OWASP Mantra Security Framework

OWASP Mantra is a free and open source security toolkit with a collection of add-ons and scripts based on Firefox and Chromium. It is intended for web application penetration testers, web application developers, security professionals, etc. Earlier versions of Mantra used Firefox as base named "Mantra Security Toolkit'. From September 2011 onwards Mantra started offering a new distribution called 'MoC', based on Google Chrome. As of May 2012, both the products are available and are active.



History
Abhi M Balakrishnan initialised the project in October 2010 with Gokul C Gopinath. The first public beta release was at ClubHACK in December 2010 and was available only for Windows platform.

Within few month after the first public release, Yashartha Chaturvedi joined the project. Soon after, the project got listed as an OWASP project. The second public beta release in June 2011, codenamed 'Gandiva' included OWASP branding. With the release of Gandiva, Mantra started supporting more platforms including Macintosh, Linux i686 and x86_64. Gandiva was based on Firefox 4. From this release onwards Mantra started organizing their tools menu according to the structure suggested by FireCAT and packing 'The Open Penetration Testing Bookmarks Collection'.

From September 2011 onwards Mantra started maintaining a Google Chrome based project named 'MoC' aka 'Mantra on Chromium'. A new pre alpha version of it got released on the same date, which straight away started organizing tools according to KromCAT.

BackTrack, a leading penetration testing distribution added Mantra to their repositories and started supplying it with BackTrack 5 release. The Matriux Linux distribution added Mantra to their "Krypton" live DVD on 15 August 2011.

In October 2011, a new version of Mantra based on Firefox 7.0.1 was released at c0c0n 11 and AppSecLatam 11 together by the team members.

An updated version of 'MoC' got released in November 2011, codenamed 'Wind Wheel', and was available in English, French and Spanish versions.

Two months after the c0c0n 11 and AppSecLatam 11 release, a new version of 'Mantra Security Toolkit' has been released towards the end of December 2011. It was based on Firefox 9.0.1, codenamed 'Armada'. From this releases, Mantra started including Galley in their bookmarks and started using a modified version of 'FXChrome' theme. This made Armada looks like a Google Chrome derivative even though it was based on Firefox.

OWASP Mantra Lexicon, a successor version of 'Armada' got released in May 2012. Lexicon is based on Firefox 12 and is available in 10 languages: English, Arabic, Spanish, French, Portuguese, Russian, Turkish, Simplified Chinese and Traditional Chinese.

8 months after the previous release, OWASP Mantra Janus has been released to the public on 2013 January. The main difference from the previous release was a single installer for all languages.

Features
Mantra comes packed with many tools and other extensions that are useful for web application penetration testing. Some additional changes are applied to the normal Firefox to avoid extra traffic and noises.

Other notable features include:


 * FireCAT/ KromCAT menu structure makes the tools menu more organised and easy to access.
 * Sidebar of Mantra provides quick access to tools and other features
 * The awesome bar acts as URL bar and search bar at the same time. Various details about the currently visited webpage are also shown in the awesome bar.
 * Add to search bar feature helps users to customise default search feature of awesome bar.
 * URL increment/ decrement buttons helps in applying quick changes to the URL.
 * Hackery aka The Open Pentest Bokkmarks Collection gives links to various resources and portal that are related to penetration testing.
 * Galley bookmarks provides links to various on-line penetration testing related services.
 * Proxy, Cookie and Cache management tools
 * FTP, SSH, REST and SQLite clients

Tools
The OWASP Mantra Security Toolkit has tools under the following categories in line with FireCAT.


 * Information gathering
 * Editors
 * Network utilities
 * Miscellaneous
 * Application auditing
 * Proxy

Project leaders

 * Abhi M. Balakrishnan
 * Yashartha Chaturvedi

Supporters and contributors

 * Gokul C. Gopinath
 * Maximiliano Soler – translator and tester
 * Gopu C. Gopinath – design head
 * Thomas Mackenzie – contributor and tester
 * Niraj Mohite – contributor and tester
 * Rahul Babu R – contributor and tester