Difference between revisions of "Automated Audit using w3af"

Latest revision as of 06:26, 17 May 2012

See Automated_Audit_using_W3AF

@@ Line 1: / Line 1: @@
-<pre style="color:#088A08">This type of article aims to provide to development team a easy/quick way to perform automated audit
+See [[Automated_Audit_using_W3AF]]
-tests against their web application projects over implementation phase.</pre>
-This still needs a bit of work and better documentation, but is intended to be a similar resource to this [https://www.owasp.org/index.php/Automated_Audit_using_SKIPFISH skipfish page]
-== Description ==
-This page have to objective to show a w3af sample script to automate audit of a web application.
-Description taken from website:
-<pre>
-w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework
-to find and exploit web application vulnerabilities that is easy to use and extend.
-</pre>
-[http://w3af.sourceforge.net/ w3af homepage].
-''This script do not replace a manual audit but can be useful to perform a first validation''.
-== Command To Run ==
-w3af_console.bat -s my_site.w3af -n
-== Contents of my_site.w3af ==
-<pre>
-plugins
-output console,xmlFile
-output config xmlFile
-    set fileName my_site.xml
-    set verbose True
-    back
-output config console
-    set verbose False
-    back
-audit xss sqli blindSqli xsrf responseSplitting xpath osCommanding eval formatString LDAPi
-discovery webSpider
-    discovery config webSpider
-        set onlyForward True
-    back
-back
-target
-    set target http://my_site/index.php
-back
-http-settings
-    set maxRetrys 0
-    set timeout 3
-back
-start
-exit
-</pre>
-[[Category:Code Snippet]]
-[[Category:Automated Audit]]
-[[Category:Audit Script]]

Difference between revisions of "Automated Audit using w3af"

Latest revision as of 06:26, 17 May 2012

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Reference

Tools