This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "OWASP Mantra - Security Framework"

From OWASP
Jump to: navigation, search
 
(102 intermediate revisions by 4 users not shown)
Line 1: Line 1:
==== Main ====
+
=Main=
  
= Overview  =
+
<div style="width:100%;height:90px;border:0,margin:0;overflow: hidden;">[[File: lab_big.jpg|link=OWASP_Project_Stages#tab.3DLab_Projects]]</div>
  
[[Image:OWASP Mantra Security Framework.jpg|right|200px|OWASP Mantra Security Framework.jpg]]<br>
+
{| style="padding: 0;margin:0;margin-top:10px;text-align:left;" |-
 +
| valign="top"  style="border-right: 1px dotted gray;padding-right:25px;" |
  
*Mantra is a collection of free and open source tools integrated into a web browser, which can become handy for students, penetration testers, web application developers,security professionals etc. It is portable, ready-to-run, compact and follows the true spirit of free and open source software.
+
==OWASP Mantra - Security Framework==
*Mantra is lite, flexible, portable and user friendly with a nice graphical user interface. You can carry it in memory cards, flash drives, CD/DVDs, etc. It can be run natively on Linux, Windows and Mac platforms. It can also be installed on to your system within minutes. Mantra is absolutely free of cost and takes no time for you to set up.
 
  
= Project Goals  =
+
* A web application security testing framework built on top of a browser.
 +
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
 +
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.
 +
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
 +
* Comes installed with major security distributions including BackTrack and Matriux
  
#Create an ecosystem for hackers based on browser
+
==Introduction==
#To bring the attention of security people to the potential of a browser based security platform
 
#Provide easy to use and portable platform for demonstrating common web based attacks( read training )
 
#To associate with other security tools/products to make a better environment. Eg:
 
##It can be a nice addition to security distribution OSs like OWASP Live CD
 
##It can be used to solve basic levels of CTF contests
 
##It can associate with projects like DVWA to showcase attacks
 
##It can bring functions like crawler, SQL injection scanner etc by installing extensions.
 
  
= Main Links  =
+
Free and Open Source Browser based Security Framework
  
'''[http://getmantra.com/download/index.html Download Mantra - Security Framework]'''<br>
 
  
*[http://www.youtube.com/watch?v=GBFxVAM3DLQ Conference Video 1]
+
==Description==
*[http://www.youtube.com/watch?v=bKACEDWKeyM Conference Video 2]
 
*[http://www.youtube.com/watch?v=qpVHWVOPHTk Conference Video 3]
 
  
*[http://chmag.in/article/feb2011/mantra-%E2%80%93-free-and-open-source-security-framework Article/Publication ]
+
Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to  know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.
  
<br>
+
Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.
  
==== Tools  ====
 
Mantra is a powerful set of tools to make the attacker's task easier. The beta version of Mantra Security Toolkit contains following tools built onto it. Moreover Mantra follows the guidelines and structure of [http://firecat.fr/ FireCAT ] which makes it even more accessible. You can also always suggest any tools/ scripts that you would like see in the next release.
 
  
''
+
==Licensing==
+'''Information Gathering'''<br/>
+
OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.
+'''Whois'''<br/>
 
-''Flagfox''<br/>
 
+'''Location Info'''<br/>
 
-''Flagfox''<br/>
 
+'''Enumeration and Fingerprint'''<br/>
 
-''Host Spy''<br/>
 
-''JSView''<br/>
 
-''PassiveRecon''<br/>
 
-''View Dependencies''<br/>
 
-''Wappalyzer''<br/>
 
+'''Data Mining'''<br/>
 
-''People Search Engine''<br/>
 
-''Facebook search''<br/>
 
+'''Editors'''<br/>
 
-''Cert Viewer Plus''<br/>
 
-''Firebug''<br/>
 
-''JSView''<br/>
 
  
+'''Network Utilities'''<br/>
 
+'''Protocols and applications'''<br/>
 
+'''FTP'''<br/>
 
-''Fire FTP''<br/>
 
+'''DNS'''<br/>
 
-''DNS Cache''<br/>
 
+'''SQL'''<br/>
 
-''SQLite Manager''<br/>
 
+'''Sniffers'''<br/>
 
-''HTTP Fox''<br/>
 
+'''Password'''<br/>
 
-''CryptoFox 2.0''<br/>
 
  
+'''Misc'''<br/>
+
| valign="top"  style="padding-left:25px;width:200px;border-right: 1px dotted gray;padding-right:25px;" |
+'''Tweaks and Hacks'''<br/>
 
-''Greasemonkey''<br/>
 
+'''Scripts'''<br/>
 
-''Greasefir''<br/>
 
+'''Malware scanner'''<br/>
 
-''Web of Trust''<br/>
 
+'''Automation'''<br/>
 
-''iMacros''<br/>
 
+'''Others'''<br/>
 
-''CacheToggle 0.6''<br/>
 
-''URL Flipper''<br/>
 
+'''Application Auditing'''<br/>
 
-''Hackbar''<br/>
 
-''JavaScript Deobfuscator''<br/>
 
-''RESTClient''<br/>
 
-''Tamper Data''<br/>
 
-''Live HTTP Headers''<br/>
 
-''RefControl''<br/>
 
-''User Agent Switcher''<br/>
 
-''Web Developer''<br/>
 
-''DOM Inspector''<br/>
 
-''Inspect This''<br/>
 
-''Formfox''<br/>
 
+'''Exploit Me'''<br/>
 
-''Access Me''<br/>
 
-''SQL Inject Me''<br/>
 
-''XSS Me''<br/>
 
+'''Cookies'''<br/>
 
-''Cookies Manager+ 1.5.1''<br/>
 
-''Firecookie''<br/>
 
  
+'''Proxy'''<br/>
+
== What is OWASP Mantra? ==
-''FoxyProxy Standard 2.22.6''<br/>
 
-''HttpFox''<br/>''
 
  
 +
OWASP Mantra provides:
  
 +
* A web application security testing framework built on top of a browser.
 +
* Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
 +
* Can work with other software like [[OWASP_Zed_Attack_Proxy_Project|ZAP]] using built in proxy management function which makes it much more convenient.
 +
* Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
 +
* Comes installed with major security distributions including BackTrack and Matriux
  
==== News ====
 
  
{{:Projects/OWASP Mantra - Security Framework | News}}
+
== Presentation ==
  
==== Contributors ====
+
[http://www.owasp.org/index.php/File:OWASP_Mantra-An_Introduction.pptx Project Presentation 1] |
 +
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Project Presentation 2]
  
'''Project Leaders'''<br/>
 
Abhi M Balakrishnan<br/>
 
Yashartha Chaturvedi]<br/>
 
Gokul C Gopinath<br/><br/>
 
  
'''Other Members'''<br/>
+
== Project Leader ==
Gopu C Gopinath<br/>
 
Maximiliano Soler
 
  
==== Download  ====
+
[[User:Abhi_M_Balakrishnan|Abhi M Balakrishnan]] and
 +
[[User:Yashartha_Chaturvedi|Yashartha Chaturvedi]]
  
'''OWASP Mantra c0c0n 11 and AppSecLatam 11 Release ( 0.71 Beta )'''<br/>
 
  
{|
+
== Related Projects ==
|'''Platform'''
+
 
|'''Details'''
+
* [[OWASP Bricks]]
|'''Links'''
+
 
|-
+
== Ohloh ==
|'''Linux 32 bit'''
+
 
|MD5: 8e874e6d4e119111bf3dbcbe0f9a1c69
+
*https://www.ohloh.net/p/getmantra
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Linux%2032%20bit/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20i686%20Release.tar.bz2/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20i686%20Release.tar.bz2 Mirror 2] [http://burnbit.com/torrent/178063/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_i686_Release_tar_bz2 Torrent]
+
 
|-
+
| valign="top"  style="padding-left:25px;width:200px;" |
|'''Linux 64 bit'''
+
 
|MD5: d0ed8fce30a20ad907a97047985e8c05
+
== Quick Download ==
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Linux%2064%20bit/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20-%20x86_64.tar.bz2/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20-%20x86_64.tar.bz2 Mirror 2] [http://burnbit.com/torrent/178679/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_x86_64_tar_bz2 Torrent]
+
 
|-
+
* http://www.getmantra.com/owasp-mantra.html
|'''Windows'''
+
 
|MD5: 98517c9f61561d8c656a2d2436f2333d
+
== Email List ==
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Windows/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20Release.exe/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20Release.exe Mirror 2] [http://burnbit.com/torrent/178065/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_Release_exe Torrent]
+
 
|-
+
https://lists.owasp.org/mailman/listinfo/owasp-mantra
|'''Macintosh'''
+
 
|MD5: 949808a8f75fa0bcc5730cdcf73f7844
+
== News and Events ==
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Macintosh/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011.zip/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011.zip Mirror 2] [http://burnbit.com/torrent/178066/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_zip Torrent]
+
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/>
|-
+
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/>
|'''Source'''
+
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/>
|MD5: 6fdb5e9408261d741f24cb83df4b4066
+
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/>
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/c0c0n%2011%20and%20AppSecLatam%2011/Source/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20Release%20Source.7z/download Mirror 1] [http://getmantra.googlecode.com/files/OWASP%20Mantra%20-%20c0c0n%2011%20and%20AppSecLatam%2011%20Release%20Source.7z Mirror 2] [http://burnbit.com/torrent/178067/OWASP_Mantra_c0c0n_11_and_AppSecLatam_11_Release_Source_7z Torrent]  
+
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/>
 +
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/>
 +
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/>
 +
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/>
 +
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/>
 +
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/>
 +
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/>
 +
[https://www.owasp.org/index.php/OWASP_Mantra_-_Security_Framework#News More News and Events]
 +
 
 +
==Classifications==
 +
 
 +
  {| width="200" cellpadding="2"
 +
  |-
 +
  | align="center" valign="top" width="50%" rowspan="2"| [[File:Owasp-incubator-trans-85.png|link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Incubator_Projects]]
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-builders-small.png|link=]] 
 +
  |-
 +
  | align="center" valign="top" width="50%"| [[File:Owasp-defenders-small.png|link=]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Cc-button-y-sa-small.png|link=http://creativecommons.org/licenses/by-sa/3.0/]]
 +
  |-
 +
  | colspan="2" align="center"  | [[File:Project_Type_Files_CODE.jpg|link=]]
 +
  |}
 +
 
 
|}
 
|}
[[Category:OWASP_Download]]
 
  
  
==== Project About  ====
+
= Acknowledgements =
 +
==Volunteers==
 +
OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:
 +
 
 +
[[User:Gokul_C_Gopinath|Gokul C Gopinath]], [[User:Maximiliano_Soler|Maximiliano Soler]], [[User:Niraj T Mohite|Niraj Mohite]], [[User:Rahul Babu R|Rahul Babu R]], Gopu C Gopinath and Thomas Mackenzie
  
