TOOLS |

w3af web application security testing framework stable released

The latest version of w3af has been released and its a "stable" 1.0 release.

To fire it up on Ubuntu only a couple of steps are required:

Download the latest version from here: https://w3af.org/download

w3af logo
sudo apt-get install python-nltk python-soappy python-lxml python-svn python-scapy graphviz

tar jxvf w3af-1.0-stable.tar.bz2
./w3af_gui

The first thing to notice is the shiny new splash screen highlighting the new owner of the project that being Rapid7.

A notice that I don't have the latest update appears, so auto update is performed after confirmation.

Following some local testing of random wordpress plugins in a turnkey linux virtualbox host I found the w3af framework to be much improved in terms of stability and speed. This is a welcome improvement as previously python traces and broken scans was annoying enough to make it unusable unless stepping through and performing one or two audit plugins at a time.

Further exploration is required, as the potential for an excellent open source web application testing framework has always been there. I expect to see closer integration between Metasploit and w3af in future releases.