w3af Fifth BETA for Download – Automated Web Auditing and Exploitation Framework

Use Netsparker


As you all seem to pretty interested in Inguma, there’s something else similar called w3af – the fifth BETA was released a while back and the team are now working on the sixth.

w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and

We did mention when it was first released – w3af – Web Application Attack and Audit Framework.

There are a lot of small changes, but the basic and bigger ones are:

  • Virtual daemon, a way to use Metasploit framework payloads/shellcodes while exploiting web applications.
  • w3afAgent, a reverse VPN that allows you to route packets through the compromised server
  • Good samaritan, a module that allows you to exploit blind sql injections much faster
  • 20+ new plugins
  • A lot of bug fixes
  • A much more stable core.

A full plugin list is here:

w3af – Plugins

The users guide can be found here:

w3afUsersGuide.pdf

The author has also uploaded the presentation material he made for the T2 conference in Finland – this can serve as a good introduction.

w3af-T2.pdf

You can download w3af here:

w3af BETA5

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , , ,


Latest Posts:


BDFProxy - Patch Binaries via MITM - BackdoorFactory + mitmProxy BDFProxy – Patch Binaries via MiTM – BackdoorFactory + mitmproxy
BDFProxy allows you to patch binaries via MiTM with The Backdoor Factory combined with mitmproxy enabling on the fly patching of binary downloads
Domained - Multi Tool Subdomain Enumeration Domained – Multi Tool Subdomain Enumeration
Domained is a multi tool subdomain enumeration tool that uses several subdomain enumeration tools and wordlists to create a unique list of subdomains.
Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.


9 Responses to w3af Fifth BETA for Download – Automated Web Auditing and Exploitation Framework

  1. goodpeople January 16, 2008 at 12:11 pm #

    There’s no download link!

  2. Darknet January 16, 2008 at 5:07 pm #

    Oops my bad, thanks leyou – I’ve added the download link in.

  3. Daniel January 16, 2008 at 7:12 pm #

    I wish they’d sort out the annoying tidy issue:

    [daniel@touchme ~]$ w3af
    You have to install utidy lib.
    Error: No module named tidy

    even when utidy is installed and working

  4. goodpeople January 17, 2008 at 12:55 am #

    When unpacking, my virusscanner trips over PHISH/Paypalfraud.T

  5. eM3rC February 7, 2008 at 5:36 am #

    Never seem a program that just focuses on this. Thanks for the post Darknet.

    I have a quick question, by web vulnerability tool do you mean programs that operate within a webpage or actual exploits for the webpage you are viewing (or something else I am completely missing)?

  6. fuzion July 30, 2008 at 8:32 pm #

    I wrote a script to update w3af and install the new prerequisites to use its new gtkUI:
    http://fuzion.rootmybox.org/2008/07/30/w3af-on-backtrack-3-final-svn-style/

  7. Rashid August 16, 2008 at 12:07 pm #

    I have downloaded this script and installed all reqired packages but i m unable to find out utidy package on the net. Please tell me from where to get this package for fedora 8.

  8. fuzion August 27, 2008 at 12:28 am #

    @Rashid
    Get w3af via SVN and report any bugs you find.

    svn co https://w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af

    More info:
    http://nukeit.org/category/tools/