It is important to always do safety tests, and we think we should create our own tools. But there are many tools created by other people that can facilitate our checks, one of them is w3af.
what is w3af?
w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
what can we do?
- Exploiting Web application vulnerabilities
- Scan REST APIs
- Web Application Payloads
- Metasploit integration
git clone https://github.com/andresriancho/w3af.git
How is it used?
command to start the console
The vast majority of which you can use by the terminal has this help command.
W3AF contains a series of utilities that support the process of discovery and exploitation of vulnerabilities, all these utilities are located in <W3AF_DIR> / tools.
Generate valid credit card numbers
cd tool ls
./gencc -t mastercard
./gencc -t visa16
Try decoding a given URL, often used to decode URLs in plain text ASCII format
./urldecode -d http%3A%2F%2Flocalhost%2Fw3af
If you are interested in learning more, we invite you to review this course.