w3af Fifth BETA for Download – Automated Web Auditing and Exploitation Framework

Outsmart Malicious Hackers


As you all seem to pretty interested in Inguma, there’s something else similar called w3af – the fifth BETA was released a while back and the team are now working on the sixth.

w3af is a Web application attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and

We did mention when it was first released – w3af – Web Application Attack and Audit Framework.

There are a lot of small changes, but the basic and bigger ones are:

  • Virtual daemon, a way to use Metasploit framework payloads/shellcodes while exploiting web applications.
  • w3afAgent, a reverse VPN that allows you to route packets through the compromised server
  • Good samaritan, a module that allows you to exploit blind sql injections much faster
  • 20+ new plugins
  • A lot of bug fixes
  • A much more stable core.

A full plugin list is here:

w3af – Plugins

The users guide can be found here:

w3afUsersGuide.pdf

The author has also uploaded the presentation material he made for the T2 conference in Finland – this can serve as a good introduction.

w3af-T2.pdf

You can download w3af here:

w3af BETA5

Or read more here.

Posted in: Database Hacking, Hacking Tools, Web Hacking

, , , , , , ,


Latest Posts:


OWASP ZSC - Obfuscated Code Generator Tool OWASP ZSC – Obfuscated Code Generator Tool
OWASP ZSC is an open source obfuscated code generator tool in Python which lets you generate customized shellcodes and convert scripts to an obfuscated script.
A Look Back At 2017 – Tools & News Highlights A Look Back At 2017 – Tools & News Highlights
So here we are in 2018, taking a look back at 2017, quite a year it was. Here is a quick rundown of some of the best hacking/security tools released in 2017, the biggest news stories and the 10 most viewed posts on Darknet as a bonus.
Spectre & Meltdown Checker - Vulnerability Mitigation Tool For Linux Spectre & Meltdown Checker – Vulnerability Mitigation Tool For Linux
Spectre & Meltdown Checker is a simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Hijacker - Reaver For Android Wifi Hacker App Hijacker – Reaver For Android Wifi Hacker App
Hijacker is a native GUI which provides Reaver for Android along with Aircrack-ng, Airodump-ng and MDK3 making it a powerful Wifi hacker app.
Sublist3r - Fast Python Subdomain Enumeration Tool Sublist3r – Fast Python Subdomain Enumeration Tool
Sublist3r is a Python-based tool designed to enumerate subdomains of websites using OSINT. It helps penetration testers and bug hunters collect and gather subdomains for the domain they are targeting.
coWPAtty Download - Audit Pre-shared WPA Keys coWPAtty Download – Audit Pre-shared WPA Keys
coWPAtty is a C-based tool for running a brute-force dictionary attack against WPA-PSK and audit pre-shared WPA keys.


9 Responses to w3af Fifth BETA for Download – Automated Web Auditing and Exploitation Framework

  1. goodpeople January 16, 2008 at 12:11 pm #

    There’s no download link!

  2. Darknet January 16, 2008 at 5:07 pm #

    Oops my bad, thanks leyou – I’ve added the download link in.

  3. Daniel January 16, 2008 at 7:12 pm #

    I wish they’d sort out the annoying tidy issue:

    [daniel@touchme ~]$ w3af
    You have to install utidy lib.
    Error: No module named tidy

    even when utidy is installed and working

  4. goodpeople January 17, 2008 at 12:55 am #

    When unpacking, my virusscanner trips over PHISH/Paypalfraud.T

  5. eM3rC February 7, 2008 at 5:36 am #

    Never seem a program that just focuses on this. Thanks for the post Darknet.

    I have a quick question, by web vulnerability tool do you mean programs that operate within a webpage or actual exploits for the webpage you are viewing (or something else I am completely missing)?

  6. fuzion July 30, 2008 at 8:32 pm #

    I wrote a script to update w3af and install the new prerequisites to use its new gtkUI:
    http://fuzion.rootmybox.org/2008/07/30/w3af-on-backtrack-3-final-svn-style/

  7. Rashid August 16, 2008 at 12:07 pm #

    I have downloaded this script and installed all reqired packages but i m unable to find out utidy package on the net. Please tell me from where to get this package for fedora 8.

  8. fuzion August 27, 2008 at 12:28 am #

    @Rashid
    Get w3af via SVN and report any bugs you find.

    svn co https://w3af.svn.sourceforge.net/svnroot/w3af/trunk w3af

    More info:
    http://nukeit.org/category/tools/