W3af-console

Description

W3af-console is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.w3af (Web Application audit and attack framework) is a framework for auditing and exploitation of web applications. In this series of articles we will be looking at almost all the features that w3af has to offer and discuss how to use them for Web application Penetration testing.

In the first part of this series we will be working with w3af console and getting ourselves familiar with the commands. We will also be looking at the different types of plugins that w3af has to offer and discuss how to use them for optimal performance.

Usage

Syntax

w3af_console -h,     w3af_console -t ,    w3af_console [-s <script_file>]

Options

    -h or --help
            Display this help message

    -s <script_file> or --script=<script_file>
            Run <script_file> script

    -n or --no-update
             No update check will be made when starting. This option takes 
             precedence over the 'auto-update' setting in 'startup.conf' file.
     
    -f or --force-update
             An update check will be made when starting. This option takes 
             precedence over the 'auto-update' setting in 'startup.conf' file.
     
    -p <profile> or --profile=<profile>
             Run with the selected <profile>
    
    -P <profile> or --profile-run=<profile>
             Run with the selected <profile> in batch mode
    
    -v or --version
             Show w3af's version

Example

cyborg@cyborg:~$ w3af_console 
w3af>>> help
|-----------------------------------------------------------------------------|
| start         | Start the scan.                                             |
| plugins       | Enable and configure plugins.                               |
| exploit       | Exploit the vulnerability.                                  |
| profiles      | List and use scan profiles.                                 |
| cleanup       | Cleanup before starting a new scan.                         |
|-----------------------------------------------------------------------------|
| help          | Display help. Issuing: help [command] , prints more         |
|               | specific help about "command"                               |
| version       | Show w3af version information.                              |
| keys          | Display key shortcuts.                                      |
|-----------------------------------------------------------------------------|
| http-settings | Configure the HTTP settings of the framework.               |
| misc-settings | Configure w3af misc settings.                               |
| target        | Configure the target URL.                                   |
|-----------------------------------------------------------------------------|
| back          | Go to the previous menu.                                    |
| exit          | Exit w3af.                                                  |
|-----------------------------------------------------------------------------|
| kb            | Browse the vulnerabilities stored in the Knowledge Base     |
|-----------------------------------------------------------------------------|
w3af>>> target
w3af/config:target>>> help
|-----------------------------------------------------------------------------|
| view   | List the available options and their values.                       |
| set    | Set a parameter value.                                             |
| save   | Save the configured settings.                                      |
|-----------------------------------------------------------------------------|
| back   | Go to the previous menu.                                           |
| exit   | Exit w3af.                                                         |
|-----------------------------------------------------------------------------|
w3af/config:target>>> set target http://192.168.1.18
w3af/config:target>>> back
The configuration has been saved.
w3af>>> plugins
w3af/plugins>>> help
|-----------------------------------------------------------------------------|
| list             | List available plugins.                                  |
|-----------------------------------------------------------------------------|
| back             | Go to the previous menu.                                 |
| exit             | Exit w3af.                                               |
|-----------------------------------------------------------------------------|
| audit            | View, configure and enable audit plugins                 |
| auth             | View, configure and enable auth plugins                  |
| bruteforce       | View, configure and enable bruteforce plugins            |
| crawl            | View, configure and enable crawl plugins                 |
| evasion          | View, configure and enable evasion plugins               |
| grep             | View, configure and enable grep plugins                  |
| infrastructure   | View, configure and enable infrastructure plugins        |
| mangle           | View, configure and enable mangle plugins                |
| output           | View, configure and enable output plugins                |
|-----------------------------------------------------------------------------|

