As you all seem to pretty interested in Inguma, there’s something else similar called w3af – the fifth BETA was released a while back and the team are now working on the sixth.
w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and
We did mention when it was first released – w3af – Web Application Attack and Audit Framework.
There are a lot of small changes, but the basic and bigger ones are:
- Virtual daemon, a way to use Metasploit framework payloads/shellcodes while exploiting web applications.
- w3afAgent, a reverse VPN that allows you to route packets through the compromised server
- Good samaritan, a module that allows you to exploit blind sql injections much faster
- 20+ new plugins
- A lot of bug fixes
- A much more stable core.
A full plugin list is here:
The users guide can be found here:
The author has also uploaded the presentation material he made for the T2 conference in Finland – this can serve as a good introduction.
You can download w3af here:
Or read more here.
- ODAT (Oracle Database Attacking Tool) – Test Oracle Database Security
- Navy Sys Admin Hacks Into Databases From Aircraft Carrier
- aidSQL – PHP Application For SQL Injection Detection & Exploitation
- w3af 1.0-rc3 Available For Download – Web Application Attack & Audit Framework
- w3af v1.1 Released For Download – Web Application Attack & Audit Framework
- w3af – Web Application Attack and Audit Framework
Most Read in Database Hacking:
- Pangolin – Automatic SQL Injection Tool - 73,730 views
- bsqlbf 1.1 – Blind SQL Injection Tool - 53,878 views
- Absinthe Blind SQL Injection Tool/Software - 39,036 views