GSoC 2026
OWASP Foundation — Project Ideas

OWTF

View Original

OWASP OWTF

OWTF is taking part in the Google Summer of Code 2025 ! If you’d like to participate then see the

[OWASP Google Summer of Code 2025 Ideas page]!

OWTF aims to make pen testing:

  • Aligned with OWASP Testing Guide + PTES + NIST
  • More efficient
  • More comprehensive
  • More creative and fun (minimise un-creative work)

so that pentesters will have more time to

  • See the big picture and think out of the box
  • More efficiently find, verify and combine vulnerabilities
  • Have time to investigate complex vulnerabilities like business logic/architectural flaws or virtual hosting sessions
  • Perform more tactical/targeted fuzzing on seemingly risky areas
  • Demonstrate true impact despite the short timeframes we are typically given to test.

You can get the latest version of OWASP OWTF by cloning the develop branch at https://github.com/owtf/owtf

OWTF attempts to solve the “penetration testers are never given enough time to test properly” problem, or in other words, OWTF = Test/Exploit ASAP, with this in mind, as of right now, the priorities are:

  • To improve security testing efficiency (i.e. test more in less time)
  • To improve security testing coverage (i.e. test more)
  • Gradually integrate the best tools
  • Unite the best tools and make them work together with the security tester
  • Remove or Reduce the need to babysit security tools during security assessments
  • Be a respository of PoC resource links to assist exploitation of vulnerabilities in order to illustrate risk to businesses.
  • Help penetration testers save time on report writing

Involvement in the development and promotion of OWTF is actively encouraged! You do not have to be a security expert in order to contribute. Some of the ways you can help:

Send us a pull requestGive us feedback / suggestions / report bugs- Talk to us on Slack(#owtf or #project-owtf) Join our OWTF developers mailing listJoin the general OWTF mailing list

  • OWTF selected for GSoC 2022, 2023, 2024, and is looking for people to participate in for 2025!
  • August 2018 - OWTF goes to Blackhat Arsenalonce again! - August 2017 - OWTF goes to Blackhat Arsenal

ToolsWatch Annual Best Free/Open Source Security Tool Survey:

OWTF 2.0a “Tikka Masala” is here! - February 29th, 2016 - OWASP is selected for GSoC 2016 - OWTF is participating! - February 29th, 2016 -

OWASP is selected for GSoC 2016 - OWTF is participating! - July 10th, 2015 - OWTF got 3 slots in the OWASP Summer Code Sprint 2015! - July 10th, 2015 -

OWTF got 3 slots in the OWASP Summer Code Sprint 2015! - June 19th, 2015 - OWTF is taking part in the OWASP Summer Code Sprint 2015 - June 19th, 2015 -

OWTF is taking part in the OWASP Summer Code Sprint 2015 - October 15, 2014 - OWTF is taking part in the OWASP Winter Code Sprint! - October 15, 2014 -

OWTF is taking part in the OWASP Winter Code Sprint! - October 15, 2014 - OWTF 1.0.1 “Lionheart” released! - Fixed a major installation bug caused due to wrong handling of requirements by pip - October 15, 2014 -

OWTF 1.0.1 “Lionheart” released! - Fixed a major installation bug caused due to wrong handling of requirements by pip - October 5th 2014 - OWTF 1.0 “Lionheart” released! - October 5th 2014 -

OWTF 1.0 “Lionheart” released! - September 26th 2014 - OWTF 1.0 “Lionheart” presented at Brucon! - September 26th 2014 -

OWTF 1.0 “Lionheart” presented at Brucon! - September 4th 2014 - - OWTF participating in OWASP Winter Code Sprint - September 4th 2014 -

- OWTF participating in OWASP Winter Code Sprint - January 13th 2014 - OWTF 0.45.0 “Winter Blizzard” released! - January 13th 2014 -

OWTF 0.45.0 “Winter Blizzard” released! - December 11th 2013 - OWASP OWTF CFP funds contest WINNERS announced - December 11th 2013 -

OWASP OWTF CFP funds contest WINNERS announced - September 8th 2013 - OWASP OWTF CFP funds contest open! - September 8th 2013 -

OWASP OWTF CFP funds contest open! - August 22nd-23rd 2013 - Introducing OWASP OWTF 5x5 @ OWASP AppSec EU - August 22nd-23rd 2013 -

Introducing OWASP OWTF 5x5 @ OWASP AppSec EU - August 9th 2013 - OWTF 0.30 “Summer Storm II” released! - August 9th 2013 -

OWTF 0.30 “Summer Storm II” released! - July 1st 2013 - OWTF 0.20 “Summer Storm I” released! - July 1st 2013 -

OWTF 0.20 “Summer Storm I” released! - June 12th 2013 - OWASP OWTF GSoC Selection, Stats and Poll - June 12th 2013 -

OWASP OWTF GSoC Selection, Stats and Poll - May 24th 2013 - OWASP OWTF 0.16 “shady citizen” released, now working smoothly in Kali! - May 24th 2013 -

OWASP OWTF 0.16 “shady citizen” released, now working smoothly in Kali! - April 22nd - May 3rd 2013 - Call for Student Proposals: OWASP OWTF will be part of the Google Summer of Code 2013 - April 22nd - May 3rd 2013 -

Call for Student Proposals: OWASP OWTF will be part of the Google Summer of Code 2013 - April 24th 2013 - Pentesting like a Grandmaster with OWASP OWTF to be presented at BSides London 2013 - April 24th 2013 -

Pentesting like a Grandmaster with OWASP OWTF to be presented at BSides London 2013 - February 26th 2013 - OWASP OWTF selected to be supported by Brucon 5x5 - February 26th 2013 -

OWASP OWTF selected to be supported by Brucon 5x5 - September 26th 2012 - OWASP OWTF Workshop at Brucon - September 26th 2012 -

OWASP OWTF Workshop at Brucon - September 24th 2012 - OWASP OWTF 0.15 BruCon released! - September 24th 2012 - OWASP OWTF 0.15 BruCon released!

We have been helped by many organizations, either financially or through other means:

OWASPeLearnSecurityGoogleBruConBrowserstackfor providing a platform to test OWTF on multiple devices!

The following links provide access to materials for OWTF talks (video, slides, etc.):

OWTF Talks at 7-a.org- You can see what OWASP OWTF is here - http://www.youtube.com/embed/H6Ut8U9a5KE

For more videos please see the YouTube channel

Command Palette

Search for a command to run...