W3af
   HOME

TheInfoList



Click Here for Items Related To - W3af
OR:
W3af on:   [Wikipedia]   [Google]   [Amazon]

w3af (Web Application Attack and Audit Framework) is an
open-source Open source is source code that is made freely available for possible modification and redistribution. Products include permission to use and view the source code, design documents, or content of the product. The open source model is a decentrali ...
web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in
penetration testing A penetration test, colloquially known as a pentest, is an authorized simulated cyberattack on a computer system, performed to evaluate the security of the system; this is not to be confused with a vulnerability assessment. The test is performed ...
engagements. The scanner offers a
graphical user interface A graphical user interface, or GUI, is a form of user interface that allows user (computing), users to human–computer interaction, interact with electronic devices through Graphics, graphical icon (computing), icons and visual indicators such ...
and a
command-line interface A command-line interface (CLI) is a means of interacting with software via command (computing), commands each formatted as a line of text. Command-line interfaces emerged in the mid-1960s, on computer terminals, as an interactive and more user ...
.


Architecture

w3af is divided into two main parts, the core and the plug-ins.Part 1 of Andres Riancho’s presentation “w3af - A framework to 0wn the Web “at Sector 2009
Download PDF
 The core coordinates the process and provides features that are consumed by the plug-ins, which find the vulnerabilities and exploit them. The plug-ins are connected and share information with each other using a knowledge base. Plug-ins can be categorized as Discovery, Audit,
Grep grep is a command-line utility for searching plaintext datasets for lines that match a regular expression. Its name comes from the ed command g/re/p (global regular expression search and print), which has the same effect. grep was originally de ...
, Attack, Output, Mangle, Evasion or Bruteforce.


History

w3af was started by Andres Riancho in March 2007, after many years of development by the community. In July 2010, w3af announced its sponsorship and partnership with Rapid7. With Rapid7's sponsorship the project will be able to increase its development speed and keep growing in terms of users and contributors.


See also

* Metasploit Project *
Low Orbit Ion Cannon Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application written in C#. LOIC was initially developed by Praetox Technologies, however it was later released into the public domain and is cur ...
(LOIC) * Web application security *
OWASP The Open Worldwide Application Security Project (formerly Open Web Application Security Project) (OWASP) is an online community that produces freely available articles, methodologies, documentation, tools, and technologies in the fields of Io ...
Open Web Application Security Project


References


External links

*{{Official website
w3af documentation
Note: April 11, 2024 https://www.w3af.org is giving connection timed out failures. However, documentation is still accessible at http://docs.w3af.org/en/latest/. Redirected to W4af: https://github.com/w4af that is still in Alpha development Cyberwarfare Computer security software Electronic warfare Network analyzers Free security software Free network management software Cross-platform free software