Форум АНТИЧАТ

Форум АНТИЧАТ (https://forum.antichat.xyz/index.php)
-   Forum for discussion of ANTICHAT (https://forum.antichat.xyz/forumdisplay.php?f=72)
-   -   w3af (https://forum.antichat.xyz/showthread.php?t=54283)

Fugitif 24.11.2007 04:20
w3af
 
W3af - Web Application Attack and Audit Framework

Цитата:
w3af is Web application attack and Audit Framework. This project is currently hosted at SourceForge. For further information, you may also want to visit w3af SourceForge project page.
This is the complete list of features provided by xUrllib:

Цитата:
- Proxy
- Proxy auth ( basic and digest )
- Site auth ( basic and digest )
- Gracefully handle timeouts
- UserAgent faking
- Add custom headers to requests
- Cookie handling
- Local cache for GET and HEAD requests
- Local dns cache, this will speed up scannings. Only one request is made to the DNS server
- Keep-alive support fot http and https connections
- File upload using multipart POST requests
- SSL certificate support
Audit:

Цитата:
- SQL injection detection
- XSS detection
- SSI detection
- Local file include detection
- Remote file include detection
- Buffer Overflow detection
- Format String bugs detection
- OS Commanding detection
- Response Splitting detection
- LDAP Injection detection
- Basic Authentication bruteforce
- File upload inside webrot
- htaccess LIMIT misconfiguration
- SSL certificate validation
- XPATH injection detection
- unSSL (HTTPS documents can be fetched using HTTP)
- dav
Discovery:

Цитата:
- Pykto, a nikto port to python
- Hmap, http fingerprinting.
- fingerGoogle, finds valid user accounts in google.
- googleSpider, a spider that uses google.
- webSpider, a classic web spider.
- robotsReader
- urlFuzzer
- serverHeader, fetches server header
- allowedMethods, gets a list of allowed HTTP methods.
- crossDomain, get and parse the flash file crossdomain.xml
- error404page, generate a regular expression to match 404 pages.
- sitemapReader, read googles sitemap.xml and parse it.
- spiderMan, using a localproxy and a human, find new URLs for auditing.
- webDiff, find differences between a local and a remote directory.
- wsdlFinder, find and parse WSDL and DISCO files.
Grep:

Цитата:
- collectCookies
- directoryIndexing
- findComments
- pathDisclosure
- strangeHeaders
- grep for pages using ajax and report them
- domXss, find DOM cross site scripting vulnerabilities.
- errorPages, search for eror pages that are too descriptive.
- fileUpload, find forms with file upload capabilities.
- getMails
- http authentication detection
- objects detection
- privateIP disclosure detection
- wsdlGreper, greps every page searching for WSDL documents.

Attack:

Цитата:
- davShell
- fileUploadShell
- googleProxy
- localFileReader
- mysqlWebShell
- osCommandingShell
- remoteFileIncludeShell
- rfiProxy
- sqlmap
- xssBeef
And many others....


Download:


http://sourceforge.net/project/downl...r.bz2&66912893


Время: 08:25