w3af, the Web Application Attack and Audit Framework

w3af, the Web Application Attack and Audit FrameworkAndres Riancho has released w3af 1.0  - the Web Application Attack and Audit Framework


This framework is written in python and resembles  to metasploit  having an architecture  based on plugins:

  • Discovery plugins have only one responsability, finding new URL’s, forms, and other "injection points".
  • Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities.
  • Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, o a dump of remote databases in case of SQL injections.
  • Evasion plugins are used to try to evade IDS’s.
  • Grep plugins are used to analyze every response that the server returns (no mather what plugin initiated the request) for interesting things.
  • Output plugins are used to write the output of other plugins and the framework itself into a convenient format

In order to use this tool efficiently, you can read the w3af Users Guide(PDF). I will post more on this framework, so stay tuned.

Share This

If you enjoyed this post, make sure you subscribe to my RSS feed!



Thank you for reading this post. You can now Leave A Comment (0) or Leave A Trackback.

Post Info

This entry was posted on Friday, June 15th, 2007 and is filed under Framework, Web Applications, Tools.

You can follow any responses to this entry through the Comments Feed. You can Leave A Comment, or A Trackback.



Previous Post: DirBuster : A New Web Application Brute Force Tool »
Next Post: Free Safe Browsing API from Google »

Read More

Related Reading:

Latest Posts:


Leave a Reply

Note: Any comments are permitted only because the site owner is letting you post, and any comments will be removed for any reason at the absolute discretion of the site owner.

Close
E-mail It