O'Reilly logo

Kali Linux Web Penetration Testing Cookbook by Gilberto Nájera-Gutiérrez

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Scanning with w3af

W3af stands for Web Application Audit and Attack Framework. It is an open source, Python-based Web vulnerability scanner. It has a GUI and a command-line interface, both with the same functionality. In this recipe, we will perform a vulnerability scan using W3af's GUI to configure the scanning and reporting options.

How to do it...

  1. To start W3af, we can select it from the Applications menu by navigating to Applications | 03 Web Application Analysis | w3af. or from the terminal:
    w3af_gui
    
  2. In the Profiles section, we select full_audit.
  3. In the plugins section, go to crawl and select web_spider (the one that is checked) inside it.
  4. We don't want the scanner to test all the servers, just the application we tell it to. In the plugin description, ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required