[TOOL] w3af - Web Application Attack and Audit Framework

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion

The SecuriTeam alerts list - Free, Accurate, Independent.

Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html

- - - - - - - - -



w3af - Web Application Attack and Audit Framework
------------------------------------------------------------------------


SUMMARY



DETAILS

w3af is a Web application attack and Audit Framework. The project goal is
to create a framework to find and exploit web application vulnerabilities
that is easy to use and extend.

What kind of plugins are available ?
w3af has discovery, audit, evasion, grep and output plugins.

Discovery plugins are used to discover new valid URL's on the site,
examples of discovery plugins are googlespider_plugin, spider_plugin.py
and urlfuzzer_plugin.

Evasion plugins are used to try to evade IDS's.

Audit plugins are used to audit the security of a web application,
examples of audit plugins are : xss_plugin, sqli_plugin and
blindsqli_plugin.

Grep plugins are used to analyze every response that the server returns
(no mather what plugin initiated the request) for interesting things.
Examples of grep plugins are findcomments_plugin and
pathdisclosure_plugin.

Output plugins are used to write the output of other plugins and the
framework itself into a convenient format, examples of output plugins are
: console_plugin, txtfile_plugin, html_plugin.


ADDITIONAL INFORMATION

The information has been provided by <mailto:andres.riancho@xxxxxxxxx>
Andres Riancho.
To keep updated with the tool visit the project's homepage at:
<http://w3af.sourceforge.net/> http://w3af.sourceforge.net/



========================================


This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx


====================
====================

DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

Relevant Pages

  • [TOOL] CIRT.DK SMTP Relay Scanner
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... new plugins can be made. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [TOOL] LiLith - Web Application Auditing
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... LiLith is a tool written in Perl to audit web applications. ... The information in this bulletin is provided "AS IS" without warranty of any kind. ... In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages. ...
    (Securiteam)
  • [UNIX] Jaws Multiple Code Execution Vulnerabilities (XML_RPC, path)
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... A quick audit of Jaws revealed, that they are using the XMLRPC library. ... suffers a remote URL inclusion vulnerability triggered by the global ...
    (Securiteam)