OWASP Mth3l3m3nt Framework

A penetration testing tool and exploitation framework to make pentesting on the go a reality.



Client Side Obfuscator

Obfuscate client side scripts with ease to non-readable formats , it may prove particularly useful in XSS attacks as well as CSRF.


Web Herd

Control Web Based backdoors via HTTP on one central interface and never have run away webshells again.


Easy Backdoor Generation

Easily generate backdoors for various platforms , minimal , non noisy and efficient to ensure your attacks are stealthy and successful. Be the ghost in the network. Current Support for: JSP, JSPX, PHP, ASP, ASPX


Payload Encoding/Decoding

Encode or decode strings or payloads in various formats, This can be particularly useful in input injection and file inclusion attacks. Current Supported formats are : Base 64 , Regular Hex Format, Hex in \x Format , Hex with 0x Prefix , Rot 13


Easy Exploit Development

Develop File Inclusion exploits in as little as 8 Lines of code, This is easy and fast for extension of the framework.


Generic Requests Module

This module is a similar service to hurl.it. We all love the curl capabilities it has but on internal pentests when dealing with web applications it becomes hard to use the service fully to this potential. Currently it supports the following requests: GET,HEAD,POST,TRACE,OPTIONS.


Payload Store

Store your frequently used payloads and notes on them so that you don't have to repeat a learning curve on executing the same attack again.


Other Features

Other Key Features include:

  • string manipulation tools
  • WHOIS
  • LFI Exploitation Module