W3af

Last updated
w3af
Developer Andres Riancho
Stable release
1.6.49 [1]   OOjs UI icon edit-ltr-progressive.svg / 7 April 2015; 10 June 2015
Repository
Written in Python
Operating system Windows, OS X, Linux, FreeBSD, OpenBSD
Type Computer security
License GPLv2
Website www.w3af.org   OOjs UI icon edit-ltr-progressive.svg

w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. [2] It provides information about security vulnerabilities for use in penetration testing engagements. The scanner offers a graphical user interface and a command-line interface. [3]

Contents

A fork has been made by the original authors under the name w4af [4] , originally in an attempt to upgrade the code base to use Python 3 instead of Python 2. [5]

Architecture

w3af is divided into two main parts, the core and the plug-ins . [6] The core coordinates the process and provides features that are consumed by the plug-ins, which find the vulnerabilities and exploit them. The plug-ins are connected and share information with each other using a knowledge base.

Plug-ins can be categorized as Discovery, Audit, Grep, Attack, Output, Mangle, Evasion or Bruteforce.

History

w3af was started by Andres Riancho in March 2007, after many years of development by the community. In July 2010, w3af announced its sponsorship and partnership with Rapid7. With Rapid7's sponsorship the project will be able to increase its development speed and keep growing in terms of users and contributors.

See also

References

  1. "Release 1.6.49". 7 April 2015. Retrieved 23 July 2018.
  2. "Official website". Archived from the original on 2011-01-19. Retrieved 2010-08-17.
  3. w3af documentation Archived 2013-11-05 at the Wayback Machine
  4. "w4af: web advanced application attack and audit framework, the open source web vulnerability scanner". Github.com. Retrieved 2025-10-21.
  5. "w4af/w4af at 978132a428e7997d88e160e61356fd8f42d22542". Github.com. Retrieved 2025-10-21.
  6. Part 1 of Andres Riancho’s presentation “w3af - A framework to 0wn the Web “at Sector 2009, Download PDF Archived 2017-11-14 at the Wayback Machine

Note: April 11, 2024 https://www.w3af.org is giving connection timed out failures. However, documentation is still accessible at http://docs.w3af.org/en/latest/. Redirected to W4af: https://github.com/w4af that is still in Alpha development.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.