‘w3af – Web Application Attack and Audit Framework’



‘The information has been provided by Andres Riancho.
To keep updated with the tool visit the project’s homepage at: http://w3af.sourceforge.net/


‘w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.

What kind of plugins are available ?
w3af has discovery, audit, evasion, grep and output plugins.

Discovery plugins are used to discover new valid URL’s on the site, examples of discovery plugins are googlespider_plugin, spider_plugin.py and urlfuzzer_plugin.

Evasion plugins are used to try to evade IDS’s.

Audit plugins are used to audit the security of a web application, examples of audit plugins are : xss_plugin, sqli_plugin and blindsqli_plugin.

Grep plugins are used to analyze every response that the server returns (no mather what plugin initiated the request) for interesting things. Examples of grep plugins are findcomments_plugin and pathdisclosure_plugin.

Output plugins are used to write the output of other plugins and the framework itself into a convenient format, examples of output plugins are : console_plugin, txtfile_plugin, html_plugin.’

Categories: Tools