W3af

We always want to be doing safety tests, and we think we should create our own tools. There are many things created by other people that can facilitate our checks, one of them is w3af.

what is w3af?

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

what can we do?

  1. Exploiting Web application vulnerabilities
  2. Scan REST APIs
  3. Web Application Payloads
  4. Metasploit integration

installation

git clone https://github.com/andresriancho/w3af.git

cd w3af/
./w3af_console
./tmp/w3af_dependency_install.sh

How is it used?

command to start the console

./w3af_console

The vast majority of which you can use by the terminal has this help command.

help

W3AF contains a series of utilities that support the process of discovery and exploitation of vulnerabilities, all these utilities are located in <W3AF_DIR> / tools.

gencc

Generate valid credit card numbers

cd tool
ls

./gencc -t mastercard

./gencc -t visa16

urldecode

Try decoding a given URL, often used to decode URLs in plain text ASCII format

./urldecode -d http%3A%2F%2Flocalhost%2Fw3af

Resources:

docs.w3af.org

If you are interested in learning more, we invite you to review this course.

Python For InfoSec Professionals

Avatar

This post was written by Ruben Dario Caravajal Herrera