Hacking, Hacking Tools, Vulnerability

Scanning for OWASP Top 10 Vulnerabilities with Metasploit for the Web(w3af)



w3af is an open source web application security scanner (OWASP Top 10) which enables developers and penetration testers to distinguish and exploit vulnerabilities in their web applications.

This tool also provides GUI framework but sadly most of the time GUI mode hangs up, most recommended ins to work with w3afconsole.

It is also called as “Metasploit for the web” but actually, it is more than that. w3af uses black-box scanning techniques and it has more than 130 plugins and can detect 200+ vulnerabilities including XSS, Injection, LFI, and RFI,CSRF

Also ReadOWASP TOP 10 Vulnerabilities and its Function

Scanning with w3af

To start with w3af [email protected]:~# w3af and then to load help menu w3af>>> help.

Scanning for OWASP Top 10 Vulnerabilities with w3af

To navigate the profiles w3af>>> profiles and to list all the possible options  w3af/profiles>>> list

Scanning for OWASP Top 10 Vulnerabilities with w3af



You need to select the Profile as OWASP_10 w3af/profiles>>> use OWASP_10

Scanning for OWASP Top 10 Vulnerabilities with w3af

Also read  : How to Do Penetration testing with your WordPress website detailed Explanation

Then you need to define the target to start the Scan w3af/profiles>>>back. to get back to the main menu and then

w3af>>> target

w3af/config:target>>> set target domain.com

w3af/config:target>>> save

w3af/config:target>>> back

It will save all the configurations.

Also Read  : XSSer automated framework to detect, exploit and report XSS vulnerabilities

Scanning for OWASP Top 10 Vulnerabilities with w3af

Then you need to start the scan with w3af.

w3af >> start

Scanning for OWASP Top 10 Vulnerabilities with w3af

Normally scan will take around 20 minutes, depends upon the target it may vary. Happy pentesting!!

Also Read Skipfish | Web application security scanner



Source : GBHackers



Previous ArticleNext Article
Founder and Editor-in-Chief of 'Professional Hackers India'. Technology Evangelist, Security Analyst, Cyber Security Expert, PHP Developer and Part time hacker.