You may use this tool at your own risk!
The framework has been called the "metasploit for the web", but it's actually much more than that, because it also discovers the web application vulnerabilities using black-box scanning techniques!
The w3af core and it's plugins are fully written in Python. The project has more than 130 plugins, which identify and exploit SQL injection, cross site scripting (XSS), remote file inclusion and more.
w3af Plugins do all the magic. The plugins will find the URLs, discover the vulnerabilities and exploit them. The complete list of plugins types are: discovery, audit, grep, exploit, output, mangle, bruteforce, evasion.
w3af Installation under Ubuntu:
Open terminal from Applications > Accessories > Terminal, and type following command to install
sudo apt-get install w3afAfter successful installation you can open the w3af under Application > Internet > wa3f
The graphical user interface allows you to perform all the actions that the framework offers and features a much easier and faster way to start a scan and analyze the results.
In case you are wondering how the graphical user interface looks like, here is a screen shot:
As said before,
Discovery plugins find new points of injection, that are later used by audit plugins to find vulnerabilities. Grep plugins analyze all page content and find vulnerabilities on pages that are requested by other plugins; for example a grep plugin will find a comment on the HTML body that has the word “password” inside it and generate a vulnerability based on it.
Exploit plugins use the vulnerabilities found in the audit phase and return something useful to the user (remote shell, SQL table dump, a proxy, etc ).
Output plugins are the way the framework and the plugins communicate with the user, output plugins save the data to a text or html file. Debugging information is also sent to the plugins and can be saved for analysis.
Mangle plugins are a way to modify requests and responses based on regular expressions, think “sed (stream editor) for the web”.
Bruteforce plugins will bruteforce logins, they are actually part of the discovery phase.
Evasion plugins try to evade simple intrusion detection rules.