5

Intro –  w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.



1. How to open
A. GUI Method
Application → Kali linux→ Web Applications→ Web Vulnerability Scanners→ w3af
                                                                             (click image for large view)

B. Open Terminal, type w3af and hit enter

2. We can choose profile. I recommend full_audit. First of all click on full_audit than you will see a dialogue box just click Yes there.

3. Now we are ready to scan so write your URL on Target filed and click on start for starting the scan.

4. We have one more option if we want to scan our target on some particular plugins than we can check or uncheck those plugins. W3af will scan your target url only on the basis of those plugins. I recommend it for advance user or for those who knows there target and want to scan particular vulnerabilities.

5. After finishing the scan carefully read log area If your site has vulnerabilities than it will show you the vulnerabilities.


6. If you want to know about your site’s vulnerabilities than just go to Result tab → KB browser here you will see which type of vulnerability your website have and many other information.

7. We can see php based url by going Result → URLs

8. You can also see your site’s vulnerability type etc on Exploit tab.

9. As we noticed the URL in image no 6 so just type the url on your address bar than put your XSS script and see the magic.
(click image for large view)


Like it ? Share it.

Post a Comment

  1. nice tut
    is this an error or
    Sat 10 Aug 2013 12:46:16 PM EDT] An exception was found while running grep.privateIP on "http://domain/ | Method: GET". The exception was: "Complex classes like need to inherit from disk_item to be stored." at timeout_function.py:836. The scan will continue but some vulnerabilities might not be identified.
    [Sat 10 Aug 2013 12:46:16 PM EDT] An exception was found while running grep.privateIP on "http://domain/_vti_inf.html | Method: GET". The exception was: "Complex classes like need to inherit from disk_item to be stored." at timeout_function.py:836. The scan will continue but some vulnerabilities might not be identified

    ReplyDelete
  2. I like to advice you please update your w3af version. Sometime the command doesn't work properly it happens..

    ReplyDelete
  3. I found a vulnerability ie.
    the URL www.example.com is vulnerable to cross site request forgery.
    I know about XSS(Cross Site Scripting).can you please tell me what is cross site request forgery & how can I hack the website using this vulnerability.??

    ReplyDelete
    Replies
    1. Here I am not going to tell you anything illegal. I simply advice you if you got a vulnerability in a website you should report it to their security department by doing this you will feel like an angel not devil.

      Delete

Comment Rules :
1. Do not post Adult/illegal Links.
2. Try to comment in only English Language.
3. Do not post other website's links which are useless.
4. Your Comment should be based on the Topic for other queries Kindly Visit our Contact Us Page.
5. Do not use Abusive Language.
6. Respect each other.
Thank You for following the rules. Please Comment....

 
Top