Scanning with w3af

W3af stands for Web Application Audit and Attack Framework. It is an open source, Python-based Web vulnerability scanner. It has a GUI and a command-line interface, both with the same functionality. In this recipe, we will perform a vulnerability scan using W3af's GUI to configure the scanning and reporting options.

How to do it...

To start W3af, we can select it from the Applications menu by navigating to Applications | 03 Web Application Analysis | w3af. or from the terminal:
```
w3af_gui
```
In the Profiles section, we select full_audit.
In the plugins section, go to crawl and select web_spider (the one that is checked) inside it.
We don't want the scanner to test all the servers, just the application we tell it to. In the plugin description, ...

Get Kali Linux Web Penetration Testing Cookbook now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Scanning with w3af

How to do it...

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly