OWTF is an automated penetration testing framework that integrates multiple tools to improve the efficiency and effectiveness of web application security assessments.
Offensive Web Testing Framework (OWTF), is a framework which tries to unite great tools and make pen testing more efficient http://owtf.org https://twitter.com/owtfp
OWTF is designed for penetration testers and red teamers to streamline web application security testing by automating vulnerability discovery and exploitation aligned with industry standards like OWASP and PTES. It helps users focus on complex vulnerabilities and impact demonstration by aggregating and correlating results from various security tools.
OWTF requires a good understanding of penetration testing concepts to correctly interpret results and demonstrate impact; it is not a silver bullet. The recommended platform is Kali Linux or Debian derivatives, and Docker usage is encouraged to avoid dependency issues. PostgreSQL is required as a backend database. Users should ensure Python 3.6 to 3.8 compatibility and install all dependencies carefully, especially on macOS.
Clone the repository: git clone https://github.com/owtf/owtf
Change directory: cd owtf
For Docker usage, ensure docker and docker-compose are installed
Build and run Docker container: make compose-safe
To setup PostgreSQL with Docker: run make startdb
Alternatively, install PostgreSQL manually (brew install postgresql on macOS or systemctl start postgresql on Kali)
Create PostgreSQL user and database as per instructions or use scripts/db_setup.sh
Install Python virtual environment and activate it (python3 -m venv ~/.virtualenvs/owtf; source ~/.virtualenvs/owtf/bin/activate)
On macOS, install dependencies via Homebrew: coreutils, gnu-sed, openssl
Install Python cryptography module with specific build options on macOSmake compose-safe
Builds and runs the OWTF Docker container safely with all dependencies resolved
make startdb
Starts the PostgreSQL database server inside a Docker container for OWTF
python3 setup.py develop
Installs OWTF in development mode for direct usage without Docker
brew install coreutils gnu-sed openssl
Installs required dependencies on macOS for OWTF
pip install cryptography --global-option=build_ext --global-option="-L/usr/local/opt/openssl/lib" --global-option="-I/usr/local/opt/openssl/include"
Installs the cryptography Python package with OpenSSL paths on macOS to avoid build issues