[TOOL] w3af - Web Application Attack and Audit Framework

["Andres Riancho" <andres.riancho () gmail com>]

List,

    I'm glad to release the fifth beta of w3af. For those that still
don't know, w3af is a fully automated auditing and exploiting
framework for the web. More info can be found at
http://w3af.sourceforge.net/ .

    They are really *a lot* of changes from beta4 to make an detailed
list, but a small summary will give you an idea of the new features I
have been working on:

    - Virtual daemon, a way to use Metasploit framework
payloads/shellcodes while exploiting web applications.
    - w3afAgent, a reverse VPN that allows you to route packets
through the compromised server
    - Good samaritan, a module that allows you to exploit blind sql
injections much faster
    - 20+ new plugins
    - A lot of bug fixes
    - A much more stable core.

    The users guide can be found here:
        - http://w3af.sourceforge.net/documentation/user/w3afUsersGuide.pdf

    I also uploaded the presentation materials of my talk at the T2
conference in Finland ( http://www.t2.fi/ ). The PDF file is a nice
introduction to the interesting features implemented in the framework
and can be found here:
        - http://w3af.sourceforge.net/documentation/user/w3af-T2.pdf

Cheers,
-- 
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework

-------------------------------------------------------------------------
Sponsored by: Watchfire

Cross-Site Scripting (XSS) is one of the most common application-level 
attacks that hackers use to sneak into web applications today. This 
whitepaper will discuss how traditional XSS attacks are performed, how to 
secure your site against these attacks and check if your site is protected. 
Cross-Site Scripting Explained - Download this whitepaper today! 

https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------