Andres Riancho has released w3af 1.0  – the Web Application Attack and Audit Framework

This framework is written in python and resembles  to metasploit  having an architecture  based on plugins:

• Discovery plugins have only one responsability, finding new URL’s, forms, and other "injection points".
• Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities.
• Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, o a dump of remote databases in case of SQL injections.
• Evasion plugins are used to try to evade IDS’s.
• Grep plugins are used to analyze every response that the server returns (no mather what plugin initiated the request) for interesting things.
• Output plugins are used to write the output of other plugins and the framework itself into a convenient format

In order to use this tool efficiently, you can read the w3af Users Guide(PDF). I will post more on this framework, so stay tuned.

Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.  Print This Post