Security is key point for every effective business, either you are running your own website or you are at job to manage the web application for your company you have to do little penetration testing to check the security of web application.
Now a days exploit are available and update on daily basis for different web application services.
While doing a penetration testing a pen tester must consider these exploit for different vulnerabilities.
To find a vulnerabilities is not enough a pen-tester must check the parallel exploits that are available publicly for different services.
w3af is a Web Application Attack and Audit Framework. The project goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. w3af is working for Become the best Open Source Web Application Exploitation Framework. It provides information about security vulnerabilities and aids in penetration testing efforts.
The important fact of w3af is that it is available for all major operating system like Microsoft Windows, Linux, MAC OS, FreeBSD and OpenBSD etc. It is written in python programming language and provide both command line interface and graphical user interface.
W3af_15
W3af uses more than 130 plug-in to find vulnerabilities in web applications, after finding vulnerabilities like SQL injections, OS commanding, remote file inclusions (PHP), cross-site scripting (XSS), and unsafe file uploads, can be exploited in order to gain different types of access to the remote system.
Download
Tutorial
Once you have all the prerequisites then you can start w3af as follows:
$ ./w3af
w3af>>>
Type help will give you a list of options.
w3af>>> help
The following commands are available:
help You are here. help [command] prints more specific help.
url-settings Configure the URL opener.
misc-settings Configure w3af misc settings.
session Load and save sessions.
plugins Enable, disable and configure plugins.
start Start site analysis.
exploit Exploit a vulnerability.
tools Enter the tools section.
target Set the target URL.
exit Exit w3af.
w3af>>>
Now see this example:
w3af/plugins>>> audit xss
w3af/plugins>>> audit
Enabled audit plugins:
xss
w3af/plugins>>> discovery webSpider,pykto,hmap
w3af/plugins>>> discovery
Enabled discovery plugins:
webSpider
pykto
w3af/plugins>>> output console,htmlFile
w3af/plugins>>> output
Enabled output plugins:
htmlFile
console
w3af/plugins>>> output config htmlFile
w3af/plugin/htmlFile>>> view
Posted in: 
2 comments:
You said true that security is a key point of a business. I am totally agree with you as you shared these tutorials that looks beneficial to use. I know a company avyaan that offers external web application penetration testing services.
Hindi Latest Sex Stories From Bhauja.com
रात-दिन तुम्हारा लंड अपनी चूत में रखना है (Raat Din Tumhara Lund Chut me Rakhna hai)
शादी के बाद चूत की प्यास (Shadi Ke Baad Chut Ki Pyas)
भाभी ने छोटी बहन को चुदवाया
अपनी बीवी समझना (Apni Biwi Samajhna)
पराये मर्द के नीचे लेट कर लिया मजा-3
भाभी और उसकी बहन को जयपुर में चोदा
रीना ने अपनी सील तुड़वाई (Rina Ne Apne Seal Tudyai)
विधवा भाभी की चुदाई-2
शर्म, हया, लज्जा और चुदाई का मजा-2
प्रेम के अनमोल क्षण-1
भाभी तड़प गई ( Bhabhi Tadap Gayi)
रचना की चूत की खुजली (Rachna Ki Chut Ki Khujli)
भाभी की गाँड-चुदाई (Bhabhi Ki Gand Chudai Badi Kaske)
मेरी सीधी सरल भाभी (Meri Sidhi Saral Bhabhi)
Chacheri Bahen Ke Sone Ke Bad Nanga Karke Sab Kuch Dekha
Subah 5 Baje Padoswali Pinky Ko Choda (Long)
दोस्त की शादीशुदा बहन को चोदा-2
मेरी बेवफा बीवी
एक शाम अनजान हसीना के नाम
प्रेम के अनमोल क्षण-1 ( Prem Ke Anmol Khyan -1)
प्रेम के अनमोल क्षण-2 (Prem Ke Anmol Khyan - 2)
अब मैं तुम्हारी हो गई-2 (Ab Mein Tumhari Ho Gayi -2)
फरेज़ को पता है (Pharenj Ko Pata He)
कुड़ी पतंग हो गई (Kudi Patanga Ho Gayi)
एक जल्दी वाला राउंड (Ek Jaldi Bala Round)
Komal ki Komal Aur Reshma ki Reshmi Chut
Ek Doctor Hi Ye Samaz Sakta Hai
Pati Ke Batije Aur Ek Punjabi Loure Se Chudwaya
Post a Comment