Web Security with Mantra on Chromium

OWASP Mantra Security Framework

OWASP Mantra is a security framework built on top of a browser. It is cross platform, portable and can run out of the box. You can take it with you where ever you go in absolutely any rewritable media including memory cards, flash drives and portable hard disks. More over, Mantra can be used for both offensive security and defensive security related tasks which makes it quite useful for penetration testing.

• Go to getmantra and Download Mantra on Chromium.

• Install into a directory of your choice. Pay attention to where you install it.

• Navigate to the installation directory and run the "MOC en 0.3 Alpha.exe" (or whichever version you downloaded).

• Choose "Network and Internet Tools" from menu in top right of browser.
  1. Select "Whois Lookup" and type www.google.com in the box and click the whois button.
  2. Select "IP Geo location" and type www.ulster.ac.uk in the box and click the geolocation button.
  3. Select "Traceroute" and type www.microsoft.com in the box and click go button.
  4. Experiment with some of the others tools such as "ping, TCP Ping, DNS Lookup" etc

• Choose "Site Spider" and enter a domain which you want indexed in order to perhaps download or view all documents and assets on that site e.g. enter https://kevincurran.org/com320/labs in the "Start On" box. Delete information in "Restrict to" box. Click the go button.

• Choose Chrome Crawler which when given a URL will scurry off looking for all links of that page and flag them for you to look at e.g. enter http://www.ulster.ac.uk and press Crawl.

• Choose CoNetServ which provides a nice interface to common network tools. Try entering www.google.com in the ping tool and pressing start. Check out the local and external services on the tabs as well for useful network information.

• Navigate to a site you have permission to browse in the browser. Once the site loads in your Mantra Chromium browser, choose Recx Security Analyzer and scroll down to see the explanations of any issues on that particular site.

• Finally, select The Exploit Database and navigate to here. Spend some time reading the resources on this crucial source of breaking information for hackers and penetration testers.