w3af - Web Application Attack and Audit Framework

[begood]

Framework features

w3af provides plugin writers with this features:

urllib2 wrapper

In order to send requests to te remote server w3af uses urllib2. The xUrllib module of w3af is a wrapper of urllib2 to make the plugin writer life easier, using this wrapper a plugin writer can forget about proxy's, proxy auth, basic/digest auth, etc. This is the complete list of features provided by xUrllib:

- Proxy

- Proxy auth ( basic and digest )

- Site auth ( basic and digest )

- Gracefully handle timeouts

- UserAgent faking

- Add custom headers to requests

- Cookie handling

- Local cache for GET and HEAD requests

- Local dns cache, this will speed up scannings. Only one request is made to the DNS server

- Keep-alive support fot http and https connections

- File upload using multipart POST requests

- SSL certificate support

Output Management

w3af provides plugin writers with an abstraction layer for data output using the Output Manager. The output manager can also be extended using plugins and can be used for writing results to a txt/html file or sending them over the network using scp, the options are endless. Available ouput plugins are:

- Console

- Text file

Web Service support

w3af knows how to parse WSDL files, and audit webservices. Plugin developers can write a simple plugin that will be able to find bugs in web services and also in common HTTP applications.

HTTP headers fuzzing

w3af supports finding bugs in HTTP headers with great ease!

IPC

IPC ( inter plugin communication ) can easily be done using the knowledge base, another w3af feature thats really usefull for plugin developers.

Session saving

Framework parameters can be saved to a file using the sessionManager. After that, you can load the settings and start the same scan again without configuring all parameters.

Fuzzer

Right now w3af has a really simple fuzzer, but we have plans to extend it. Fuzzers are great, we know it.

HTML / WML parsing

w3af provides HTML / WML parsing features that are really easy to use.

This is the list of plugins that are available in w3af, if you have any comments or feature requests, don't hesitate to send them to the w3af mailing list.

Plugins

audit

xsrf

htaccessMethods

sqli

sslCertificate

fileUpload

mxInjection

generic

localFileInclude

unSSL

xpath

osCommanding

remoteFileInclude

dav

ssi

eval

buffOverflow

xss

xst

blindSqli

formatString

preg_replace

globalRedirect

LDAPi

phishingVector

frontpage

responseSplitting

bruteforce

formAuthBrute

basicAuthBrute

grep

dotNetEventValidation

pathDisclosure

codeDisclosure

blankBody

metaTags

motw

privateIP

directoryIndexing

svnUsers

ssn

fileUpload

strangeHTTPCode

hashFind

getMails

httpAuthDetect

wsdlGreper

newline

passwordProfiling

domXss

ajax

findComments

httpInBody

strangeHeaders

lang

errorPages

collectCookies

strangeParameters

error500

objects

creditCards

oracle

feeds

evasion

shiftOutShiftInBetweenDots

backSpaceBetweenDots

rndPath

selfReference

modsecurity

rndCase

rndHexEncode

reversedSlashes

fullWidthEncode

rndParam

attack

sqlmap

osCommandingShell

xssBeef

localFileReader

rfiProxy

remoteFileIncludeShell

davShell

eval

fileUploadShell

sql_webshell

output

htmlFile

xmlFile

textFile

console

gtkOutput

mangle

sed

discovery

webDiff

sitemapReader

detectReverseProxy

phpEggs

spiderMan

urlFuzzer

userDir

findvhost

fingerprint_os

findBackdoor

wordnet

zone_h

performance_testing

robotsReader

sharedHosting

afd

allowedMethods

phpinfo

importResults

findCaptchas

serverStatus

oracleDiscovery

yahooSiteExplorer

frontpage_version

detectTransparentProxy

dnsWildcard

webSpider

fingerMSN

googleSets

digitSum

halberd

domain_dot

MSNSpider

fingerprint_WAF

serverHeader

wsdlFinder

pykto

crossDomain

fingerPKS

googleSpider

hmap

phishtank

fingerGoogle

dotNetErrors

archiveDotOrg

ghdb

Download

basic video tutorial