Skip to content
/ OWASP-mth3l3m3nt-framework Public
forked from alienwithin/OWASP-mth3l3m3nt-framework

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsive interface.

alienwithin.github.io/owasp-mth3l3m3nt-framework/
0 stars 66 forks Branches Tags Activity
Star
Notifications

theralfbrown/OWASP-mth3l3m3nt-framework

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

49 Commits

db_dump_optional

db_dump_optional

 
 

documentation

documentation

 
 

framework

framework

 
 

lib

lib

 
 

res

res

 
 

server-configs

server-configs

 
 

themes

themes

 
 

tmp

tmp

 
 

.htaccess

.htaccess

 
 

README.md

README.md

 
 

composer.json

composer.json

 
 

index.php

index.php

 
 

Repository files navigation

#OWASP Mth3l3m3nt Framework

Modules Packed in so far are:

  • Payload Store
  • Shell Generator (PHP/ASP/JSP/JSPX/CFM)
  • Payload Encoder and Decoder (Base64/Rot13/Hex/Hexwith \x seperator/ Hex with 0x Prefix)
  • CURL GUI (GET/POST/TRACE/OPTIONS/HEAD)
  • LFI Exploitation module (currently prepacked with: Koha Lib Lime LFI/ Wordpress Aspose E-book generator LFI/ Zimbra Collaboration Server LFI)
  • HTTP Bot Herd to control web shells.
  • WHOIS
  • String Tools
  • Client Side Obfuscator

Currently it is set to use a flat file database.

Copy all the files into your webroot except db_dump_optional

Ensure the Folders Below are writeable:

  • tmp
  • framework/data
  • framework/data/site_config.json

It should run from the get go All just navigate to it.

the login url is: /cnc

username:mth3l3m3nt password:mth3l3m3nt

By Default I have set it to use the JIG database but this you can change at any point in the backend. The DB Dump in place is for users who use MySQL and need demo data. Unfortunately I have only done for MySQL. It's my DB of choice.

Alternatively watch the installation here:

https://www.youtube.com/playlist?list=PL8peOGsl5TC4WscgWaNMx0xJlS6X2QJI0

If you would like to switch from JIG you can do so in the settings. Please note the DB has to be created, it only populates it with the required tables, it doesn't drop or create the DB , other supported Databases are:

  • Mongo DB
  • MSSQL
  • PostgreSQL
  • SQLite
  • MySQL

Other than SQLite please ensure that you have the PHP extensions for the Databases above so that it can access them through PHP Data Objects.

For MySQL users needing MySQL Sample Data like alot of it especially payloads switch the database to MySQL and import data from the Dump to populate.

Incase of questions or suggestions or bugs and what nots: http://munir.skilledsoft.com

You may also send them or subscribe to the mailing list: https://lists.owasp.org/mailman/listinfo/owasp-mth3l3m3nt-framework-project

It's been tested on :

  • Apache
  • Litespeed
  • Nginx
  • Lighttpd

Incase you test on another server please give your review.

If installing it in a subfolder edit the .htaccess file to reflect the RewriteBase as the subfolder.

Having Problems getting it running on your webserver, check out our webserver configuration guide.

About

OWASP Mth3l3m3nt Framework is a penetration testing aiding tool and exploitation framework. It fosters a principle of attack the web using the web as well as pentest on the go through its responsive interface.

alienwithin.github.io/OWASP-mth3l3m3nt-framework/

Resources

Readme
Activity

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

3 tags

Packages

No packages published

Languages

  • HTML 68.3%
  • PHP 15.7%
  • CSS 9.1%
  • JavaScript 4.8%
  • PLSQL 1.8%
  • ApacheConf 0.3%