This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
OWASP Mth3l3m3nt Framework Project
Mth3l3m3nt Framework ProjectThe purpose of this project is to provide a platform to enable more flexible testing especially in aspects regarding to web security and the OWASP top 10 threats to web applications. This will enable free and opensource collaboration, being a web based tool, it is intended to make offensive security on the web easier and more efficient as it leverages on existing technologies with few dependencies. It is built on purely opensource components. It is intended to build up to a fully fledged web penetration testing framework with extensibility for zero day exploits in minutes to users.
DescriptionThis project is aimed at creating a more flexible offensive security tool for use anywhere with need for minimal resources especially when it comes to reconnaisance and web assessments. This section must include a shorter description of what the project is, why the project was started, and what security issue is being helped by the project deliverable. This description will be used to promote the project so make sure the description represents your project in the best way possible. Although this is a sample template, the project is real! Please contribute to this project. Over the course of my career, I have come across and collected a number of security aphorisms. These aphorisms constitute the fundamental principles of information security. None of the ideas or truths are mine, and unfortunately, I did not collect the citations. Initially, I would like to identify the correct citations for each aphorism. Additionally, many are re-statements of the same idea; thus, the 'collection of ideas' defines a fundamental principle. As such, I would also like to reverse engineer the principles from the aphorisms where appropriate, as well. LicensingGNU AGPL v3 License A project must be licensed under a community friendly or open source license. For more information on OWASP recommended licenses, please see OWASP Licenses. While OWASP does not promote any particular license over another, the vast majority of projects have chosen a Creative Commons license variant for documentation projects, or a GNU General Public License variant for tools and code projects. The OWASP Security Principles are free to use. In fact it is encouraged!!! Additionally, I also encourage you to contribute back to the project. I have no monopoly on this knowledge; however, we all have pieces of this knowledge from our experience. Let's begin by putting our individual pieces together to make something great. Great things happen when people work together. The OWASP Mth3l3m3nt Framework is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one. |
What is OWASP Mth3l3m3nt Framework Project?Here you should add a short description of what your project actually does. What is the primary goal of your project, and why is it important? The end goal is to identify, cite, and document the fundamental principles of information security. Once this is well organised, I think it would be great to publish this through the OWASP Press. Of course, it will always remain freely available, and any money collected will go directly into the project to absorb costs with any remaining funds going to the OWASP Foundation. This document should serve as a guide to technical architects and designers outlining the fundamental principles of security. PresentationThis is where you can link to slide presentations related to your project.
Project LeaderCurrently already available is the source code ready for download and use. Working on sample videos for it and a PDF document on usage. The project is envisioned to become a fully fledged security tool to test the OWASP top 10. Currently milestones achieved are, a web bot commander over http to enable post-exploitation more easily, a shell generator , a payload store and an LFI , RFI exploiter. a web request service similar to hurl.it , and payload encoder and decoder. It is envisioned to be enabled to test and exploit all the OWASP top 10 vulnerabilities with ease and scalability. for instance currently developing an LFI exploit takes around 6 lines of code in the framework making it quite efficient even for zero day's along the same lines. This is envisioned to be the same principle followed throughout the project.
Related Projects
Quick DownloadThe home of the OWASP Mth3l3m3nt Framework is on GitHub. You are encouraged to fork, edit and push your changes back to the project through git or edit the project directly on github. However, if you like you may also download the master repository from the following links:
Classifications |
How can I participate in your project?
All you have to do is make the Project Leader(s) aware of your available time to contribute to the project. It is also important to let the Leader(s) know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.
If I am not a programmer can I participate in your project?
Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently the most important aspects though would be along, graphics and UX design as well as researchers etc. Any Ideas are welcome to participate in the project.
Contributors
The OWASP Mth3l3m3nt Framework project is developed by a worldwide team of volunteers. A live update of project contributors is found here. We can't forget the great support of the Africahackon team as this began to take flight and for testing some of its aspects.
The first contributors to the project were:
Currently the project is looking at adding additional features and maybe ensure a more scalable design to ensure it meets the requirements set out. Some of the key things in the near future to be covered include:
- Developing an efficient crawler
- Creating a more responsive User interface
- Summing up Documentation and Use cases for the current version
- Adding modules for storage of security assessment information as well as SQL injection exploitation
Involvement in the development and promotion of the OWASP Mth3l3m3nt Framework Project is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:
- Helping find references to some new exploits.
- Project administration support.
- Wiki editing support.
- Writing documentation for its use.
- Bringing in fresh design principles from a UX perspective