The latest version of w3af has been released and its a “stable” 1.0 release.
To fire it up on Ubuntu only a couple of steps are required:
Download the latest version from here: http://sourceforge.net/projects/w3af/files/
sudo apt-get install python-nltk python-soappy python-lxml python-svn python-scapy graphviz
tar jxvf w3af-1.0-stable.tar.bz2
The first thing to notice is the shiny new splash screen highlighting the new owner of the project that being Rapid7.
A notice that I don’t have the latest update appears, so auto update is performed after confirmation.
Following some local testing of random wordpress plugins in a turnkey linux virtualbox host I found the w3af framework to be much improved in terms of stability and speed. This is a welcome improvement as previously python traces and broken scans was annoying enough to make it unusable unless stepping through and performing one or two audit plugins at a time.
Further exploration is required, as the potential for an excellent open source web application testing framework has always been there. I expect to see closer integration between Metasploit and w3af in future releases.