Samurai WTF 0.8

Published: 2010-03-08
Last Updated: 2010-03-09 16:33:21 UTC
by Raul Siles (Version: 2)
3 comment(s)

A new version of the Samurai WTF (Web Testing Framework) distribution, version 0.8,  has been released this weekend. As a member of the main development team, I'm proud to see that Samurai WTF is becoming the preferred environment for web application security testing.

This new version includes multiple new features, apart from being the first Live DVD version (1.7GB), versus previous Live CD versions (<700MB in size), plus:
- The Samurai WTF Firefox add-ons collection: https://addons.mozilla.org/en-US/firefox/collection/samurai.
- An extensive layout clean-up.
- New SVN capabilities to update the most actively developed web testing tools.
- Metasploit (what allows its integration with other tools, like sqlmap or sqlninja).
- The addition of two well known vulnerable web apps for training and testing purposes, DVWA and Mutillidae.
- Plus new tools and tools updates (see the Changelog within the Live DVD).

Definitely, I recommend you to try it and get the most of this open-source project when evaluating the security of your web applications and sites.

You can gather more details about the Samurai WTF from its main web page, http://samurai.inguardians.com, an OWASP presentation I did on December (available at http://www.radajo.com/2009/12/assessing-and-exploiting-web.html), and download the new version from Sourceforge: http://sourceforge.net/projects/samurai/.

Please, if you are a common user or want to try it, share your comments and improvements through the project mailing list (http://sourceforge.net/mail/?group_id=235785).

UPDATE: In order to get an overview of the list of tools available on Samurai WTF, check the RaDaJo presentation referred above, and the distro changelog file.

BTW, I will be teaching the SANS SEC542 class, "Web App Penetration Testing and Ethical Hacking" on Dubai, April 17-22, 2010.
--
Raul Siles (www.raulsiles.com)
Taddong is comming soon...


3 comment(s)

Comments

Many of the add-ons in the WTF Firefox Collection haven't been updated for Firefox 3.6.

Can you just disable version checking and have them all work properly? http://www.tomshardware.com/forum/237772-49-firefox-disable-version-checking
Oops. Process changes for 3.6 from 3.5.

http://kb.mozillazine.org/Updating_extensions#Completely_disabling_the_compatibility_check
Jason,
Assuming the add-on is compatible wit the target Firefox version, you can also modify the allowed versions within the add-on itself, as described in this RaDaJo post:

http://www.radajo.com/2009/10/samurai-web-testing-framework-wtf.html

Diary Archives