Login
Login

w3af

{{Short description|Open-source web application security scanner}}

{{lowercase}}

{{Infobox software

| name = w3af

| logo = W3af project logo.png

| logo size = 124px

| caption = "Web Application Attack and Audit Framework"

| screenshot = w3af-screenshot.png

| developer = Andres Riancho

| latest release version = {{wikidata|property|edit|reference|P348}}

| latest release date = {{wikidata|qualifier|P348|P577}}

| latest preview version =

| latest preview date =

| operating system = Windows, OS X, Linux, FreeBSD, OpenBSD

| programming language = Python

| genre = Computer security

| license = GPLv2

| website = {{URL|http://www.w3af.org}}

}}

w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications.[http://www.w3af.org Official website] It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface.[http://sourceforge.net/p/w3af/code/HEAD/tree/trunk/readme/EN/w3af-users-guide.pdf?format=raw w3af documentation] {{Archive url|url=https://web.archive.org/web/20131105170107/http://sourceforge.net/p/w3af/code/HEAD/tree/trunk/readme/EN/w3af-users-guide.pdf?format=raw|date=2013-11-05}}

Architecture

w3af is divided into two main parts, the core and the plug-ins.Part 1 of Andres Riancho’s presentation “w3af - A framework to 0wn the Web “at Sector 2009, [https://sector.ca/wp-content/uploads/presentations09/w3af%20in%20150%20minutes%20-%20part%201.pdf Download PDF] {{Archive url|url=https://web.archive.org/web/20171114202428/https://sector.ca/wp-content/uploads/presentations09/w3af%20in%20150%20minutes%20-%20part%201.pdf|date=2017-11-14}} The core coordinates the process and provides features that are consumed by the plug-ins, which find the vulnerabilities and exploit them. The plug-ins are connected and share information with each other using a knowledge base.

Plug-ins can be categorized as Discovery, Audit, Grep, Attack, Output, Mangle, Evasion or Bruteforce.

History

w3af was started by Andres Riancho in March 2007, after many years of development by the community. In July 2010, w3af announced its sponsorship and partnership with Rapid7. With Rapid7's sponsorship the project will be able to increase its development speed and keep growing in terms of users and contributors.

See also

{{Portal|Free and open-source software}}

References

{{Reflist}}

External links

  • {{Official website}}
  • [http://w3af.org/howtos w3af documentation]

Note: April 11, 2024 https://www.w3af.org is giving connection timed out failures. However, documentation is still accessible at http://docs.w3af.org/en/latest/. Redirected to W4af: https://github.com/w4af that is still in Alpha development

Category:Cyberwarfare

Category:Computer security software

Category:Electronic warfare

Category:Network analyzers

Category:Free security software

Category:Free network management software

Category:Cross-platform free software