{{:Projects/OWASP Mantra - Security Framework | Project About}}
+
=News=
 +
[http://www.computerweekly.com/blogs/open-source-insider/2011/10/free-software-testing-on-usb-for-students-to-web-developers-with-mantra.html Computer Weekly Article]<br/>
 +
[http://getmantra.com/forums/Thread-owasp-mantra-c0c0n-11-and-appseclatam-11-release OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release]<br/>
 +
[http://www.ekoparty.org/2011/workshops/owasp-mantra-security-framework.php Mantra at Ekoparty Security Conference]<br/>
 +
[https://www.owasp.org/images/d/dc/OWASP-Mantra_BAires-Argentina.ppt Mantra at OWASP LatamTour - Buenos Aires, Argentina]<br/>
 +
Getting secure with Mantra: An open source penetration testing kit - 1. [http://www.computerworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss Computer World] 2. [http://www.cio.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ CIO] 3. [http://www.techworld.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/ Tech World] 4. [http://www.cso.com.au/article/392346/getting_secure_mantra_an_open_source_penetration_testing_kit/?uts_source=taxonomyfeed&utm_medium=rss CSO]<br/>
 +
[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 Searchsecurity Screencast]<br/>
 +
[http://getmantra.com/forums/Thread-mantra-in-matriux-upcoming-release-leaked Mantra in Matriux Security Distribution]<br/>
 +
[http://getmantra.com/forums/Thread-mantra-in-backtrack-5 Mantra in Backtrack 5 - Penetration Testing Distribution]<br/>
 +
[http://www.facebook.com/photo.php?fbid=185544081485201&set=a.170788249627451.33033.170787489627527&type=1&ref=nf Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag]<br/>
 +
[http://clubhack.com/2010/speakers/ ClubHACK 2010 Mantra release]<br/>
 +
[http://secpedia.net/wiki/OWASP_Mantra_Security_Framework OWASP Mantra page on Secpedia, the information security encyclopedia]<br/>
 +
[http://hack-tools.blackploit.com/2014/06/owasp-mantra-security-toolkit-browser.html  Article about OWASP Mantra on KitPloit]<br/>
 +
[http://osarena.net/logismiko/applications/mantra-enas-ekpliktikos-browser-asfalias.html Article about OWASP Mantra on OS Arena]<br/>
 +
[http://habrahabr.ru/post/125317/ OWASP Mantra was in the list of free and popular security tools on habrahabr.ru]<br/>
 +
[http://www.mundodoshackers.com.br/mantra-navegador-hacker-pentests Article about OWASP Mantra on Mundodoshackers]<br/>
 +
[http://korben.info/owasp-mantra.html Korben featured Mantra in 2011]<br/>
 +
[http://phpsp.org.br/index.php/mais-seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo]<br/>
 +
[http://imasters.com.br/infra/seguranca/seguranca-em-aplicacoes-web-com-php/ OWASP Mantra was mentioned by Alexsandro Souza on iMasters]<br/>
 +
[http://infosecplatform.com/2013/08/04/owasp-mantra-fully-loaded-browser-with-pentest-bookmarks/ Article about Hackery and Galley by Niraj]<br/>
 +
[http://devopsweekly.com/2014/05/25/177/ OWASP Mantra was mentioned in 177th edition of Devops Weekly]<br/>
 +
[http://www.thegeeksclub.com/16671-hacking-penetration-testing-security-software-linux/ OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub]<br/>
 +
[http://www.darknet.org.uk/2014/06/owasp-mantra-browser-based-security-framework/ Article about OWASP Mantra Janus on Darknet]<br/>
 +
[http://efytimes.com/e1/fullnews.asp?edid=136674 OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes]<br/>
 +
[http://www.gfi.com/blog/18-free-security-tools-for-sysadmins/ OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog]<br/>
 +
[http://cypherpunk.fr/distributions-gnu-linux-orientees-securite/ OWASP Mantra was mentioned in Cyberpunk.fr]<br/>
 +
[http://www.pensandoenlaweb.com/2012/07/auditorias-web-con-mantra-de-owasp.html Article about OWASP Mantra on pensandoenlaweb.com]<br/>
 +
[http://intellavis.com/blog/?p=325 OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities']<br/>
 +
[http://www.exploit-db.com/exploits/18632/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS]<br/>
 +
[http://www.exploit-db.com/exploits/24507/ OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS]<br/>
 +
[http://is-ra.org/c0c0n/ OWASP Mantra is a supporting partner of c0c0n 2014]<br/>
 +
[http://thepowerofapostrophe.blogspot.com/ The Power of Apostrophe blog created as part of [[OWASP_Security_Blitz]]]<br/>
 +
[https://www.owasp.org/index.php/Null_%26_OWASP_Delhi_Combined_Meeting_November_2014 LAMP Security CTF 6 walk through using OWASP Mantra by Abhi M Balakrishnan on Null & OWASP Delhi Combined Meeting November 2014]
  
