Threat Level: green Handler on Duty: Scott Fendley

SANS ISC InfoSec Handlers Diary Blog


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Samurai WTF 0.8

Published: 2010-03-08
Last Updated: 2010-03-09 16:33:21 UTC
by Raul Siles (Version: 2)
3 comment(s)

A new version of the Samurai WTF (Web Testing Framework) distribution, version 0.8,  has been released this weekend. As a member of the main development team, I'm proud to see that Samurai WTF is becoming the preferred environment for web application security testing.

This new version includes multiple new features, apart from being the first Live DVD version (1.7GB), versus previous Live CD versions (<700MB in size), plus:
- The Samurai WTF Firefox add-ons collection: https://addons.mozilla.org/en-US/firefox/collection/samurai.
- An extensive layout clean-up.
- New SVN capabilities to update the most actively developed web testing tools.
- Metasploit (what allows its integration with other tools, like sqlmap or sqlninja).
- The addition of two well known vulnerable web apps for training and testing purposes, DVWA and Mutillidae.
- Plus new tools and tools updates (see the Changelog within the Live DVD).

Definitely, I recommend you to try it and get the most of this open-source project when evaluating the security of your web applications and sites.

You can gather more details about the Samurai WTF from its main web page, http://samurai.inguardians.com, an OWASP presentation I did on December (available at http://www.radajo.com/2009/12/assessing-and-exploiting-web.html), and download the new version from Sourceforge: http://sourceforge.net/projects/samurai/.

Please, if you are a common user or want to try it, share your comments and improvements through the project mailing list (http://sourceforge.net/mail/?group_id=235785).

UPDATE: In order to get an overview of the list of tools available on Samurai WTF, check the RaDaJo presentation referred above, and the distro changelog file.

BTW, I will be teaching the SANS SEC542 class, "Web App Penetration Testing and Ethical Hacking" on Dubai, April 17-22, 2010.
--
Raul Siles (www.raulsiles.com)
Taddong is comming soon...


3 comment(s)
Diary Archives