W3af REST API
Web Application audit and attack framework (W3af) is a powerful and flexible environment for web vulnerability assessments and for exploiting web application vulnerabilities. It has many plugins that could communicate with each other. For instance, the discovery plugin collects different URLs to test and pass on to the audit plugin, which uses these URLs to search for vulnerabilities. W3af could also exploit the vulnerabilities that it finds.
W3af has eight different types of plugin:
Discovery plugins: Crawl the web application to find new URLs, forms, and many other interesting parts of the web application. These plugins run in a loop, and the output is fed as the input to the next plugin.
Audit plugins: These are the main parts of W3af, and they take the output of discovery plugins as input and scan for all types of web application vulnerabilities like SQL, XSS injections, and others.
Grep plugins: Like the UNIX grep utility, they search each and every HTTP request and response...
