New Rootkits Infecting the MBR » « The First Reported Facebook Worm/Malware Pops Up - Secret Crush 
w3af Fifth BETA for Download - Automated Web Auditing and Exploitation Framework
Darknet spilled these bits on January 16th 2008 @ 7:22 am

As you all seem to pretty interested in Inguma, there’s something else similar called w3af - the fifth BETA was released a while back and the team are now working on the sixth.

w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and

We did mention when it was first released - w3af - Web Application Attack and Audit Framework.

There are a lot of small changes, but the basic and bigger ones are:

  • Virtual daemon, a way to use Metasploit framework payloads/shellcodes while exploiting web applications.
  • w3afAgent, a reverse VPN that allows you to route packets through the compromised server
  • Good samaritan, a module that allows you to exploit blind sql injections much faster
  • 20+ new plugins
  • A lot of bug fixes
  • A much more stable core.

A full plugin list is here:

w3af - Plugins

The users guide can be found here:

w3afUsersGuide.pdf

The author has also uploaded the presentation material he made for the T2 conference in Finland - this can serve as a good introduction.

w3af-T2.pdf

You can download w3af here:

w3af BETA5

Or read more here.

Tags:  ,  ,  ,  ,  ,  ,  ,  ,  

rss Subscribe to Darknet RSS Feed rss

Stored in: Database Hacking, Hacking Tools, Web Hacking

Related Posts:
- w3af - Web Application Attack and Audit Framework
- PIRANA - Exploitation Framework for Email Content Filters
- BeEF - Browser Exploitation Framework
- Metasploit 2.7 Released - Automated Hacking
- FireCAT - Firefox Catalog of Auditing Tools
- Metasploit 3.0 Beta 3 Released

| 3,143 views |

rss 8 comments
trackback this article
  1. goodpeople
    January 16th, 2008 | 12:11 pm

    There’s no download link!

  2. leyou
    January 16th, 2008 | 1:50 pm

    http://sourceforge.net/project/showfiles.php?group_id=170274

  3. Darknet
    January 16th, 2008 | 5:07 pm

    Oops my bad, thanks leyou - I’ve added the download link in.

  4. Daniel
    January 16th, 2008 | 7:12 pm

    I wish they’d sort out the annoying tidy issue:

    [daniel@touchme ~]$ w3af
    You have to install utidy lib.
    Error: No module named tidy

    even when utidy is installed and working

  5. goodpeople
    January 17th, 2008 | 12:55 am

    When unpacking, my virusscanner trips over PHISH/Paypalfraud.T

  6. eM3rC
    February 7th, 2008 | 5:36 am

    Never seem a program that just focuses on this. Thanks for the post Darknet.

    I have a quick question, by web vulnerability tool do you mean programs that operate within a webpage or actual exploits for the webpage you are viewing (or something else I am completely missing)?

  7. fuzion
    July 30th, 2008 | 8:32 pm

    I wrote a script to update w3af and install the new prerequisites to use its new gtkUI:
    http://fuzion.rootmybox.org/2008/07/30/w3af-on-backtrack-3-final-svn-style/

  8. Rashid
    August 16th, 2008 | 12:07 pm

    I have downloaded this script and installed all reqired packages but i m unable to find out utidy package on the net. Please tell me from where to get this package for fedora 8.

comment on this article

Sitemap - ShaolinTiger - DigiSniper - Digital Photography
Shutter Asia Photography Forum - We Ate This