Difference between revisions of "Automated Audit using w3af"

From OWASP
Jump to: navigation, search
(Created page with "<pre style="color:#088A08">This type of article aims to provide to development team a easy/quick way to perform automated audit tests against their web application projects o...")
 
m (Cleanup article link)
 
Line 1: Line 1:
<pre style="color:#088A08">This type of article aims to provide to development team a easy/quick way to perform automated audit
+
See [[Automated_Audit_using_W3AF]]
tests against their web application projects over implementation phase.</pre>
+
 
+
This still needs a bit of work and better documentation, but is intended to be a similar resource to this [https://www.owasp.org/index.php/Automated_Audit_using_SKIPFISH skipfish page]
+
 
+
== Description ==
+
 
+
This page have to objective to show a w3af sample script to automate audit of a web application.
+
 
+
Description taken from website:
+
<pre>
+
w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework
+
to find and exploit web application vulnerabilities that is easy to use and extend.
+
</pre>
+
 
+
[http://w3af.sourceforge.net/ w3af homepage].
+
 
+
 
+
''This script do not replace a manual audit but can be useful to perform a first validation''.
+
 
+
== Command To Run ==
+
 
+
w3af_console.bat -s my_site.w3af -n
+
 
+
== Contents of my_site.w3af ==
+
<pre>
+
plugins
+
output console,xmlFile
+
output config xmlFile
+
    set fileName my_site.xml
+
    set verbose True
+
    back
+
output config console
+
    set verbose False
+
    back
+
audit xss sqli blindSqli xsrf responseSplitting xpath osCommanding eval formatString LDAPi
+
discovery webSpider
+
    discovery config webSpider
+
        set onlyForward True
+
    back
+
back
+
target
+
    set target http://my_site/index.php
+
back
+
http-settings
+
    set maxRetrys 0
+
    set timeout 3
+
back
+
start
+
exit
+
</pre>
+
 
+
[[Category:Code Snippet]]
+
[[Category:Automated Audit]]
+
[[Category:Audit Script]]
+

Latest revision as of 01:26, 17 May 2012

See Automated_Audit_using_W3AF