‘w3af – Web Application Attack and Audit Framework’
‘w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
What kind of plugins are available ?
w3af has discovery, audit, evasion, grep and output plugins.
Discovery plugins are used to discover new valid URL’s on the site, examples of discovery plugins are googlespider_plugin, spider_plugin.py and urlfuzzer_plugin.
Evasion plugins are used to try to evade IDS’s.
Audit plugins are used to audit the security of a web application, examples of audit plugins are : xss_plugin, sqli_plugin and blindsqli_plugin.
Grep plugins are used to analyze every response that the server returns (no mather what plugin initiated the request) for interesting things. Examples of grep plugins are findcomments_plugin and pathdisclosure_plugin.
Output plugins are used to write the output of other plugins and the framework itself into a convenient format, examples of output plugins are : console_plugin, txtfile_plugin, html_plugin.’