Created
March 6, 2016 10:13
-
-
Save viyatb/bc61bdf5a39fdd2ae87e to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| _____ _ _ _ _____ _____ | |
| | | | | |_ _| __| | |
| | | | | | | | | | __| | |
| |_____|_____| |_| |__| | |
| @owtfp | |
| http://owtf.org | |
| [*] OWTF Version: 1.0.1, Release: LionHeart (Beta) | |
| [-] Loading framework please wait.. | |
| [-] | |
| Short Intro: | |
| Current Plugin Groups: | |
| - web: For web assessments or when net plugins find a port that "speaks HTTP" | |
| - net: For network assessments, discovery and port probing | |
| - aux: Auxiliary plugins, to automate miscelaneous tasks | |
| WEB Plugin Types: | |
| - Passive Plugins: NO requests sent to target | |
| - Semi Passive Plugins: SOME "normal/legitimate" requests sent to target | |
| - Active Plugins: A LOT OF "bad" requests sent to target (You better have permission!) | |
| - Grep Plugins: NO requests sent to target. 100% based on transaction searches and plugin output parsing. Automatically run after semi_passive and active in default profile. | |
| Available WEB plugins: | |
| [-] | |
| **************************************** Active plugins **************************************** | |
| [-] active: Visit_URLs_________________________________________(OWTF-WSP-001)________Visit URLs found by other tools, some could be sensitive: need permission | |
| [-] active: Application_Discovery______________________________(OWTF-IG-005)_________Active probing for app discovery | |
| [-] active: Testing_for_SSL-TLS________________________________(OWTF-CM-001)_________Active probing for SSL configuration | |
| [-] active: Infrastructure_Configuration_Management____________(OWTF-CM-003)_________Active Probing for fingerprint analysis | |
| [-] active: Web_Application_Fingerprint________________________(OWTF-IG-004)_________Active probing for fingerprint analysis | |
| [-] active: HTTP_Methods_and_XST_______________________________(OWTF-CM-008)_________Active probing for HTTP methods | |
| [-] active: Arachni_Unauthenticated____________________________(OWTF-WVS-001)________Active Vulnerability Scanning without credentials via Arachni | |
| [-] active: Nikto_Unauthenticated______________________________(OWTF-WVS-002)________Active Vulnerability Scanning without credentials via nikto | |
| [-] active: Wapiti_Unauthenticated_____________________________(OWTF-WVS-003)________Active Vulnerability Scanning without credentials via Wapiti | |
| [-] active: W3AF_Unauthenticated_______________________________(OWTF-WVS-004)________Active Vulnerability Scanning without credentials via w3af | |
| [-] active: Skipfish_Unauthenticated___________________________(OWTF-WVS-006)________Active Vulnerability Scanning without credentials via Skipfish | |
| [-] active: Old_Backup_and_Unreferenced_Files__________________(OWTF-CM-006)_________Active probing for juicy files (DirBuster) | |
| [-] | |
| **************************************** Passive plugins **************************************** | |
| [-] passive: HTTP_Methods_and_XST______________________________(OWTF-CM-008)_________Third party resources | |
| [-] passive: Testing_for_Path_Traversal________________________(OWTF-AZ-001)_________Panoptic, a tool for testing local file inclusion vulnerabilities | |
| [-] passive: Reflected_Cross_Site_Scripting____________________(OWTF-DV-001)_________Plugin to assist passive testing for known XSS vectors | |
| [-] passive: Stored_Cross_Site_Scripting_______________________(OWTF-DV-002)_________Plugin to assist passive testing for known XSS vectors | |
| [-] passive: Testing_for_Cross_site_flashing___________________(OWTF-DV-004)_________Google Hacking for Cross Site Flashing | |
| [-] passive: Testing_for_SQL_Injection_________________________(OWTF-DV-005)_________Google Hacking for SQLi | |
| [-] passive: Testing_for_SSI_Injection_________________________(OWTF-DV-009)_________Searching for pages that are susceptible to SSI-Injection | |
| [-] passive: WS_Information_Gathering__________________________(OWTF-WS-001)_________Google Hacking/Third party sites for Web Services | |
| [-] passive: Spiders_Robots_and_Crawlers_______________________(OWTF-IG-001)_________robots.txt analysis through third party sites | |
