Scanning with w3af
W3af stands for Web Application Audit and Attack Framework. It is an open source, Python-based Web vulnerability scanner. It has a GUI and a command-line interface, both with the same functionality. In this recipe, we will perform a vulnerability scan using W3af's GUI to configure the scanning and reporting options.
How to do it...
- To start W3af, we can select it from the Applications menu by navigating to Applications | 03 Web Application Analysis | w3af. or from the terminal:
- In the Profiles section, we select full_audit.
- In the plugins section, go to crawl and select web_spider (the one that is checked) inside it.
- We don't want the scanner to test all the servers, just the application we tell it to. In the plugin description, ...