Tool and Usage
Why this tool?
W3af is an open source web application attack and audit framework and helps in scanning for vulnerabilities. The tool comes with both a graphical user interface (GUI) and command line utility. Some of the project files include a copyright line of 2006. That gives a good idea on the maturity of the project, and it is one of the rare tools that is still maintained after so many years.
How it works
The w3af framework is written in Python and has a well-structured code base. Besides the core and support for multiple languages (locales), the main work happens in the plugins section. The plugins allow things like brute forcing, auditing, performing SQL injections, file inclusions, etc.
Usage and audience
w3af is commonly used for application security, application testing, penetration testing, vulnerability scanning, or web application analysis. Target users for this tool are pentesters and security professionals.
- Command line interface
- Extendable with custom tests and plugins
- Graphical user interface
Tool review and remarks
The review and analysis of this project resulted in the following remarks for this security tool:
- + Tool is modular and extendable
- + More than 2000 GitHub stars
- + The source code of this software is available
History and highlights
- Demo at Black Hat USA 2014 Arsenal
Supported operating systems
W3af is known to work on Linux and Microsoft Windows.
Similar tools to w3af:
Yasuo is a Ruby script that scans for vulnerable and exploitable third-party web applications.
OpenVAS is a framework of several services and tools offering a vulnerability scanning and vulnerability management solution.
Web Application Security Scanner aimed towards helping users evaluate the security of web applications
This tool page was updated at . Found an improvement? Help the community by submitting an update.