WebApp Sec mailing list archives
[TOOL] w3af - Web Application Attack and Audit Framework
From: "Andres Riancho" <andres.riancho () gmail com>
Date: Thu, 18 Oct 2007 20:40:53 -0300
List, I'm glad to release the fifth beta of w3af. For those that still don't know, w3af is a fully automated auditing and exploiting framework for the web. More info can be found at http://w3af.sourceforge.net/ . They are really *a lot* of changes from beta4 to make an detailed list, but a small summary will give you an idea of the new features I have been working on: - Virtual daemon, a way to use Metasploit framework payloads/shellcodes while exploiting web applications. - w3afAgent, a reverse VPN that allows you to route packets through the compromised server - Good samaritan, a module that allows you to exploit blind sql injections much faster - 20+ new plugins - A lot of bug fixes - A much more stable core. The users guide can be found here: - http://w3af.sourceforge.net/documentation/user/w3afUsersGuide.pdf I also uploaded the presentation materials of my talk at the T2 conference in Finland ( http://www.t2.fi/ ). The PDF file is a nice introduction to the interesting features implemented in the framework and can be found here: - http://w3af.sourceforge.net/documentation/user/w3af-T2.pdf Cheers, -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------- Sponsored by: Watchfire Cross-Site Scripting (XSS) is one of the most common application-level attacks that hackers use to sneak into web applications today. This whitepaper will discuss how traditional XSS attacks are performed, how to secure your site against these attacks and check if your site is protected. Cross-Site Scripting Explained - Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405 -------------------------------------------------------------------------
Current thread:
- [TOOL] w3af - Web Application Attack and Audit Framework Andres Riancho (Oct 18)