[ad]
As you all seem to pretty interested in Inguma, there’s something else similar called w3af – the fifth BETA was released a while back and the team are now working on the sixth.
w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and
We did mention when it was first released – w3af – Web Application Attack and Audit Framework.
There are a lot of small changes, but the basic and bigger ones are:
- Virtual daemon, a way to use Metasploit framework payloads/shellcodes while exploiting web applications.
- w3afAgent, a reverse VPN that allows you to route packets through the compromised server
- Good samaritan, a module that allows you to exploit blind sql injections much faster
- 20+ new plugins
- A lot of bug fixes
- A much more stable core.
A full plugin list is here:
The users guide can be found here:
The author has also uploaded the presentation material he made for the T2 conference in Finland – this can serve as a good introduction.
You can download w3af here:
Or read more here.
goodpeople says
There’s no download link!
leyou says
http://sourceforge.net/project/showfiles.php?group_id=170274
Darknet says
Oops my bad, thanks leyou – I’ve added the download link in.
Daniel says
I wish they’d sort out the annoying tidy issue:
[daniel@touchme ~]$ w3af
You have to install utidy lib.
Error: No module named tidy
even when utidy is installed and working
goodpeople says
When unpacking, my virusscanner trips over PHISH/Paypalfraud.T
eM3rC says
Never seem a program that just focuses on this. Thanks for the post Darknet.
I have a quick question, by web vulnerability tool do you mean programs that operate within a webpage or actual exploits for the webpage you are viewing (or something else I am completely missing)?
fuzion says
I wrote a script to update w3af and install the new prerequisites to use its new gtkUI:
http://fuzion.rootmybox.org/2008/07/30/w3af-on-backtrack-3-final-svn-style/
Rashid says
I have downloaded this script and installed all reqired packages but i m unable to find out utidy package on the net. Please tell me from where to get this package for fedora 8.
fuzion says
@Rashid
Get w3af via SVN and report any bugs you find.
svn co https://w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af
More info:
http://nukeit.org/category/tools/