| [-] passive: Search_engine_discovery_reconnaissance____________(OWTF-IG-002)_________General Google Hacking/Email harvesting, etc | |
| [-] passive: Web_Application_Fingerprint_______________________(OWTF-IG-004)_________Third party resources and fingerprinting suggestions | |
| [-] passive: Application_Discovery_____________________________(OWTF-IG-005)_________Third party discovery resources | |
| [-] passive: Testing_for_Error_Code____________________________(OWTF-IG-006)_________Google Hacking for Error codes | |
| [-] passive: Testing_for_SSL-TLS_______________________________(OWTF-CM-001)_________Third party resources | |
| [-] passive: Testing_for_Captcha_______________________________(OWTF-AT-008)_________Google Hacking for CAPTCHA | |
| [-] passive: Testing_for_Admin_Interfaces______________________(OWTF-CM-007)_________Google Hacking for Admin interfaces | |
| [-] passive: Old_Backup_and_Unreferenced_Files_________________(OWTF-CM-006)_________Google Hacking for juicy files | |
| [-] | |
| **************************************** Grep plugins **************************************** | |
| [-] grep: Vulnerable_Remember_Password_and_Pwd_Reset___________(OWTF-AT-006)_________Searches transaction DB for autocomplete protections | |
| [-] grep: Logout_and_Browser_Cache_Management__________________(OWTF-AT-007)_________Searches transaction DB for Cache snooping protections | |
| [-] grep: Cookies_attributes___________________________________(OWTF-SM-002)_________Searches transaction DB for Cookie attributes | |
| [-] grep: Testing_for_CSRF_____________________________________(OWTF-SM-005)_________Searches transaction DB for CSRF protections | |
| [-] grep: Reflected_Cross_Site_Scripting_______________________(OWTF-DV-001)_________Searches transaction DB for XSS protections | |
| [-] grep: Testing_for_SSI_Injection____________________________(OWTF-DV-009)_________Searches transaction DB for SSI directives | |
| [-] grep: DoS_Failure_to_Release_Resources_____________________(OWTF-DS-007)_________Searches transaction DB for timing information | |
| [-] grep: Spiders_Robots_and_Crawlers__________________________(OWTF-IG-001)_________Searches transaction DB for Robots meta tag and X-Robots-Tag HTTP header | |
| [-] grep: Web_Application_Fingerprint__________________________(OWTF-IG-004)_________Searches transaction DB for fingerprint traces | |
| [-] grep: Testing_for_SSL-TLS__________________________________(OWTF-CM-001)_________Searches transaction DB for SSL protections | |
| [-] grep: Application_Configuration_Management_________________(OWTF-CM-004)_________Searches transaction DB for comments | |
| [-] grep: Credentials_transport_over_an_encrypted_channel______(OWTF-AT-001)_________Searches transaction DB for credentials protections | |
| [-] grep: Clickjacking_________________________________________(OWTF-WGP-001)________Searches transaction DB for Clickjacking protections | |
| [-] grep: CORS_________________________________________________(OWTF-WGP-002)________Searches transaction DB for Cross Origin Resource Sharing headers | |
| [-] | |
| **************************************** Semi-Passive plugins **************************************** | |
| [-] semi_passive: Session_Management_Schema____________________(OWTF-SM-001)_________Normal requests to gather session managament info | |
| [-] semi_passive: Testing_for_Cross_site_flashing______________(OWTF-DV-004)_________Normal requests for XSF analysis | |
| [-] semi_passive: Spiders_Robots_and_Crawlers__________________(OWTF-IG-001)_________Normal request for robots.txt analysis | |
| [-] semi_passive: Search_engine_discovery_reconnaissance_______(OWTF-IG-002)_________Metadata analysis | |
| [-] semi_passive: Web_Application_Fingerprint__________________(OWTF-IG-004)_________Normal requests to gather fingerprint info | |
| [-] semi_passive: HTTP_Methods_and_XST_________________________(OWTF-CM-008)_________Normal request for HTTP methods analysis | |
| [-] | |
| **************************************** External plugins **************************************** | |
| [-] external: XML_Structural_Testing___________________________(OWTF-WS-003)_________Plugin to assist manual testing | |
| [-] external: Application_Configuration_Management_____________(OWTF-CM-004)_________Plugin to assist manual testing | |
