w3af (short for web application attack and audit framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities and aids in penetration testing efforts.
OWASP@wiki “Open Web Application Security Project” is an online community dedicated to web application security. The OWASP Top Ten represents a broad consensus about what the most critical web application security flaws are.
## install $ sudo apt-get install w3af | sudo yum install w3af (from http://www.atomicorp.com repo) # or use backbox distro, see http://distrowatch.com/table.php?distribution=backbox ## usage (CLI w3af_console or w3af_gui) # note: scripts/profiles/output are in '/usr/share/w3af/' $ cat myscript.w3af # usage: w3af_console -s myscript.w3af profiles use OWASP_TOP10 back plugins output console, textFile, htmlFile output config textFile set fileName /tmp/output-wa3f.txt set httpFileName /tmp/output-http.txt back output config htmlFile set fileName /tmp/output-wa3f.html back back target set target http://10.10.0.237:8081/ back start exit