W3AF: Introduction, Architecture and Features

What is W3AF?


W3AF stands for web application attack and Audit framework. It is an open-source framework. It is an open-source framework for auditing and exploiting web applications. It provides facts about security vulnerabilities and bugs for use in penetration testing. The scanner offers a graphical user interface and a command line interface. It is written in python programming language and compatible will all major operating systems like windows, Linux, FreeBSD, etc.

Architecture of W3AF

The W3AF framework is divided into three parts:

1. The core coordinates the whole process and provides libraries for use in plugins.

2. The user interfaces, allow the user to configure and start scans.

3. The plugins, which find links and vulnerabilities.

Features of W3AF

1. It provides web service support.

2. It exploits SQL injection (blind), O.S Commanding, remote file inclusions, local file inclusions, XSS, and more.

3. It provides good harmony among plug-ins.

4. It has a discovery plugin that scans URLs.

5. It has an audit plugin that helps to send crafted data to find vulnerabilities.

6. It has an exploit plugin that exploits vulnerabilities in the target and also provides SQL dumps.

7. It can also create fuzzing requests.

8. It greps every HTTP request and response to find comments, password profiling, private IP, Directory indexing, etc.

Popular Posts

Conducting Polymers: Definition, Examples, Properties and Applications

Crime Scene: Definition, Types and Characteristics

Green Solvents: Definition, Examples and Types of Green Solvents