Breaking News

Testing Web Application security by W3af Scanner

W3af- Free Website Vulnerability Scanner

If you are looking for vulnerability scanner and assessment tools , w3af is one of them. it is used to scan website for security auditing. it is a web vulnerability scanner open source. It is used to scan application security services and find out web server vulnerabilities. 

w3af is an alternate lightweight escalated web vulnerabilities scanner brought to the security group from the fine programmers of OWASP web application security . Reporting is limited furthermore not as lovely as Arachni, however will give a decent basis to vulnerability reporting. The enormous playing point, or downfall depending upon how a pentester is captivated on a project, is that w3af has a plenty of adjustable vulnerability plugins that oblige redesigns from the Internet at the time the plugin is launched. Throughout a pentest occasion, if the analyzer does not have internet get to then w3af will create numerous failures. In the event that an Internet association is accessible, then the plugins will downloaded scripts and vulnerability checks, verifying that the output is as forward as could be allowed.

How to run w3af in Kali Linux :

w3af comes by default in kali Linux, and can be accessed by following location.

Click on Applications >  Kali Linux > Web Applications > web Vulnerability Scanner > w3af

Start w3af in Kali Linux

At the point when the w3af GUI opens, a vacant profile is loaded with no active plugins. Another profile could be made by first selecting the desired plugins then clicking on the Profiles -“Save as” choices from the menu bar. Some prepopulated profiles as of now exist and are accessible to utilize. Clicking on a profile, for example, “Owasp_top10” will select the profile to use for a scan. W3af has been intended for granular control over the plugins. Regardless of the fact that a preconfigured profile is chosen, conformity to the plugins might be made before starting scan. Without Internet access, executing outputs could be a trial by blunder occasion. Underneath the plugins determination window is an alternate situated of plugins. The plugins beneath are for reporting. All reporting is created in the/root/ envelope.

For this guide, the Owasp_top10 profile was chosen; on the other hand, the finding plugins have been turned off for now. HTML reporting is activated

w3af profile owasp top 10

Enter a target site. For this situation, the Metasploitable2 virtual machine was selected. Click the Start button.

Set output file in w3af

The consequences of the scan above are restricted because of the absence of plugins activated. To view the results in the HTML design that was select. Open Iceweasel and explore to: record://root/results.html.

vulnerability result in w3af

As you have seen W3af vulnerability scanner linux comes with kali linux and used to find out web application vulnerability.

About Vijay Kumar

Ethical Hacking & Penetration Testing Trainer, For more detail view My Profile

Check Also

Scanning With Nmap Using Output Options in Kali Linux

Scanning With Nmap Using Output Options in Kali Linux

Penetration Testing: Phase 2- Scanning: Part 4: Output options in Nmap There are ordinarily that the penetration tester …

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Please wait...

Get Instant Updates into Your Inbox

Want to be notified when our article is published? Enter your email address and name below to be the first to know.

Watch Dragon ball super