Mantra is an open source Browser based Security Framework, which is based on the Mozilla`s Firefox Web Browser. It is the part of OWASP Open Web Application Security Project.
In simple words, it is a collection of free and open source tools integrated into a web Browser.
Unlike a normal web browser; this is portable and compact, making it a handy device, which can be carried in either memory cards, flash drives, CD/DVDs or in any storage devices and can be installed in less time. It also supports few special tools.
Mantra as defined by Abhi M. Balakrishnan, the Project Leader of OWASP - is an unofficial distribution of Firefox with some extensions bundled with it; mainly extensions that are designed for security assessments. The intention behind developing Mantra was to establish an ecosystem that provides security professionals a platform for manual security assessments. Even though it has miles to go before reaching that level, we feel it satisfies the needs of a security toolkit.
Mantra uses a graphical user interface (GUI) and works with operating systems- Linux, Windows and Mac OS X.
Mantra will be useful for penetration testers, web application developers, security professionals, students etc. In deed, it`s an emerging opportunity for developers who are security focused as they can develop extensions for Mantra very easily and Also makes the Attackers (Ethical) job easier. Mantra helps in performing all the five phases of attacks including reconnaissance, scanning and enumeration, gaining access, escalation of privileges, maintaining access, and covering tracks
The updated version of Mantra - OWASP Mantra version 0.61 has been released. Since it`s first release, it has been inducted in the OWASP program and has been re-branded as OWASP Mantra. This release has been code named as GANDIVA.
As any other security assessment tools, Mantra can also be used for both offensive and defensive security tasks. It also contains a set of tools targeted for web developers and code debuggers, which makes it handy for both offensive security and defensive security related tasks.
It supports tools which may either be a boon or bane to testing community. For example, tools like
(a) People Search Engine which helps to find Invisible Web (Deep Web) pages that cannot be found on regular search engines like chrome or internet explorer it allows to search for Contact details, Personal profiles, Photos, Videos, Publications, Web Pages, News Articles, Blog Posts, Documents etc.
(b) Facebook Search without logging in! Search Facebook Messages, People, Applications, Music, Video, Groups etc. For more it allows one to search for specific texts on the walls of Facebook subscribers.
This tool in a security professional's hand helps the professionals to correct any weaknesses and in a hacker's hand helps to exploit unsecured systems.