This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "ORG (OWASP Report Generator)"
Medelibero (talk | contribs) (→Getting setup for an assessment) |
Medelibero (talk | contribs) (→Getting setup for an assessment) |
||
| Line 41: | Line 41: | ||
You can now type in the pertinent information about your project. After that you are ready to identify your targets and start attacking (i.e. the fun part!). | You can now type in the pertinent information about your project. After that you are ready to identify your targets and start attacking (i.e. the fun part!). | ||
| + | |||
| + | |||
| + | '''Step 3)''' Next click on the targets tab, this will allow you to define the targets for your assessment. Below is a screen shot of an example of a target during an assessment. | ||
| + | |||
| + | [[Image:Org_target_ss.jpg]] | ||
| + | |||
| + | The above area gives you the logistics of the target things like name, IP(s), the type of target and common dns names. The bottom area allows you to put files related to the target. | ||
| + | |||
| + | |||
| + | You can also import in targets from an NMap scan if you use the xml output file option. To do import targets click the “Import Targets” button and select the saved scan. | ||
== ORG Active Developers == | == ORG Active Developers == | ||
Revision as of 04:05, 27 November 2006
The ORG (OWASP Report Generator) is a tool for Security Consultants that supports the documentation and reporting of security vulnerabilities discovered during security audits.
The project leader for this project is Dinis Cruz with strong contributions from Mike de Libero. Mike is currently sponsored under an OWASP Autumn of Code 2006 sponsorship to work on ORG.
Downloads
The source code for latest stable version can be downloaded from here (updated on 11/1/2006): Report Generator Source
This project is in active development and the latest version can be obtained from Google SVN
Instructions for using the zip file
1) Unzip the files
2) Run regAuthenticPlugin.bat to register the AuthenticPlugin
3) Open the solution in VS.Net 2k5. You can use any version of VS but the primary version used for development is the express edition.
4) More than likely you need to modify the references area to use the local files for [IxInterop|AxInterop].XMLSPYPLUGIN.
5) Then try and compile and you should be good to go. If not contact Mike and we will work with you to get it all straightened out and so we can adjust this process.
ORG Development
The current version under development is v0.86 and you can see the change log here: ORG (Owasp Report Generator) - Change Log
The current Todo is here: [[ORG (Owasp Report Generator) - To Do
Getting setup for an assessment
Step 1) Create a profile for you to use on your computer. You can do this on the first screen that will be encountered when running ORG.
Once the information has been inputted click on “Start Pen Test Reporter” and you are ready to start adding new projects.
Step 2) The next step is to create a project. With the “Current and Archived Projects” window open make sure that the project metadata tab is selected. From there in the lower left hand corner you will see an area to type in a new project and then click “Add”. You will then see a window like the one below.
You can now type in the pertinent information about your project. After that you are ready to identify your targets and start attacking (i.e. the fun part!).
Step 3) Next click on the targets tab, this will allow you to define the targets for your assessment. Below is a screen shot of an example of a target during an assessment.
The above area gives you the logistics of the target things like name, IP(s), the type of target and common dns names. The bottom area allows you to put files related to the target.
You can also import in targets from an NMap scan if you use the xml output file option. To do import targets click the “Import Targets” button and select the saved scan.
ORG Active Developers
- ORG (Owasp Report Generator) - Mike de Libero
- ORG (Owasp Report Generator) - Dinis Cruz
- ORG (Owasp Report Generator) - Zi Jin
Other related [OWASP .Net Project Downloads]
