 April 2014] New Alpha made public
Line 79: Line 80:
  
 
=FAQs=
 
=FAQs=
 +
Have questions ?
  
; Q1
+
[mailto:mario.robles@owasp.org Send a message] or [https://lists.owasp.org/mailman/listinfo/owasp_pyttacker_project Subscribe]
: A1
+
; How to get?
 +
: Download it [https://github.com/RoblesT/pyttacker/archive/master.zip Here] or follow the instructions [https://github.com/RoblesT/pyttacker/wiki Here]
 +
 
 +
; How to install?
 +
: It is portable, no installation is required for using it
 +
 
 +
; Where can I use it?
 +
: The tool is coded in Python and has been tested on Linux (Ubuntu, Kali, Samurai), MAC and Windows
  
; Q2
 
: A2
 
  
 
= Acknowledgements =
 
= Acknowledgements =
Line 91: Line 98:
  
 
* Mario Robles
 
* Mario Robles
[mailto:mario.robles@owasp.org Join us !] or [ https://lists.owasp.org/mailman/listinfo/owasp_pyttacker_project Subscribe]
+
[mailto:mario.robles@owasp.org Join us !] or [https://lists.owasp.org/mailman/listinfo/owasp_pyttacker_project Subscribe]
  
 
= Road Map and Getting Involved =
 
= Road Map and Getting Involved =

Revision as of 20:51, 26 April 2014

OWASP Project Header.jpg

OWASP Pyttacker Project

The OWASP Pyttacker Project is a portable Web Server that include the features needed for every Pentester when creating reports, helping to create PoCs that show a more descriptive way to create awareness to the businesses by demonstrating realistic but inoffensive "attacks" included as part of the tool.

Introduction

Most of the time is spent on finding the bad stuff during a Web PenTest, reports are time consuming and you need to deliver your results as soon as possible, however in the end the one that will need to fix the issue (or push others to do it) will need to really understand the impact of the findings included in a report. When you show raw Database data from a SQLi it's very visible for your costumer that the impact is High, however when the finding need some other factors the impact become more complicated to be demonstrated to non technical people, just a request and response is not enough and how long are you willing to take in order to create a nice screenshot for being included in your report.

What about using "something" that is the server you mention as 'evil.com' that can be used by the bad guys against your costumer's company, even better if you know that the evil server is not that "evil" and you can validate, modify or disable it's contents, would be nice to have "something" for creating nice screen-shots, what about reproducing the finding during that meeting when your are trying to show the impact of your findings, not just a pop-up alert for XSS, what if you show an inoffensive but scaring partial defacement or a javascript keylogger in action.

If you agree then Pyttacker will be an interesting tool for you


Licensing

OWASP Pyttacker is free to use. It is licensed under GNU GPL v3 License (allows commercial use, but requires that modifications to your code stay open source, thus prohibiting proprietary forks of your project)


What is the OWASP Pyttacker Project?

Key characteristics:

  • Minimal requirements (Just Python and a Web Browser)
  • Cross-platform
  • Portable
  • Easy Plug-ins Implementation
  • Easy to use


Project Leader

Mario Robles


Supporters

Quick Download

git clone https://github.com/RoblesT/pyttacker.git

Manual and How-to

Timeline

  • [25 March 2014] Project created
  • [26 April 2014] New Alpha made public

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files TOOL.jpg

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Pyttacker_Project&oldid=173569"