Scanning with w3af

W3af stands for Web Application Audit and Attack Framework. It is an open source, Python-based Web vulnerability scanner. It has a GUI and a command-line interface, both with the same functionality. In this recipe, we will perform a vulnerability scan using W3af's GUI to configure the scanning and reporting options.

How to do it...

  1. To start W3af, we can select it from the Applications menu by navigating to Applications | 03 Web Application Analysis | w3af. or from the terminal:
    w3af_gui
    
  2. In the Profiles section, we select full_audit.
  3. In the plugins section, go to crawl and select web_spider (the one that is checked) inside it.
  4. We don't want the scanner to test all the servers, just the application we tell it to. In the plugin description, ...

Get Kali Linux Web Penetration Testing Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.