w3af -Web Application Attack and Audit Framework (Tutorial Part 1)

w3af is a Web Application Attack and Audit Framework. The w3af core and its plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much.

w3af Architecture
  • Discovery
  • Audit
  • Grep
  • Attack
  • Output
  • Mangle
  • Evasion
  • Bruteforce

First install the latest version of w3af in your pc

Open your backtrack terminal and type

svn co https://w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af

cd /pentest/web/w3af

./w3af_console

In the console, type in help to look at the list of available commands

In the console, type plugins to Enable and configure plugins.

In the console, type Exploit to Exploit the Vulnerability.

In the console, type profiles to list and use scan profiles

In the console, type http-settings to configure the HTTP settings of the framework.

In the console, type misc-settings to configure w3af misc settings.

in the console, type target configure the target URL.

In the console, type versions to show w3af version information.

In the console, type keys to Display key shortcuts.

Leave a Reply

Your email address will not be published. Required fields are marked *