Jump to content

w3af

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by ClueBot NG (talk | contribs) at 18:45, 14 December 2013 (Reverting possible vandalism by 197.34.109.245 to version by 94.79.138.166. False positive? Report it. Thanks, ClueBot NG. (1619938) (Bot)). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.


w3af
Developer(s)Andres Riancho
Stable release
1.0-stable / 25 May 2011; 13 years ago (2011-05-25)
Preview release
1.1 / 10 November 2011; 12 years ago (2011-11-10)
Repository
Operating systemTemplate:Cross-platform
TypeComputer security
LicenseGPL v2
Websitewww.w3af.org

w3af (short for web application attack and audit framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications.[1] It provides information about security vulnerabilities and aids in penetration testing efforts.

This cross-platform tool is available in all of the popular operating systems such as Microsoft Windows, Linux, Mac OS X, FreeBSD and OpenBSD and is written in the Python programming language. Users have the choice between a graphic user interface and a command-line interface.[2]

w3af identifies most web application vulnerabilities using more than 130 plug-ins. After identification, vulnerabilities like (blind) SQL injections, OS commanding, remote file inclusions (PHP), cross-site scripting (XSS), and unsafe file uploads, can be exploited in order to gain different types of access to the remote system.

w3af Architecture

w3af is divided into two main parts, the core and the plug-ins.[3] The core coordinates the process and provides features that are consumed by the plug-ins, which find the vulnerabilities and exploit them. The plug-ins are connected and share information with each other using a knowledge base.

Plug-ins are categorized in the following types:

  • Discovery
  • Audit
  • Grep
  • Attack
  • Output
  • Mangle
  • Evasion
  • Bruteforce

w3af History

w3af was started by Andres Riancho in March 2007, after many years of development by the community. In July 2010, w3af announced its sponsorship and partnership with Rapid7. With Rapid7's sponsorship the project will be able to increase its development speed and keep growing in terms of users and contributors.

See also

References

  1. ^ www.w3af.org
  2. ^ w3af documentation
  3. ^ Part 1 of Andres Riancho’s presentation “w3af - A framework to 0wn the Web “at Sector 2009, Download PDF