W3af
Encyclopedia
w3af is an open-source web application security scanner
. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities and aids in penetration testing efforts.
This cross-platform
tool is available in all of the popular operating systems such as Microsoft Windows
, Linux
, Mac OS X
, FreeBSD
and OpenBSD
and is written in the Python
programming language. Users have the choice between a Graphic User Interface and a command-line interface
.
w3af identifies most web application vulnerabilities using more than 130 plug-ins. After identification, vulnerabilities like (blind) SQL injection
s, OS commanding, remote file inclusions
(PHP
), cross-site scripting
(XSS), and unsafe file uploads, can be exploited in order to gain different types of access to the remote system.
Plug-ins are categorized in the following types:
. With Rapid7's sponsorship the project will be able to increase its development speed and keep growing in terms of users and contributors.
Web Application Security Scanner
A web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test...
. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities and aids in penetration testing efforts.
This cross-platform
Cross-platform
In computing, cross-platform, or multi-platform, is an attribute conferred to computer software or computing methods and concepts that are implemented and inter-operate on multiple computer platforms...
tool is available in all of the popular operating systems such as Microsoft Windows
Microsoft Windows
Microsoft Windows is a series of operating systems produced by Microsoft.Microsoft introduced an operating environment named Windows on November 20, 1985 as an add-on to MS-DOS in response to the growing interest in graphical user interfaces . Microsoft Windows came to dominate the world's personal...
, Linux
Linux
Linux is a Unix-like computer operating system assembled under the model of free and open source software development and distribution. The defining component of any Linux system is the Linux kernel, an operating system kernel first released October 5, 1991 by Linus Torvalds...
, Mac OS X
Mac OS X
Mac OS X is a series of Unix-based operating systems and graphical user interfaces developed, marketed, and sold by Apple Inc. Since 2002, has been included with all new Macintosh computer systems...
, FreeBSD
FreeBSD
FreeBSD is a free Unix-like operating system descended from AT&T UNIX via BSD UNIX. Although for legal reasons FreeBSD cannot be called “UNIX”, as the direct descendant of BSD UNIX , FreeBSD’s internals and system APIs are UNIX-compliant...
and OpenBSD
OpenBSD
OpenBSD is a Unix-like computer operating system descended from Berkeley Software Distribution , a Unix derivative developed at the University of California, Berkeley. It was forked from NetBSD by project leader Theo de Raadt in late 1995...
and is written in the Python
Python (programming language)
Python is a general-purpose, high-level programming language whose design philosophy emphasizes code readability. Python claims to "[combine] remarkable power with very clear syntax", and its standard library is large and comprehensive...
programming language. Users have the choice between a Graphic User Interface and a command-line interface
Command-line interface
A command-line interface is a mechanism for interacting with a computer operating system or software by typing commands to perform specific tasks...
.
w3af identifies most web application vulnerabilities using more than 130 plug-ins. After identification, vulnerabilities like (blind) SQL injection
SQL injection
A SQL injection is often used to attack the security of a website by inputting SQL statements in a web form to get a badly designed website in order to dump the database content to the attacker. SQL injection is a code injection technique that exploits a security vulnerability in a website's software...
s, OS commanding, remote file inclusions
Remote File Inclusion
Remote File Inclusion is a type of vulnerability most often found on websites. It allows an attacker to include a remote file, usually through a script on the web server. The vulnerability occurs due to the use of user-supplied input without proper validation...
(PHP
PHP
PHP is a general-purpose server-side scripting language originally designed for web development to produce dynamic web pages. For this purpose, PHP code is embedded into the HTML source document and interpreted by a web server with a PHP processor module, which generates the web page document...
), cross-site scripting
Cross-site scripting
Cross-site scripting is a type of computer security vulnerability typically found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same...
(XSS), and unsafe file uploads, can be exploited in order to gain different types of access to the remote system.
w3af Architecture
w3af is divided into two main parts, the core and the plug-ins. The core coordinates the process and provides features that are consumed by the plug-ins, which find the vulnerabilities and exploit them. The plug-ins are connected and share information with each other using a knowledge base.Plug-ins are categorized in the following types:
- Discovery
- Audit
- Grep
- Attack
- Output
- Mangle
- Evasion
- Bruteforce
w3af History
w3af was started by Andres Riancho in March 2007, after many successful years of development by the community, in July 2010, w3af announced its sponsorship and partnership with Rapid7Rapid7
Rapid7 is a vulnerability management and penetration testing company headquartered in Boston, Massachusetts. Its primary products are Nexpose and Metasploit...
. With Rapid7's sponsorship the project will be able to increase its development speed and keep growing in terms of users and contributors.
See also
- Metasploit
- Rapid7Rapid7Rapid7 is a vulnerability management and penetration testing company headquartered in Boston, Massachusetts. Its primary products are Nexpose and Metasploit...
- LOICLOICLOIC is an open source network stress testing application, written in C#. A JavaScript version has also been created enabling a DoS from a web browser and also a Qt edition called loiq written in C++ exists...
- Web application security scannerWeb Application Security ScannerA web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security vulnerabilities in the web application and architectural weaknesses. It performs a black-box test...
- Web Application SecurityWeb Application SecurityWeb application security is a branch of information security that deals specifically with security of websites and web applications.At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems...
Further reading
- Andres' presentation at SecTor is one of the best sources of information about the current state of the project, and the status quo of Web application security scanners in general SecTor 2009 presentations by Andres Riancho.
External links
- The w3af project official website
- w3af documentation
- Rapid7 LLC Sponsor of the w3af Project
- Bonsai Information Security Andres's company