w3af Web applicaiton Attack and Audit Framework,基于python语言开发 此框架的目标是帮助你发现和利用所有WEB应用程序漏洞 9大类近plugin audit infrastructure grep evasion mangle auth bruteforce outpput crawl |
W3af 安装(kali自带版本执行扫描时挂死)
cd ~
apt-get update
apt-get install -y python-pip w3af
pip install --upgrade pip
git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_console (./w3af_gui)
apt-get build-dep python-lxml
./tmp/w3af_dependency_install.sh
[email protected]:~# ps aux | grep w3af
[email protected]:~# kill -9 1944 1495 1497 1508
[email protected]:~# cd ~
[email protected]:~# apt-get update
[email protected]:~# apt-get install -y python-pip w3af
[email protected]:~# pip install --upgrade pip
[email protected]:~# git clone https://github.com/andresriancho/w3af.git
[email protected]:~/w3af# ./w3af_console //命令行界面
W3af 升级 git pull 创建快捷方式 /usr/share/applications/w3af.desktop 用户接口 Console Gui API |
[email protected]:~/w3af# cp /usr/share/applications/w3af.desktop /root/桌面/
[Desktop Entry]
Exec=sh -c "/root/w3af/w3af_gui"
[email protected]:~/w3af# cd
[email protected]:~# cd 桌面
[email protected]:~/桌面# chmod +x w3af.desktop
[email protected]:~/桌面# cd
[email protected]:~# cd w3af
[email protected]:~/w3af# ./w3af_console //命令行界面
W3af W3af_console help #显示可用指令 plugin #进入plugin子命令 Help #显示可用指令 list sqli xxs #选择使用的audi插件 http-setting / misc-setings #全局配置 help view #查看可配置的参数 set #设置参数 back #回到上一级命令 |
[email protected]:~/w3af# ./w3af_console //命令行界面
w3af>>> help
w3af>>> plugins
w3af/plugins>>> help
w3af/plugins>>> list aduit
w3af/plugins>>> list grep
w3af/plugins>>> list auth
w3af/plugins>>> list aduit
w3af/plugins>>> aduit xss sqli lfi
w3af/plugins>>> list aduit
w3af/plugins>>> aduit all
w3af/plugins>>> help
w3af/plugins>>> grep all
w3af/plugins>>> crwal
w3af/plugins>>> crwal web_spider
w3af/plugins>>> back
w3af>>> help
w3af>>> profiles
w3af/profiles>>> help
w3af/profiles>>> list
w3af/profiles>>> save_as test
w3af/profiles>>> help
w3af/profiles>>> use fast_scan
w3af/profiles>>> back
w3af>>> help
w3af>>> http-settings
w3af/config:http-settings>>> help
w3af/config:http-settings>>> view
w3af/config:http-settings>>> set rand_user_agent ture
w3af/config:http-settings>>> save
The configuration has been saved.
w3af/config:http-settings>>> back
The configuration has been saved.
w3af>>> help
w3af>>> misc-settings
w3af/config:misc-setting>>> help
w3af/config:misc-setting>>> view
w3af/config:misc-setting>>> back
w3af>>> help
w3af>>> target
w3af/config:target>>> help
w3af/config:target>>> view
w3af/config:target>>> set target
w3af/config:target>>> view
w3af/config:target>>> back
w3af>>> profiles
w3af/profiles>>> save_as test1
W3af Profiles save_as self-contained save_as test self-contained Target set target Start Script scrpt/*.w3af |
[email protected]:~# cd w3af
[email protected]:~/w3af# ls
[email protected]:~/w3af# cd scripts/
[email protected]:~/w3af/scripts# ls
[email protected]:~/w3af/scripts# cat sqli.w3af
