Skip to content
OWASP DEF (Data Exchange Format)
Branch: master
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Type Name Latest commit message Commit time
Failed to load latest commit information.


OWASP DEF (Data Exchange Format Project)

OWASP Data Exchange Format - -

This is a draft project for the above, and this is WORK IN PROGRESS.

Background: At the moment exchanging data between pentest tools it is far too difficult.

So ... the purpose of this project is to define a simple, open format for exchanging data between pentest tools!

Involvement is encouraged, so if you would like to contribute to this project then please join the mailing list ( and / or contact one of the project leaders.

Theres also a Google Code project which we're using to store things like example formats used by pentest products. Contact Simon or Dinis to get commit access to this project.

Requirements: The format must be open, and licensed so that it can be adopted by all products, whether open, closed, free or commercial. It must be as simple to adopt as possible, and ideally based on existing open formats.

The goal of this draft is to come up with an Data Exchange Format that should be able to hold almost any Penetration test software output, whether this is Dynamic, Static, Information gathering or Attack / Brute force.

This is based on the initial work done by Simon Bennetts (Psiinon) Zed Attack Proxy Project Leader and Dinis Cruz O2 Platform Project Leader, and a lot of input from Dan Cornell and the guys behind Threadfix and the SSVL format.

Further information can be found at the above links.

I fully intend on this format being a part of OWASP.

The reason this draft lives here is only out of convenience for me.

You can’t perform that action at this time.