| Blog ,Members Only

It is important to always do safety tests, and we think we should create our own tools. But there are many tools created by other people that can facilitate our checks, one of them is w3af.

what is w3af?

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

what can we do?

  1. Exploiting Web application vulnerabilities
  2. Scan REST APIs
  3. Web Application Payloads
  4. Metasploit integration


git clone https://github.com/andresriancho/w3af.git

cd w3af/

How is it used?

command to start the console


The vast majority of which you can use by the terminal has this help command.


W3AF contains a series of utilities that support the process of discovery and exploitation of vulnerabilities, all these utilities are located in <W3AF_DIR> / tools.


Generate valid credit card numbers

cd tool

./gencc -t mastercard

./gencc -t visa16


Try decoding a given URL, often used to decode URLs in plain text ASCII format

./urldecode -d http%3A%2F%2Flocalhost%2Fw3af



If you are interested in learning more, we invite you to review this course.

Python For InfoSec Professionals