{"id":600,"date":"2007-08-22T09:00:37","date_gmt":"2007-08-22T09:00:37","guid":{"rendered":"https:\/\/www.darknet.org.uk\/2007\/08\/w3af-web-application-attack-and-audit-framework\/"},"modified":"2015-09-09T19:39:59","modified_gmt":"2015-09-09T11:39:59","slug":"w3af-web-application-attack-and-audit-framework","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2007\/08\/w3af-web-application-attack-and-audit-framework\/","title":{"rendered":"w3af &#8211; Web Application Attack and Audit Framework"},"content":{"rendered":"<p>[ad]<\/p>\n<p>A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features:<\/p>\n<p><strong>Audit<\/strong><\/p>\n<ul>\n<li>SQL injection detection<\/li>\n<li>XSS detection<\/li>\n<li>SSI detection<\/li>\n<li>Local file include detection<\/li>\n<li>Remote file include detection<\/li>\n<li>Buffer Overflow detection<\/li>\n<li>Format String bugs detection<\/li>\n<li>OS Commanding detection<\/li>\n<li>Response Splitting detection<\/li>\n<li>LDAP Injection detection<\/li>\n<li>Basic Authentication bruteforce<\/li>\n<li>File upload inside webroot<\/li>\n<li>htaccess LIMIT misconfiguration<\/li>\n<li>SSL certificate validation<\/li>\n<li>XPATH injection detection<\/li>\n<li>unSSL (HTTPS documents can be fetched using HTTP)<\/li>\n<\/ul>\n<p><strong>Discovery<\/strong><\/p>\n<ul>\n<li>Pykto, a nikto port to python<\/li>\n<li>Hmap, http fingerprinting.<\/li>\n<li>fingerGoogle, finds valid user accounts in google.<\/li>\n<li>googleSpider, a spider that uses google.<\/li>\n<li>webSpider, a classic web spider.<\/li>\n<li>robotsReader<\/li>\n<li>urlFuzzer<\/li>\n<li>serverHeader, fetches server header<\/li>\n<li>allowedMethods, gets a list of allowed HTTP methods.<\/li>\n<li>crossDomain, get and parse the flash file crossdomain.xml<\/li>\n<li>error404page, generate a regular expression to match 404 pages.<\/li>\n<li>sitemapReader, read googles sitemap.xml and parse it.<\/li>\n<li>spiderMan, using a localproxy and a human, find new URLs for auditing.<\/li>\n<li>webDiff, find differences between a local and a remote directory.<\/li>\n<li>wsdlFinder, find and parse WSDL and DISCO files.<\/li>\n<\/ul>\n<p>The framework is extended using plug-ins and is completely written in Python.<\/p>\n<p>You can download w3af here:<\/p>\n<p><a href=\"http:\/\/sourceforge.net\/project\/showfiles.php?group_id=170274\">w3af BETA 4<\/a><\/p>\n<p><!--adsense#New468--><\/p>\n<p>Or read more <a href=\"http:\/\/w3af.sf.net\/\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad] A pretty cool tool was released a while back called w3af ( Web Application Attack and Audit Framework ), a fully automated auditing and exploiting framework for the web. This framework has been in development for almost a year and has the following features: Audit SQL injection detection XSS detection SSI detection Local file [&hellip;]<\/p>\n","protected":false},"author":25,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_seopress_robots_primary_cat":"","_seopress_titles_title":"","_seopress_titles_desc":"","_seopress_robots_index":"","_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2,9,15],"tags":[2302,2300,1522,284,439,2298,2299,2301],"featured_image_src":null,"featured_image_src_square":null,"author_info":{"display_name":"Darknet","author_link":"https:\/\/www.darknet.org.uk\/author\/darknet\/"},"_links":{"self":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/600"}],"collection":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/users\/25"}],"replies":[{"embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/comments?post=600"}],"version-history":[{"count":0,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/posts\/600\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/media?parent=600"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/categories?post=600"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.darknet.org.uk\/wp-json\/wp\/v2\/tags?post=600"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}