 +
= Road Map and Getting Involved =
 +
As of now, the priorities are:
 +
Create an ecosystem for hackers based on browser
 +
To bring the attention of security people to the potential of a browser based security platform
 +
Provide easy to use and portable platform for demonstrating common web based attacks( read training )
 +
To associate with other security tools/products to make a better environment. Eg:
 +
It can be a nice addition to OWASP Live CD
 +
It can be used to solve basic levels of CTF contests
 +
It can associate with projects like DVWA to showcase attacks
 +
It can bring functions like crawler, SQL injection scanner etc by installing extensions.
  
==== Resource ====
+
Involvement in the development and promotion of OWASP Mantra is actively encouraged!
 +
You do not have to be a security expert in order to contribute.
  
{{:Projects/OWASP Mantra - Security Framework | Resources}}
 
  
==== Links ====
 
  
{{:Projects/OWASP Mantra - Security Framework | Links}}
+
=Project About=
 +
{{:Projects/OWASP Mantra - Security Framework | Project About}}
  
__NOTOC__ <headertabs />  
+
=Downloads=
 +
[[Image:OWASP Mantra cross platform.jpg|600px|OWASP Mantra cross platform.jpg]]<br/>
 +
'''OWASP Mantra Security Toolkit - Beta 0.92 code named Janus'''
 +
{|
 +
|''Linux 32 bit: ''
 +
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2032.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2032.tar.gz Mirror 2] [http://burnbit.com/download/233734/OWASP_Mantra_Janus_Linux_32_tar_gz Torrent]
 +
|-
 +
|''Linux 64 bit: ''
 +
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus%20Linux%2064.tar.gz/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20Linux%2064.tar.gz Mirror 2] [http://burnbit.com/download/233735/OWASP_Mantra_Janus_Linux_64_tar_gz Torrent]
 +
|-
 +
|''Windows: ''
 +
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.exe/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.exe Mirror 2] [http://burnbit.com/download/233648/OWASP_Mantra_Janus_exe Torrent]
 +
|-
 +
|''Macintosh: ''
 +
|[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/Janus%20-%200.92%20Beta/OWASP%20Mantra%20Janus.mpkg.zip/download Mirror 1] [http://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus.mpkg.zip Mirror 2] [http://burnbit.com/download/233736/OWASP_Mantra_Janus_mpkg_zip Torrent]
 +
|-
 +
|''Source: ''
 +
|[https://code.google.com/p/getmantra/downloads/detail?name=OWASP%20Mantra%20Janus%20source.7z&can=1&q= Mirror 1]
 +
|}<br/><br/>
 +
 
 +
==Old Versions==
 +
Old versions of OWASP Mantra and their source code can be obtained from:<br/>
 +
[https://code.google.com/p/getmantra/downloads/list?can=1&q=&colspec=Filename+Summary+Uploaded+ReleaseDate+Size+DownloadCount OWASP Mantra download page on Google Code] or<br/>
 +
[http://sourceforge.net/projects/getmantra/files/Mantra%20Security%20Toolkit/ Sourceforge page of OWASP Mantra]
 +
 
