1.6.54 / 10 June 2015
|Operating system||Windows, OS X, Linux, FreeBSD, OpenBSD|
w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface.
w3af is divided into two main parts, the core and the plug-ins. The core coordinates the process and provides features that are consumed by the plug-ins, which find the vulnerabilities and exploit them. The plug-ins are connected and share information with each other using a knowledge base.
Plug-ins can be categorized as Discovery, Audit, Grep, Attack, Output, Mangle, Evasion or Bruteforce.
- Metasploit Project
- Low Orbit Ion Cannon (LOIC)
- Web application security
- OWASP Open Web Application Security Project
- "Release 1.6.54: Prevent DBException: database or disk is full - Should stop the scan …". Retrieved 24 September 2019.
- w3af documentation
- Part 1 of Andres Riancho’s presentation “w3af - A framework to 0wn the Web “at Sector 2009, Download PDF