w3af - (Web application vulnerabilities scanner)

  • What kind of beast is this?

    w3af is a framework designed specifically for auditing web applications. Its main goal is to directly identify and exploit detected vulnerabilities in web applications. This framework is as with a graphical environment, and in the console version.


    The w3af kernel and its plugins are completely written in Python. W3af has a wide range of plugins that can scan and scan web applications for 200+ vulnerabilities!

    Framework Homepage: http://w3af.org/


    The installation is the most standard: cloning from github repositories, unpacking and launching.

    Cloning from github repositories

    git clone https://github.com/andresriancho/w3af.git


    cd w3af




    Consider the options for this framework.

    W3af help



    w3af_console -h

    w3af_console [-s <script file>]


    -h or --help

    Show this help message

    -s <script file> or --script = <script file>

    Run the script <script file>

    -p <profile> or --profile = <profile>

    Run with selected <profile>

    -P <profile> or --profile-run = <profile>

    Run with the selected <profile> in batch mode

    -v or --version

    Show w3af version

    W3af manual (w3af_console)
    w3af >>> plugins

    w3af / plugins >>> help

    | ------------------------------------------------- ----------------------------- |

    | list | List of available plugins. |

    | ------------------------------------------------- ----------------------------- |

    | back | Go to the previous menu. |

    | exit | Exit w3af. |

    | ------------------------------------------------- ----------------------------- |

    | grep | View, configure and enable grep plugins |

    | audit | View, configure and enable audit plugins |

    | evasion | View, configure and enable evasion plugins |

    | crawl | View, configure, and enable crawl plugins |

    | auth | View, configure, and enable authentication plugins |

    | mangle | View, configure and enable distortion plugins |

    | output | View, configure and enable output plugins |

    | bruteforce | View, configure and enable brute force plugins |

    | infrastructure | View, configure and enable infrastructure plugins |

    | ------------------------------------------------- ----------------------------- |

    To find out the details for each plugin, use the desc command as follows:

    w3af / plugins >>> group_name desc plugin_name

    For instance:

    w3af / plugins >>> audit desc xss

    If you liked this article, like and subscribe to the group, as for us it is a strong support and motivation to continue to post educational and useful material. See you soon and thank you for your attention!)

Log in to reply

Login in your account to Start Chat