 +
=Tutorials=
 +
'''Tutorials'''
 +
{|
 +
|''Text Tutorials''
 +
|
 +
|''Video Tutorials''
 +
|-
 +
|[http://getmantra.com/forums/Thread-introducing-passiverecon-by-justin-morehouse Introducing PassiveRecon by Justin Morehouse]<br/>[http://getmantra.com/forums/Thread-introducing-groundspeed-by-felipe Introducing Groundspeed by Felipe]<br/>[http://getmantra.com/forums/Thread-introducing-link-sidebar-by-varun-n Introducing Link Sidebar by Varun N]<br/>[http://getmantra.com/forums/Thread-introducing-proxytool-by-robert-rade Introducing ProxyTool by Robert Rade]<br/>[http://getmantra.com/forums/Thread-introducing-httpfox-by-martin-theimer Introducing HttpFox by Martin Theimer]<br/>[http://getmantra.com/forums/Thread-how-to-make-your-own-search-bar-item How to make your own search bar item]<br/>[http://getmantra.com/forums/Thread-how-to-use-moc-crawler How to use MoC crawler]<br/>[http://getmantra.com/forums/Thread-switching-between-languages-and-locales Switching between languages and locales]<br/>[http://getmantra.com/forums/Thread-running-mantra-and-firefox-together Running Mantra and Firefox together]<br/>[http://getmantra.com/forums/Thread-login-form-bypass-using-mantra-security-toolkit Login Form Bypass using Mantra Security Toolkit]<br/>[http://getmantra.com/forums/Thread-advanced-sql-injection-tutorial-complete-website-rooting Advanced SQL Injection Tutorial - Complete website rooting]<br/>[http://getmantra.com/forums/Thread-manual-crawling Manual Crawling]<br/>[http://getmantra.com/forums/Thread-introducing-flagfox Introducing Flagfox]
 +
|&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
 +
|[http://link.brightcove.com/services/player/bcpid1078581830001?bclid=1077362296001&bctid=1078245078001 SearchSecurity Screencast]<br/>ClubHACK 2010 - [http://www.youtube.com/watch?v=GBFxVAM3DLQ 1] [http://www.youtube.com/watch?v=bKACEDWKeyM 2] [http://www.youtube.com/watch?v=qpVHWVOPHTk 3]<br/>[http://www.youtube.com/watch?v=yTbB42sR208 Broken Authentication Demonstration]<br/>[http://www.youtube.com/watch?v=o1WVx6eYE-M Broken Session Demonstration]<br/>[http://www.youtube.com/watch?v=vvPeskadF-s Insecure Direct Object References Demonstration]<br/>[http://www.youtube.com/watch?v=NK3S-nwiGwA Cross Site Scripting Demonstration]<br/>[http://www.youtube.com/watch?v=p94ssETMbQ0& Introduction + How to use Mantra Security Toolkit]<br/>[http://www.youtube.com/watch?v=fxHlthnVJpA Introduction to Mantra (Arabic)]<br/>
 +
[http://www.youtube.com/watch?v=exyUAGseifI Introducing FoxyProxy (Arabic)]<br/>[http://www.youtube.com/watch?v=vFcY584Wmw0 OWASP Mantra - URL Shortener Script SQL Injection Vulnerability]<br/>[http://www.youtube.com/watch?v=CRJkGZlV6Vk OWASP Mantra and LAMP Security CTF 6]<br/>
 +
[http://www.youtube.com/watch?v=aPk5vCqh-2k OWASP Mantra and Who Wants to be a Millionaire]<br/>[http://www.youtube.com/watch?v=0lPz24Z7Q_4 OWASP Mantra - One File CMS - Failure to Restrict URL Access]
 +
|}
  
  
  
 +
__NOTOC__ <headertabs />
  
[[Category:OWASP_Tool]] [[Category:OWASP_Alpha_Quality_Tool]] [[Category:OWASP_Project|Mantra - Security Framework]]
+
[[Category:OWASP Project]]  [[Category:OWASP_Tool|Mantra - Security Framework]] [[Category:OWASP_Alpha_Quality_Tool|Mantra - Security Framework]] [[Category:OWASP_Project|Mantra - Security Framework]]
]]
+
[[Category:OWASP Download|Mantra - Security Framework]]{{OWASP Breakers}} [[Category:OWASP_Download]]