| [-] external: Application_Discovery____________________________(OWTF-IG-005)_________Plugin to assist manual testing | |
| [-] external: Arachni_Unauthenticated__________________________(OWTF-WVS-001)________Plugin to assist manual testing | |
| [-] external: Brute_Force_Testing______________________________(OWTF-AT-004)_________Plugin to assist manual testing | |
| [-] external: Bypassing_authentication_schema__________________(OWTF-AT-005)_________Plugin to assist manual testing | |
| [-] external: Bypassing_authorization_schema___________________(OWTF-AZ-002)_________Plugin to assist manual testing | |
| [-] external: CORS_____________________________________________(OWTF-WGP-002)________CORS Plugin to assist manual testing | |
| [-] external: Clickjacking_____________________________________(OWTF-WGP-001)________Plugin to assist manual testing | |
| [-] external: Cookies_attributes_______________________________(OWTF-SM-002)_________Cookie Attributes Plugin to assist manual testing | |
| [-] external: Credentials_transport_over_an_encrypted_channel__(OWTF-AT-001)_________Tools to assist credential transport vulnerability exploitation | |
| [-] external: DB_Listener_Testing______________________________(OWTF-CM-002)_________Plugin to assist manual testing | |
| [-] external: DOM_based_Cross_Site_Scripting___________________(OWTF-DV-003)_________Plugin to assist manual testing | |
| [-] external: DoS_Failure_to_Release_Resources_________________(OWTF-DS-007)_________Plugin to assist manual testing | |
| [-] external: DoS_User_Specified_Object_Allocation_____________(OWTF-DS-004)_________Plugin to assist manual testing | |
| [-] external: Exposed_Session_Variables________________________(OWTF-SM-004)_________Plugin to assist manual testing | |
| [-] external: HTTP_GET_parameters_REST_Testing_________________(OWTF-WS-005)_________Plugin to assist manual testing | |
| [-] external: HTTP_Methods_and_XST_____________________________(OWTF-CM-008)_________Plugin to assist manual testing | |
| [-] external: How_to_test_AJAX_________________________________(OWTF-AJ-002)_________Plugin to assist manual testing | |
| [-] external: IMAP_SMTP_Injection______________________________(OWTF-DV-011)_________Plugin to assist manual testing | |
| [-] external: Identify_application_entry_points________________(OWTF-IG-003)_________Plugin to assist manual testing | |
| [-] external: Infrastructure_Configuration_Management__________(OWTF-CM-003)_________Plugin to assist manual testing | |
| [-] external: Logout_and_Browser_Cache_Management______________(OWTF-AT-007)_________Plugin to assist manual testing | |
| [-] external: Multiple_Factors_Authentication__________________(OWTF-AT-009)_________Plugin to assist manual testing | |
| [-] external: Naughty_SOAP_attachments_________________________(OWTF-WS-006)_________Plugin to assist manual testing | |
| [-] external: Nikto_Unauthenticated____________________________(OWTF-WVS-002)________Plugin to assist manual testing | |
| [-] external: AJAX_Vulnerabilities_____________________________(OWTF-AJ-001)_________Plugin to assist manual testing | |
| [-] external: Race_Conditions__________________________________(OWTF-AT-010)_________Plugin to assist manual testing | |
| [-] external: Reflected_Cross_Site_Scripting___________________(OWTF-DV-001)_________Plugin to assist manual testing | |
| [-] external: Search_engine_discovery_reconnaissance___________(OWTF-IG-002)_________Plugin to assist manual testing | |
| [-] external: Session_Management_Schema________________________(OWTF-SM-001)_________Plugin to assist manual testing | |
| [-] external: Spiders_Robots_and_Crawlers______________________(OWTF-IG-001)_________Plugin to assist manual testing | |
| [-] external: Stored_Cross_Site_Scripting______________________(OWTF-DV-002)_________Plugin to assist manual testing | |
| [-] external: Storing_too_Much_Data_in_Session_________________(OWTF-DS-008)_________Plugin to assist manual testing | |
| [-] external: Testing_WSDL_____________________________________(OWTF-WS-002)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Admin_Interfaces_____________________(OWTF-CM-007)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Buffer_overflow______________________(OWTF-DV-014)_________Plugin to assist manual testing | |