w3af/plugins>>> audit 

|-----------------------------------------------------------------------------|
| Plugin name        | Status | Conf | Description                            |
|-----------------------------------------------------------------------------|
| blind_sqli         |        | Yes  | Identify blind SQL injection           |
|                    |        |      | vulnerabilities.                       |
| buffer_overflow    |        |      | Find buffer overflow vulnerabilities.  |
| cors_origin        |        | Yes  | Inspect if application checks that the |
|                    |        |      | value of the "Origin" HTTP header      |
|                    |        |      | isconsistent with the value of the     |
|                    |        |      | remote IP address/Host of the sender   |
|                    |        |      | ofthe incoming HTTP request.           |
| csrf               |        |      | Identify Cross-Site Request Forgery    |
|                    |        |      | vulnerabilities.                       |
| dav                |        |      | Verify if the WebDAV module is         |
|                    |        |      | properly configured.                   |
| eval               |        | Yes  | Find insecure eval() usage.            |
| file_upload        |        | Yes  | Uploads a file and then searches for   |
|                    |        |      | the file inside all known directories. |
| format_string      |        |      | Find format string vulnerabilities.    |
| frontpage          |        |      | Tries to upload a file using frontpage |
|                    |        |      | extensions (author.dll).               |
| generic            |        | Yes  | Find all kind of bugs without using a  |
|                    |        |      | fixed database of errors.              |
| global_redirect    |        |      | Find scripts that redirect the browser |
|                    |        |      | to any site.                           |
| htaccess_methods   |        |      | Find misconfigurations in Apache's     |
|                    |        |      | "<LIMIT>" configuration.               |
| ldapi              |        |      | Find LDAP injection bugs.              |
| lfi                |        |      | Find local file inclusion              |
|                    |        |      | vulnerabilities.                       |
| mx_injection       |        |      | Find MX injection vulnerabilities.     |
| os_commanding      |        |      | Find OS Commanding vulnerabilities.    |
| phishing_vector    |        |      | Find phishing vectors.                 |
| preg_replace       |        |      | Find unsafe usage of PHPs              |
|                    |        |      | preg_replace.                          |
| redos              |        |      | Find ReDoS vulnerabilities.            |
| response_splitting |        |      | Find response splitting                |
|                    |        |      | vulnerabilities.                       |
| rfi                |        | Yes  | Find remote file inclusion             |
|                    |        |      | vulnerabilities.                       |
| sqli               |        |      | Find SQL injection bugs.               |
| ssi                |        |      | Find server side inclusion             |
|                    |        |      | vulnerabilities.                       |
| ssl_certificate    |        | Yes  | Check the SSL certificate validity (if |
|                    |        |      | https is being used).                  |
| un_ssl             |        |      | Find out if secure content can also be |
|                    |        |      | fetched using http.                    |
| xpath              |        |      | Find XPATH injection vulnerabilities.  |
| xss                |        | Yes  | Identify cross site scripting          |
|                    |        |      | vulnerabilities.                       |
| xst                |        |      | Find Cross Site Tracing                |
|                    |        |      | vulnerabilities.                       |
|-----------------------------------------------------------------------------|
w3af/plugins>>> audit all

w3af/plugins>>> back          

w3af>>> start
Enabling format_string's dependency error_500
Enabling redos's dependency server_header
Enabling dav's dependency allowed_methods
Enabling frontpage's dependency frontpage_version
The server header for the remote web server is: "Apache/2.4.10 (Win32) OpenSSL/1.0.1i PHP/5.5.19". This information was found in the request with id 32.
The x-powered-by header for the target HTTP server is "PHP/5.5.19". This information was found in the request with id 33.
The web server at "http://192.168.1.18/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 41.
The web server at "http://192.168.1.18/" is vulnerable to Cross Site Tracing. This vulnerability was found in the request with id 41.
Secure content can be accessed using the insecure protocol HTTP. The vulnerable URLs are: "https://192.168.1.18/" - "http://192.168.1.18/" . This vulnerability was found in the requests with ids 39 and 45.
Secure content can be accessed using the insecure protocol HTTP. The vulnerable URLs are: "https://192.168.1.18/" - "http://192.168.1.18/" . This vulnerability was found in the requests with ids 39 and 45.
Found 1 URLs and 1 different injections points.
The URL list is:
- http://192.168.1.18/
The list of fuzzable requests is:
- Method: GET | http://192.168.1.18/
Scan finished in 19 seconds.
Stopping the core...





		
	
	
0 Comments

Leave a reply

CONTACT US

We're are building as a community and a team. Be a part of it.

Sending

©2017 Ztrela Knowledge Solutions Pvt. Ltd

Log in with your credentials

Forgot your details?