w3af
Developer(s)Andres Riancho
Stable release
1.6.54[1] Edit this on Wikidata / 10 June 2015 (10 June 2015)
Repository
Written inPython
Operating systemWindows, OS X, Linux, FreeBSD, OpenBSD
TypeComputer security
LicenseGPLv2
Websitewww.w3af.org

w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications.[2] It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface.[3]

Architecture

w3af is divided into two main parts, the core and the plug-ins.[4] The core coordinates the process and provides features that are consumed by the plug-ins, which find the vulnerabilities and exploit them. The plug-ins are connected and share information with each other using a knowledge base.

Plug-ins can be categorized as Discovery, Audit, Grep, Attack, Output, Mangle, Evasion or Bruteforce.

History

w3af was started by Andres Riancho in March 2007, after many years of development by the community. In July 2010, w3af announced its sponsorship and partnership with Rapid7. With Rapid7's sponsorship the project will be able to increase its development speed and keep growing in terms of users and contributors.

See also

References

  1. "Release 1.6.54: Prevent DBException: database or disk is full - Should stop the scan …". Retrieved 24 September 2019.
  2. www.w3af.org
  3. w3af documentation
  4. Part 1 of Andres Riancho’s presentation “w3af - A framework to 0wn the Web “at Sector 2009, Download PDF
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.