| [-] external: Testing_for_CSRF_________________________________(OWTF-SM-005)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Captcha______________________________(OWTF-AT-008)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Code_Injection_______________________(OWTF-DV-012)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Command_Injection____________________(OWTF-DV-013)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Cross_site_flashing__________________(OWTF-DV-004)_________Cross Site Flashing Plugin to assist manual testing | |
| [-] external: Testing_for_DoS_Buffer_Overflows_________________(OWTF-DS-003)_________Plugin to assist manual testing | |
| [-] external: Testing_for_DoS_Locking_Customer_Accounts________(OWTF-DS-002)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Error_Code___________________________(OWTF-IG-006)_________Plugin to assist manual testing | |
| [-] external: Testing_for_File_Extensions_Handling_____________(OWTF-CM-005)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Guessable_User_Account_______________(OWTF-AT-003)_________Plugin to assist manual testing | |
| [-] external: Testing_for_HTTP_Splitting_Smuggling_____________(OWTF-DV-016)_________Plugin to assist manual testing | |
| [-] external: Testing_for_LDAP_Injection_______________________(OWTF-DV-006)_________Plugin to assist manual testing | |
| [-] external: Testing_for_ORM_Injection________________________(OWTF-DV-007)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Privilege_Escalation_________________(OWTF-AZ-003)_________Plugin to assist manual testing | |
| [-] external: Testing_for_SQL_Injection________________________(OWTF-DV-005)_________Plugin to assist manual testing | |
| [-] external: Testing_for_SQL_Wildcard_Attacks_________________(OWTF-DS-001)_________Plugin to assist manual testing | |
| [-] external: Testing_for_SSI_Injection________________________(OWTF-DV-009)_________Plugin to assist manual testing | |
| [-] external: Testing_for_SSL-TLS______________________________(OWTF-CM-001)_________Plugin to assist manual testing | |
| [-] external: Testing_for_Session_Fixation_____________________(OWTF-SM-003)_________Plugin to assist manual testing | |
| [-] external: Testing_for_XML_Injection________________________(OWTF-DV-008)_________XML Injection Plugin to assist manual testing | |
| [-] external: Testing_for_XPath_Injection______________________(OWTF-DV-010)_________Plugin to assist manual testing | |
| [-] external: Testing_for_incubated_vulnerabilities____________(OWTF-DV-015)_________Plugin to assist manual testing | |
| [-] external: Testing_for_path_traversal_______________________(OWTF-AZ-001)_________Plugin to assist manual testing | |
| [-] external: Testing_for_user_enumeration_____________________(OWTF-AT-002)_________Plugin to assist manual testing | |
| [-] external: User_Input_as_a_Loop_Counter_____________________(OWTF-DS-005)_________Plugin to assist manual testing | |
| [-] external: Visit_URLs_______________________________________(OWTF-WSP-001)________Plugin to assist manual testing | |
| [-] external: Vulnerable_Remember_Password_and_Pwd_Reset_______(OWTF-AT-006)_________Plugin to assist manual testing | |
| [-] external: W3AF_Unauthenticated_____________________________(OWTF-WVS-004)________Plugin to assist manual testing | |
| [-] external: WS_Information_Gathering_________________________(OWTF-WS-001)_________Plugin to assist manual testing | |
| [-] external: WS_Replay_Testing________________________________(OWTF-WS-007)_________Plugin to assist manual testing | |
| [-] external: Wapiti_Unauthenticated___________________________(OWTF-WVS-003)________Plugin to assist manual testing | |
| [-] external: Web_Application_Fingerprint______________________(OWTF-IG-004)_________Plugin to assist manual testing | |
| [-] external: Writing_User_Provided_Data_to_Disk_______________(OWTF-DS-006)_________Plugin to assist manual testing | |
| [-] external: XML_Content-level_Testing________________________(OWTF-WS-004)_________Plugin to assist manual testing | |
| [-] external: Old_Backup_and_Unreferenced_Files________________(OWTF-CM-006)_________Plugin to assist manual testing |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment