w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives, please click over the Project Objectives item in the main menu. This project is currently hosted at SourceForge , for further information, you may also want to visit w3af SourceForge project page .
If you are here just to "take a look" please watch the w3af video demos!
A Web Application Security Training is going to be delivered by Andrés Riancho in Buenos Aires! This course is designed for developers, hackers, QA experts and even CSO's. Don't miss this opportunity to train yourself with one of the best professionals in the field.
We are actively working on the documentation. Documentation of the project is created
using
epydoc
. We think that documentation is a really important part of every Open Source project and it will be taken really seriously.
Official documentation:
The installation procedure and the project prerequisites can be found in the users guide, which is available /home/dz0/bash_history Last modified here.
top
w3af has three mailing lists, one for
users
where end users can ask questions about the framework usage and its features; a
developers
mailing list were new features and advanced topics are discussed; and a third one which is used to
notify
developers about svn commits and tasks that have been created.
The mailing lists are open for any questions regarding w3af, but please read the documentation, the user guide and the mailing list archives before asking. For more information about the mailing lists, you can visit this the sourceforge page:
Mailing list information
The w3af project also has an official IRC channel, where users and developers join to exchange ideas:
#w3af channel at the Freenode IRC network
w3af is an
Open Source
software package. It is licensed under the
GNU General
Public License Version 2.
Andrés Riancho is an information security researcher, Director of Web security at Rapid7 and founder of Bonsai, where he is mainly involved in Penetration Testing and Vulnerability Research. In the research field, he discovered critical vulnerabilities in IPS appliances from 3com and ISS; and contributed with SAP research performed at his former employer.
His main focus has always been the Web Application Security field, in which he developed w3af a Web Application Attack and Audit Framework used extensively by penetration testers and security consultants. Andrés has spoken and hold trainings at many security conferences around the globe, like OWASP World C0n (USA), CanSecWest (Canada), T2 (Finland) and ekoparty (Buenos Aires).
For any issues with the framework, please subscribe to the mailing list and make your questions there, for personal questions you can contact me at: andres -dot- riancho [at] gmail +dot+ com . This request is not in vain, if all w3af users send their emails directly to me and I answer them privately, no community is created and no synergy is achieved.
top