application development framework
Use w3af to identify more than 200 vulnerabilities and reduce your site s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations.
For a complete reference for all plugins and vulnerabilities read through the plugin documentation.
Easy to use and extend
The w3af framework has both a graphical and console user interface, in less than 5 clicks and using the predefined profiles it is possible to audit the security of your web application.
w3af is fully written in Python, and very well documented. Use your development skills to fork our GitHub repository, modify our code and identify new vulnerabilities.
Used previous w3af releases and run into nasty bugs? Don t worry, we noticed. Give the new version a try and find out why we ve proud of the new and completely rewritten w3af.
Test Driven Development, unittests, integration tests and continuous integration are terms that we ve learned to love during the major rewrite that was recently completed.
If you re a Linux user we recommend you download the source from out GitHub repository:
w3af is a Web Application Attack and Audit Framework. The project s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0.
Our project has an interesting history which has defined our long and short term objectives and told us many important lessons. Don’t forget to follow our blog and twitter account for news, releases and feedback.
- RT @BelindaChoong: Cesar Cerrudo and Lucas Apa in an interview with China Shandong TV Station #HITBGSEChttps://t.co/ss0jM3U4rB
[3 days ago]
[1 week ago]
The easiest way to learn about what w3af is and how you can use it to secure your web applications is to take our project tour and read our FAQ.