Scanning with w3af
W3af stands for Web Application Audit and Attack Framework. It is an open source, Python-based Web vulnerability scanner. It has a GUI and a command-line interface, both with the same functionality. In this recipe, we will perform a vulnerability scan using W3af's GUI to configure the scanning and reporting options.
How to do it...
To start W3af, we can select it from the Applications menu by navigating to Applications | 03 Web Application Analysis | w3af. or from the terminal:
w3af_gui
In the Profiles section, we select full_audit.
In the plugins section, go to crawl and select web_spider (the one that is checked) inside it.
We don't want the scanner to test all the servers, just the application we tell it to. In the plugin description, check the only_forward option and click on Save.
Now, we will tell W3af to generate an HTML report when the scan is finished. Go to output plugins and check html_file.
To select the file name and where to save the report, modify the output_file...