Using W3af for vulnerability assessment
In this recipe, we will learn how to use to find within a target web application. W3af is a web application attack and audit framework. The project's goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
Getting ready
To step through this recipe, you will need Kali Linux running on Oracle Virtualbox and an Internet connection. No other prerequisites are required.
How to do it...
For this recipe, you need to perform the following steps:
- Open the terminal and type
w3af_gui
; the w3af window will be as shown in the following screenshot:
- Select the
OWASP_TOP10
option from the profile selector in the left-hand side panel. Enter target URL, as shown in following screenshot:
- Expand the
auth
menu, click on thedetailed
plugin, and enter the username and password (only for HTTP form credentials) and all other required parameters and then click onSave
, as shown in the following...