[Owasp-leaders] FW: New Project Request: Pantera Web Assessment Studio (WAS)

Jeff Williams jeff.williams at owasp.org
Tue Aug 15 15:22:49 EDT 2006



Just received this - can you check it out and see if this is something we
want at OWASP?




Jeff Williams, Chair

The OWASP Foundation <http://www.owasp.org/> 

work: 410-707-1487

main: 301-604-4882


"Dedicated to finding and fighting the causes of insecure software"


From: Simon Roses [mailto:simonroses at gmail.com] 
Sent: Tuesday, August 15, 2006 2:05 PM
To: owasp at owasp.org
Subject: New Project Request: Pantera Web Assessment Studio (WAS)


To who it may concern,


I have been working for a long time on an web application assessment tool.
Is a mix between a proxy, aplication scanner and  analysis framework. I have
attach some screen shots (is still in heavy development, but I will relase a
public version soon, by next month) Here is a more detail description: 


Some Pantera Features:


*	User-friendly custom web GUI. (CSS): Pantera itself is a web
application that runs inside the browser and can be customized using CSS by
the user. Some of the customizations are visual style, colors, fonts, views
for easy information access, etc. 
*	100% python: Python is cross-platform, easy to install and use.
Making it the perfect language of choice to use. 
*	Multi-platform (Windows, Linux, etc.) and multi-browser (IE,
Firefox, etc.): By using Python, Pantera is cross-platform. And we have made
sure Pantera works fine with the most common browsers.
*	Supports SSL, NTLM, HTTP Basic: All this is supported by Pantera,
still most open source tools have problems with things like NTLM. 
*	Powerful analysis engine: Pantera has a powerful analysis engine,
meaning that each web page that Pantera sees is analyzed for several things
like comments, scripts, vulnerabilities, hidden tags and more. All this is
done in background and transparent for the user while testing the website
manual and of course all this info is stored in the database.
*	XML data files for configuration and attacks: Pantera uses XML files
for configuration but also all the attacks and tests are stored in XML
files, so it's easy to add content to these files. 
*	MySQL support: Most tools do not allow you to save the assessment.
While performing an assessment with Pantera you can create a session, so all
the info generated while the assessment is stored in the database. You can
edit, delete and modify the content of the assessment at your will. You can
continue the next day on the same point you stopped. Currently only MySQL is
supported, more databases will be supported in the future.   
*	Project Management: Each assessment is a session. Pantera offers
project management to create new, open and delete projects. 
*	Plug-in support: Pantera offers plug-in support so advanced users
can add and extent its features. 
*	Report generation: As Pantera can save assessments it can generate
reports with all the gather data and vulnerabilities found. Some reports
formats are HTML, XML, PDF, etc. Reports can also be customized!! 
*	Pantera Inline Feature: This interesting feature allows the user to
use the browser visiting the target website and send Pantera commands using
a special syntax without switching to Pantera UI. You can do most of the
assessment by using just the browser and having Pantera in the background by
catching and analysing all the pages you view.    
*	Many utilities. (anti-IDS, fuzzing, web spider, brute force, cgi
scanning, etc.): Pantera comes with many features, some are common, others
*	Combines automated capabilities with complete manual testing to get
the best results: That's the main goal of Pantera.
*	Open source and freeware: Free of charge :-)


Pantera used an improved version of SpikeProxy as the proxy engine. 


I hope my project is something for OWASP.


I will be glad to send more information and to answer any question.




Simon Roses Femerling













-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/mailman/private/owasp-leaders/attachments/20060815/9e2ae587/attachment.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: screen_shots.zip
Type: application/zip
Size: 1181931 bytes
Desc: not available
Url : https://lists.owasp.org/mailman/private/owasp-leaders/attachments/20060815/9e2ae587/attachment.zip 

More information about the OWASP-Leaders mailing list