Scanning with w3af
W3af stands for Web Application Audit and Attack Framework. It is an open source, Python-based Web vulnerability scanner. It has a GUI and a command-line interface, both with the same functionality. In this recipe, we will perform a vulnerability scan using W3af's GUI to configure the scanning and reporting options.
How to do it...
- To start W3af, we can select it from the Applications menu by navigating to Applications | 03 Web Application Analysis | w3af. or from the terminal:
w3af_gui
- In the Profiles section, we select full_audit.
- In the plugins section, go to crawl and select web_spider (the one that is checked) inside it.
- We don't want the scanner to test all the servers, just the application we tell it to. In the plugin description, ...
Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.