Saturday, September 14, 2013

W3af: Web Audit Tool

Today we'll talk about a tool that I imagine many know, w3af.
In elements of audit, nothing less, fast and effective.



This program also caught my attention, ease of use and multiple options.Besides coming with attack tools exploit thought ... (Much eye to that!)


Well, to start the program follow the following path: BackTrack / Vulnerability Assessment / Web Aplication / Web Vulnerability / w3af gui

The program is constantly updated, I use it almost always asks me if I want to upgrade, I do not mind because it only takes a few seconds ...

It has a very simple interface, as seen in the image, we have the option to choose the type of attack and where to put the goal or target.
This time will www.carechile.cl




Well, time can depend on many things, whether the page is too big or Scan type we use, the "fast_sacan" takes no more than about 10 minutes.
In the tabs on the left can be reviewing the results and exploit.



The result is quite clear, we have 12 errors, and 5 XSS SQL, a situation that is lower.




In conclusion w3af, is among the list of favorites in relation to the audit and web security, as I mentioned at the beginning a tool quick, simple and effective.


0 comments:

Post a Comment