Mar
24
2008
w3af – Web Application Attack and Audit Framework
Posted by security in Exploit Framework / PenTesting, Vulnerability Management, tags: attack, audit, exploit, framework, open source, web application
w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. This project is currently hosted at SourceForge. For further information, you may also want to visit w3af SourceForge project page.
If you here just to "take a look" maybe this screenshots will show you what w3af can do:
- OS commanding detection and exploit (console user interface)
- OS commanding and DAV misconfiguration detection and exploit (console user interface)
- Blind SQL Injection exploit (console user interface)
- OS commanding detection and exploit (pyGTK user interface)
Official documentation:
- The w3af users guide can be found here.
- The epydoc documentation for w3af can be found here.
- The presentation materials used at the T2 conference can be found here.
External resources:
Josh Summit wrote a two part tutorial of w3af on his blog: 1 , 2 .
Comments Off
Entries (RSS)