OWASP Mth3l3m3nt Framework

Munir Njiru GET /OMF/begin HTTP/1.1

HTTP/1.1 200 Ok

Cache-Control: private, no-cache, no-store, must- revalidate, max-age=0

Pragma: no-cache Content-Type: text/html

Content-Length: 1148 Accept-Ranges: bytes

Server: Africahackon Conference

Connection: close

About Me

• Information Security Consultant at Pricewaterhouse Coopers (PwC)

• What I’ve been certified in: Ethical Ninja (Sama), Ethical Ninja (Senpai) , JavaScript for Pentesters (JFP)

• Project Lead for OWASP Mth3l3m3nt Framework.

• Chapter Leader OWASP (Kenya).

• The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software. Our mission is to make software security visible, so that individuals and organizations worldwide can make informed decisions about true software security risks.

What is it?

• A penetration testing tool and exploitation framework to make penetration testing on the go a reality.

• Current Build Contains?

• Payload Store

• Cookie Theft Database

• Web Herd

• Shell Generator

• Payload Encoder

• Payload Decoder

• Client Side tools

• Whois

• LFI exploiter

Why Mth3l3m3nt?

• Limitations of portability of most web tools.

• Multiple modes of storage for penetration testing data e.g. payloads.

• Based on free tools (PHP, Js, HTML) and uses minimal dependencies.

• Cheap to implement ; so many choices:

• Shared Hosting

• VPS

• Phone/Tablet

• Local Server

• Webservers tested on for support:

• Litespeed

• Apache

• Lighttpd

• Nginx

• IIS

• You

Who can use it?

• Developers

• Security Professionals

• Students

• Software Testers

The Admin’s hand is in the cookie jar

For we came in peace to leave you in pieces

Fixes

• Whitelist what is allowed to be uploaded rather than upload and check once files are already on the server.

• Ensure you filter user input before putting it in the database.

• Test for security before launching.

• NEVER trust a user.

Improvements

• Make web herd have an even lesser fingerprint and also make it more flexible to support external versions of minimal shells via different methods.

• Amalgamate functions to prevent running too many remote commands.

• Include a Crawler/Scanner.

• Add support for other injection attacks.

• Better UI Design.

• Add integration capabilities with other tools of a similar nature.

• Include a module to handle social engineering attacks especially phishing via website vectors.

• Needs work on a generic LFI builder.

…..

Queries?

GET /Understood HTTP/1.1

HTTP/1.1 404 Not Found Cache-Control: private, no-cache, no-store, must-

revalidate, max-age=0 Pragma: no-cache

Content-Type: text/html

Content-Length: 1148 Accept-Ranges: bytes

Server: Africahackon Conference Connection: close

Contact

GET /find/hacker HTTP/1.1

HTTP/1.1 200 Ok Cache-Control: private, no-cache, no-store, must-

revalidate, max-age=0 Pragma: no-cache

Content-Type: text/html

Content-Length: 1148 Accept-Ranges: bytes

Server: Africahackon Conference Connection: close

Email : munir.n.n@gmail.com Web : http://munir.skilledsoft.com Project: http://alienwithin.github.io/OWASP-mth3l3m3nt-framework/ Twitter: @muntopia Phone : <Mteja Wa Nambari Hapatikani Kwa Sasa>