w3af is a Web Application Attack and Audit Framework. The w3af core and its plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much.

w3af Architecture
  • Discovery
  • Audit
  • Grep
  • Attack
  • Output
  • Mangle
  • Evasion
  • Bruteforce

First install the latest version of w3af in your pc

Open your backtrack terminal and type

svn co https://w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af

cd /pentest/web/w3af

./w3af_console

In the console, type in help to look at the list of available commands

In the console, type plugins to Enable and configure plugins.

In the console, type Exploit to Exploit the Vulnerability.

In the console, type profiles to list and use scan profiles

In the console, type http-settings to configure the HTTP settings of the framework.

In the console, type misc-settings to configure w3af misc settings.

in the console, type target configure the target URL.

In the console, type versions to show w3af version information.

In the console, type keys to Display key shortcuts.

Raj Chandel

Raj Chandel is a Skilled and Passionate IT Professional especially in IT-Hacking Industry. At present other than his name he can also be called as An Ethical Hacker, A Cyber Security Expert, A Penetration Tester. With years of quality Experience in IT and software industry.His interests are mainly in system exploitation and vulnerability research. Contact me: [email protected]

More Posts

Follow Me:
TwitterFacebookGoogle Plus