The Offensive Manual Web Application Penetration Testing Framework is a comprehensive and versatile tool that covers everything from Reconnaissance to Vulnerability Analysis. It consists of 5 main phases, which are further divided into 14 sub-phases and a total of 108 modules.
The Reconnaissance Phase alone includes 50 modules dedicated to active and passive recon, as well as information disclosure. The Scanning & Enumeration Phase incorporates 16 modules, including port scans and WAF analysis. The Vulnerability Analysis Phase comprises 37 modules that address the most common vulnerabilities. Currently, the Exploits Castle only houses 1 exploit, but it is still in development. Additionally, the Auxiliaries section offers 4 modules, with more under development.
Each of the four phases features an Auto-Awesome module that automates every module for you, providing a significant performance boost through multiprocessing. Furthermore, the framework supports piping attacks through Tor, although this feature is not implemented everywhere yet.
One of the key benefits of using the Offensive Manual Web Application Penetration Testing Framework is its simplicity. All you need is the domain, and this tool will take care of everything else. With full verbose out support, you'll always know what's going on during the attack process.
In terms of new features, the latest version of the framework introduces several enhancements. It has been fully ported to Python3, offering improved programming language compatibility. The interface has also been revamped, now resembling a Metasploit-like console interface for ease of use. The introduction of multiprocessing enables parallelisation, resulting in faster and more efficient attacks. Additionally, there is now an alternative CLI interface for quicker interaction with specific modules.
Anonymity is a crucial aspect of penetration testing, and the Offensive Manual Web Application Penetration Testing Framework allows attacking through Tor, ensuring a higher level of privacy and security. While this feature is still undergoing development, it is already 95% complete.
Some modules within the framework have been enhanced and feature-extended. For example, additional evasion techniques have been included, and support for more than one query parameter has been added. Furthermore, new modules like arpscan have been introduced to expand the toolkit's capabilities.
To enhance user experience, a Graphical User Interface (GUI) has been developed, providing a more user-friendly and intuitive way to interact with the toolkit. This GUI simplifies the process of configuring and executing tests.
Finally, it is worth mentioning that the framework supports non-default http(s) ports, allowing for more flexibility and compatibility.
Looking ahead, there are exciting plans for future updates to the Offensive Manual Web Application Penetration Testing Framework. The results of modules will soon be stored in a database, enabling easier access and analysis. Additionally, new modules like nikto and photon are currently being developed, which will further enhance the toolkit's functionality and versatility.
- A complete versatile framework to cover up everything from Reconnaissance to Vulnerability Analysis.
- Has 5 main phases, subdivided into 14 sub-phases consisting a total of 108 modules.
- Reconnaissance Phase has 50 modules of its own (including active and passive recon, information disclosure modules).
- Scanning & Enumeration Phase has got 16 modules (including port scans, WAF analysis, etc)
- Vulnerability Analysis Phase has 37 modules (including most common vulnerabilities in action).
- Exploits Castle has only 1 exploit.
- And finally, Auxiliaries have got 4 modules.
more under development
- All four phases each have an
Auto-Awesomemodule which automates every module for you.
- huge performance boost through multiprocessing
- Piping Attacks through Tor (not implemented everywhere yet)
- You just need the domain, and leave everything is to this tool.
- TIDoS has full verbose out support, so you'll know whats going on.
- Attacking now even easier with a new GUI
- the programming language: TIDoS is fully ported to Python3
- the interface: TIDoS presents a new, Metasploit-like console interface
- Parallelisation: TIDoS uses multiprocessing to speed up attacks
- An alternative CLI interface for faster interaction with one specific module
- Anonymity: Attacking through Tor is possible (95% done)
- Module Completion: Some modules have been feature-extended (e.g. more evasion, supporting more than 1 query parameter)
- Some new modules: arpscan
- A Graphical User Interface for easier interaction with the toolkit
- Supports non-default http(s) ports
- GPL-3.0 License