From mario.robles at owasp.org Wed Aug 12 16:27:33 2015 From: mario.robles at owasp.org (Mario Robles) Date: Wed, 12 Aug 2015 10:27:33 -0600 Subject: [Owasp_pyttacker_project] Pyttacker revival soon! Message-ID: <55CB73F5.70601@owasp.org> Test message This list is going to become active soon! -- *OWASP* *Mario Robles Tencio* Board member, OWASP Costa Rica Member: 37849215 Phone: +506 7012-8363 email: mario.robles at owasp.org https://www.owasp.org/index.php/Costa_Rica -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: owasplogo.png Type: image/png Size: 18505 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: From mario at roblest.com Wed Aug 12 20:16:40 2015 From: mario at roblest.com (Mario Robles) Date: Wed, 12 Aug 2015 14:16:40 -0600 Subject: [Owasp_pyttacker_project] Pyttacker Project In-Reply-To: <55CB8A1F.8070501@roblest.com> References: <55CB8A1F.8070501@roblest.com> Message-ID: <55CBA9A8.4020504@roblest.com> Hello everyone, Pyttacker is currently having big and great changes, lots of new features are going to be added soon including: * Multithreading for handling multiple HTTP requests at the same time (already implemented in the last release) * HTML5 Interface * Pyttacker will be combined with a tool I developed for private use within a company (they agreed to make the source open), this will provide the following features: o Plugins module will be improved: + The following plugins will be included in coming releases: POODLE, Shellshock, MS15-034, Heartbleed, CCS_Injection + Creating new plugins will be so easy that you can convert any python script into a plugin in less than 30 minutes o CLI: Similar to metasploit, pyttacker will support commands and all the features will be fully scriptable (both on web GUI and CLI) o Automation: The very simple scripting language used by the CLI can be used for creating scripts and automate scanning tasks, for instance, you will be able to use an input file containing a list or IPs, URLs, domains, etc and then test which of those are vulnerable to POODLE (or any other plugin), you can also create policies so you can test a predefined policy (group of plugins) to a specific target list o Scanning and Spidering: A simple portscanner will be included but also Pyttacker will be able to run nmap and parse its results for further tests like running a new internal spider for instance. o Proxy Support: Now you'll be able to send your http requests to ZAP or Burp from the internal Spider and it's also available for being used within the plugins For now the current version on GitHub is still unstable, some initial changes are now included but the process of combining the private tool and Pyttacker is going to take about a month from now, I'll be communicating on this list when the new release is available for download. https://github.com/RoblesT/pyttacker Pyttacker is changing a bit its mission, however will continue including the previous one (PoC creator for Pentesters) but also will have much more coverage, the future of Pyttacker is being that tool: portable, cross-platform, easy to use, easy to extend that every Pentester will love to use everyday, something that will provide nice PoCs for reports but also will help you to automate very easily any script you made for testing a specific vulnerability Your feedback will be highly appreciated! Thank you everyone for being interested on { supporting | contributing | using | distributing } Pyttacker -- Mario Robles Tencio /*Web App Security Pentesting and Security Assessments*/ Movil: +506-7012-8363 e-mail: mario at roblest.com PGP: A795B8324C858FCCBBCD6D4403709610A08C90C3 -------------- next part -------------- An HTML attachment was scrubbed... URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 488 bytes Desc: OpenPGP digital signature URL: