Our last mention of w3af was back in 2008 when the fifth BETA was released, the team have recently released a new version 1.0 – Release Candidate 3.
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend.
- Enhanced GUI, including huge changes in the MITM proxy and the Fuzzy Request Editor
- Increased speed by rewriting parts of the thread management code
- Fixed tons of bugs
- Reduced memory usage
- Many plugins were rewritten using different techniques that use less HTTP requests to identify the same vulnerabilities
- Reduced false positives
You can download w3af 1.0-rc3 here:
Or read more here.