This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Basic Expression & Lexicon Variation Algorithms (BELVA) Project

From OWASP
Revision as of 19:34, 31 March 2016 by Kenb (talk | contribs)

Jump to: navigation, search

OWASP Basic Expression & Lexicon Variation Algorithms (BELVA) ProjectTool Project

This project is a custom dictionary builder. Often times when pen-testing there are words that are specific to the organization being tested that are not usually found in the large wordlists. Two examples are the name of the organization under assessment or vertical/industry specific keywords associated with the organization. The current tools found generate either too much data per word or were difficult to configure/customize.

Description

This project gives the end user the ability to import data from proxies such as ZAP and burp, substitute letters/numbers/special characters in any given combination, apply policies to select and remove words to fit the organization specific password policies as well as write plugins for extendability. The app also allows the pen tester to create custom username based on policy.

OwaspBELVAv0.1.png

Licensing

This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>.

Any contributions are Copyright © by Kenneth F. Belva or OWASP 2016.

Download Project

Source Code

Project Leader

Kenneth F. Belva

Note: This project is dedicated to my dad.

Get Involved

  • Contribute Plugins!

Classifications

Project Type Files TOOL.jpg
Incubator Project Owasp-builders-small.png
Owasp-defenders-small.png
General Public License 3.0

News and Events

  • [21 March 2016] First Alpha Release

To participate, please contact Kenneth F. Belva (the Project Leader) for more information. More FAQs to come over time....

How can I participate in your project?

All you have to do is make the Project Leader's aware of your available time to contribute to the project. It is also important to let the Leader's know how you would like to contribute and pitch in to help the project meet it's goals and milestones. There are many different ways you can contribute to an OWASP Project, but communication with the leads is key.

If I am not a programmer can I participate in your project?

Yes, you can certainly participate in the project if you are not a programmer or technical. The project needs different skills and expertise and different times during its development. Currently, we are looking for researchers, writers, graphic designers, and a project administrator.

How to import burp xml files for org specific content

To be written soon and/or video posted.

How to import ZAP raw files for org specific content

To be written soon and/or video posted.

How to create user id combinations

To be written soon and/or video posted.

How to write a plugin

To be written soon and/or video posted.


Contributors

The success of OWASP is due to a community of enthusiasts and contributors that work to make our projects great. This is also true for the success of your project. Be sure to give credit where credit is due, no matter how small! This should be a brief list of the most amazing people involved in your project. Be sure to provide a link to a complete list of all the amazing people in your project's community as well.

The OWASP Tool Project Template is developed by a worldwide team of volunteers. A live update of project contributors is found here.

The first contributors to the project were:

  • Colin Watson who created the OWASP Cornucopia project that the template was derived from
  • Chuck Cooper who edited the template to convert it from a documentation project to a Tool Project Template
  • YOUR NAME BELONGS HERE AND YOU SHOULD REMOVE THE PRIOR 3 NAMES

To Do

  1. Word selection / automated weighing of which words to use
  2. Interface improvements: better responsiveness
  3. Multi-Threading from interface
  4. Non-GUI version that directs output to stdout
  5. Expand functionality and add more plug-ins
    • Additional permutation dictionaries
    • Additional applied and removal policies
    • Additional username creation policies
  6. Other types of permutations that just usernames and passwords??? (i.e., email addresses, sub-domain names)

Getting Involved

Fork the code on git and contribute! :)

This page is where you need to place your legacy project template page if your project was created before October 2013. To edit this page you will need to edit your project information template. You can typically find this page by following this address and substituting your project name where it says "OWASP_Example_Project". When in doubt, ask the OWASP Projects Manager. Example template page: https://www.owasp.org/index.php/Projects/OWASP_Example_Project


PROJECT INFO
What does this OWASP project offer you? 		RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: N/A
Purpose: N/A
License: N/A
who is working on this project?
Project Leader(s): N/A
how can you learn more?
Project Pamphlet: Not Yet Created
Project Presentation:
Mailing list: N/A
Project Roadmap: Not Yet Created
Key Contacts
  • Contact the GPC to contribute to this project
  • Contact the GPC to review or sponsor this project
current release
pending
last reviewed release
pending


other releases

Retrieved from "https://wiki.owasp.org/index.php?title=OWASP_Basic_Expression_%26_Lexicon_Variation_Algorithms_(BELVA)_Project&oldid=212248"