Latest revision as of 00:08, 3 March 2015

Lab big.jpg

OWASP Mantra - Security Framework

  • A web application security testing framework built on top of a browser.
  • Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
  • Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
  • Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
  • Comes installed with major security distributions including BackTrack and Matriux

Introduction

Free and Open Source Browser based Security Framework


Description

Mantra is a browser especially designed for web application security testing. By having such a product, more people will come to know the easiness and flexibility of being able to follow basic testing procedures within the browser. Mantra believes that having such a portable, easy to use and yet powerful platform can be helpful for the industry.

Mantra has many built in tools to modify headers, manipulate input strings, replay GET/POST requests, edit cookies, quickly switch between multiple proxies, control forced redirects etc. This makes it a good software for performing basic security checks and sometimes, exploitation. Thus, Mantra can be used to solve basic levels of various web based CTFs, showcase security issues in vulnerable web applications etc.


Licensing

OWASP Mantra is free to use. It is licensed under the http://creativecommons.org/licenses/by-sa/3.0/ Creative Commons Attribution-ShareAlike 3.0 license], so you can copy, distribute and transmit the work, and you can adapt it, and use it commercially, but all provided that you attribute the work and if you alter, transform, or build upon this work, you may distribute the resulting work only under the same or similar license to this one.


What is OWASP Mantra?

OWASP Mantra provides:

  • A web application security testing framework built on top of a browser.
  • Supports Windows, Linux(both 32 and 64 bit) and Macintosh.
  • Can work with other software like ZAP using built in proxy management function which makes it much more convenient.
  • Available in 9 languages: Arabic, Chinese - Simplified, Chinese - Traditional, English, French, Portuguese, Russian, Spanish and Turkish
  • Comes installed with major security distributions including BackTrack and Matriux


Presentation

Project Presentation 1 | Project Presentation 2


Project Leader

Abhi M Balakrishnan and Yashartha Chaturvedi


Related Projects

Ohloh

Quick Download

Email List

https://lists.owasp.org/mailman/listinfo/owasp-mantra

News and Events

Computer Weekly Article
OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release
Mantra at Ekoparty Security Conference
Mantra at OWASP LatamTour - Buenos Aires, Argentina
Getting secure with Mantra: An open source penetration testing kit - 1. Computer World 2. CIO 3. Tech World 4. CSO
Searchsecurity Screencast
Mantra in Matriux Security Distribution
Mantra in Backtrack 5 - Penetration Testing Distribution
Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag
ClubHACK 2010 Mantra release
OWASP Mantra page on Secpedia, the information security encyclopedia
More News and Events

Classifications

Owasp-incubator-trans-85.png Owasp-builders-small.png
Owasp-defenders-small.png
Cc-button-y-sa-small.png
Project Type Files CODE.jpg


Volunteers

OWASP Mantra is developed by a worldwide team of volunteers. The primary contributors to date have been:

Gokul C Gopinath, Maximiliano Soler, Niraj Mohite, Rahul Babu R, Gopu C Gopinath and Thomas Mackenzie

Computer Weekly Article
OWASP Mantra - c0c0n 11 and AppSecLatam 11 Release
Mantra at Ekoparty Security Conference
Mantra at OWASP LatamTour - Buenos Aires, Argentina
Getting secure with Mantra: An open source penetration testing kit - 1. Computer World 2. CIO 3. Tech World 4. CSO
Searchsecurity Screencast
Mantra in Matriux Security Distribution
Mantra in Backtrack 5 - Penetration Testing Distribution
Mantra – Free and Open Source Security Framework' - published in India's first hacking magazine ClubHack Mag
ClubHACK 2010 Mantra release
OWASP Mantra page on Secpedia, the information security encyclopedia
Article about OWASP Mantra on KitPloit
Article about OWASP Mantra on OS Arena
OWASP Mantra was in the list of free and popular security tools on habrahabr.ru
Article about OWASP Mantra on Mundodoshackers
Korben featured Mantra in 2011
OWASP Mantra was mentioned by Alexsandro Souza on PHP Developers Group of Sao Paulo
OWASP Mantra was mentioned by Alexsandro Souza on iMasters
Article about Hackery and Galley by Niraj
OWASP Mantra was mentioned in 177th edition of Devops Weekly
OWASP Mantra was on of the Best Hacking, Penetration Testing, Security software for Linux listed by thegeeksclub
Article about OWASP Mantra Janus on Darknet
OWASP Mantra was mentioned as a handy tool for SysAdmins at EFYTimes
OWASP Mantra was one among 18 Free Security Tools for SysAdmins by Andrew Zammit Tabona on GFI blog
OWASP Mantra was mentioned in Cyberpunk.fr
Article about OWASP Mantra on pensandoenlaweb.com
OWASP Mantra was mentioned in Increased Visibility article titled 'Detecting Cross Site Scripting Vulnerabilities'
OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on OneFileCMS
OWASP Mantra was used to demonstrate Failure to Restrict URL Access vulnerability on chillyCMS
OWASP Mantra is a supporting partner of c0c0n 2014
The Power of Apostrophe blog created as part of OWASP_Security_Blitz
LAMP Security CTF 6 walk through using OWASP Mantra by Abhi M Balakrishnan on Null & OWASP Delhi Combined Meeting November 2014

As of now, the priorities are: Create an ecosystem for hackers based on browser To bring the attention of security people to the potential of a browser based security platform Provide easy to use and portable platform for demonstrating common web based attacks( read training ) To associate with other security tools/products to make a better environment. Eg: It can be a nice addition to OWASP Live CD It can be used to solve basic levels of CTF contests It can associate with projects like DVWA to showcase attacks It can bring functions like crawler, SQL injection scanner etc by installing extensions.

Involvement in the development and promotion of OWASP Mantra is actively encouraged! You do not have to be a security expert in order to contribute.


PROJECT INFO
What does this OWASP project offer you?
RELEASE(S) INFO
What releases are available for this project?
what is this project?
Name: OWASP Mantra - Security Framework (home page)
Purpose: Mantra is a security framework which can be very helpful in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges,maintaining access, and covering tracks. Apart from that it also contains a set of tools targeted for web developers and code debuggers which makes it handy for both offensive security and defensive security related tasks.
License: GNU Free Documentation 1.2 for documents & GPL v3 for source code
who is working on this project?
Project Leader(s):
Project Maintainer(s):
how can you learn more?
Project Pamphlet: View
Project Presentation: View
Mailing list: Mailing List Archives
Project Roadmap: View
Main links:
Key Contacts
current release
OWASP Mantra Janus - Beta 0.92 - 22 January 2013 - (download)
Release description: Sixth public beta release of OWASP Mantra Security Toolkit - Beta 0.92 code named Janus
Rating: Yellow button.JPG Not Reviewed - Assessment Details
last reviewed release
Not Yet Reviewed


other releases

OWASP Mantra cross platform.jpg
OWASP Mantra Security Toolkit - Beta 0.92 code named Janus

Linux 32 bit: Mirror 1 Mirror 2 Torrent
Linux 64 bit: Mirror 1 Mirror 2 Torrent
Windows: Mirror 1 Mirror 2 Torrent
Macintosh: Mirror 1 Mirror 2 Torrent
Source: Mirror 1


Old Versions

Old versions of OWASP Mantra and their source code can be obtained from:
OWASP Mantra download page on Google Code or
Sourceforge page of OWASP Mantra

This project is part of the OWASP Breakers community.
Feel free to browse other projects within the Defenders, Builders, and Breakers communities.