w3af is an Open-source free Web Application Attack and Audit Framework

w3af is an Open-source free Web Application Attack and Audit Framework

w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

The scanner is able to identify 200+ vulnerabilities, including Cross-Site ScriptingSQL injection and OS commanding.

Features

  • User-friendly
  • Command-line interface
  • GUI app
  • Extenisable with plugins
  • Dozens of SQL injection tools
  • Proxy support
  • HTTP Basic and Digest authentication
  • UserAgent faking
  • Add custom headers to requests
  • Cookie handling
  • HTTP response cache
  • DNS cache
  • File upload using multipart
  • Multiple outputs
  • Email notification

Fuzzing engine

w3af can inject your payloads into almost every part of the HTTP request:

  • Query string
  • POST-data
  • Headers
  • Cookie values
  • Multipart/form file content
  • URL filename
  • URL path

License

Free app

Resources & Downloads

GitHub - andresriancho/w3af: w3af: web application attack and audit framework, the open source web vulnerability scanner.
w3af: web application attack and audit framework, the open source web vulnerability scanner. - GitHub - andresriancho/w3af: w3af: web application attack and audit framework, the open source web vul…

Read more