Difference between revisions of "Automated Audit using w3af"

From OWASP
Jump to: navigation, search
(Created page with "<pre style="color:#088A08">This type of article aims to provide to development team a easy/quick way to perform automated audit tests against their web application projects o...")
 
m (Cleanup article link)
 
Line 1: Line 1:
<pre style="color:#088A08">This type of article aims to provide to development team a easy/quick way to perform automated audit
+
See [[Automated_Audit_using_W3AF]]
tests against their web application projects over implementation phase.</pre>
 
 
 
This still needs a bit of work and better documentation, but is intended to be a similar resource to this [https://www.owasp.org/index.php/Automated_Audit_using_SKIPFISH skipfish page]
 
 
 
== Description ==
 
 
 
This page have to objective to show a w3af sample script to automate audit of a web application.
 
 
 
Description taken from website:
 
<pre>
 
w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework
 
to find and exploit web application vulnerabilities that is easy to use and extend.
 
</pre>
 
 
 
[http://w3af.sourceforge.net/ w3af homepage].
 
 
 
 
 
''This script do not replace a manual audit but can be useful to perform a first validation''.
 
 
 
== Command To Run ==
 
 
 
w3af_console.bat -s my_site.w3af -n
 
 
 
== Contents of my_site.w3af ==
 
<pre>
 
plugins
 
output console,xmlFile
 
output config xmlFile
 
    set fileName my_site.xml
 
    set verbose True
 
    back
 
output config console
 
    set verbose False
 
    back
 
audit xss sqli blindSqli xsrf responseSplitting xpath osCommanding eval formatString LDAPi
 
discovery webSpider
 
    discovery config webSpider
 
        set onlyForward True
 
    back
 
back
 
target
 
    set target http://my_site/index.php
 
back
 
http-settings
 
    set maxRetrys 0
 
    set timeout 3
 
back
 
start
 
exit
 
</pre>
 
 
 
[[Category:Code Snippet]]
 
[[Category:Automated Audit]]
 
[[Category:Audit Script]]
 

Latest revision as of 01:26, 17 May 2012

See Automated_Audit_using_W3AF