VULNERABILITY: w3af (en)

From OnnoWiki
Revision as of 15:41, 6 January 2025 by Onnowpurbo (talk | contribs) (Created page with "W3AF is a feature-rich web attack application and audit framework that aims to detect and exploit web vulnerabilities. The entire application security assessment process is au...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

W3AF is a feature-rich web attack application and audit framework that aims to detect and exploit web vulnerabilities. The entire application security assessment process is automated, and the framework is designed to follow three main steps: discovery, audit, and attack. Each of these steps includes multiple plugins, which can help auditors focus on specific testing criteria. All these plugins can communicate and share test data to achieve the desired objectives. It supports the detection and exploitation of several web application vulnerabilities including SQL injection, cross-site scripting, remote and local file inclusion, buffer overflows, XPath injection, OS command injection, application misconfigurations, and so forth. For more information about each available plugin, visit: http://w3af.sourceforge.net/plugin-descriptions.php.

The installation of w3af can be done using the command, 

cd ~
apt install libcrypto++-dev
apt-get update
apt-get install -y python-pip w3af
pip install --upgrade pip
git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_console
. /tmp/w3af_dependency_install.sh

Once installed, to run W3AF, navigate to

Kali Linux > Web Applications > Web Vulnerability Scanners > w3af (Console)

or use the console to run the following command: 

w3af_console

This will place you in the personalized W3AF console mode (w3af >>>). Note that the GUI version of this tool is also available at the same menu location, but we prefer to introduce the console version to you due to its flexibility and ease of customization. 

w3af>>> help

This will display all basic options that can be used to configure the tests. You can use the help command whenever you need assistance to know specific options. In this exercise, first configure the output plugin, enable selected audit tests, set the target, and run the scanning process against the target site using the following commands: 

w3af>>> plugins
w3af/plugins>>> help
w3af/plugins>>> output
w3af/plugins>>> output console, htmlFile
w3af/plugins>>> output config htmlFile
w3af/plugins/output/config:htmlFile>>> help
w3af/plugins/output/config:htmlFile>>> view
w3af/plugins/output/config:htmlFile>>> set verbose True
w3af/plugins/output/config:htmlFile>>> set fileName testreport.html
w3af/plugins/output/config:htmlFile>>> back
w3af/plugins>>> output config console
w3af/plugins/output/config:console>>> help
w3af/plugins/output/config:console>>> view
w3af/plugins/output/config:console>>> set verbose False
w3af/plugins/output/config:console>>> back
w3af/plugins>>> audit
w3af/plugins>>> audit htaccessMethods, osCommanding, sqli, xss
w3af/plugins>>> back
w3af>>> target
w3af/config:target>>> help
w3af/config:target>>> view
w3af/config:target>>> set target http://testphp.example.com/
w3af/config:target>>> back
w3af>>>

At this point, we have configured all the necessary test parameters. Our target will be evaluated against SQL injection, cross-site scripting, OS commanding, and htaccess configuration errors using the following code: 

w3af>>> start
Auto-enabling plugin: grep.error500
Auto-enabling plugin: grep.httpAuthDetect
Found 2 URLs and 2 different points of injection.
The list of URLs is:
- http://testphp.example.com/
- http://testphp.example.com/search.php?test=query
The list of fuzzable requests is:
[ 227 ]Vulnerability Mapping
- http://testphp.example.com/ | Method: GET
- http://testphp.example.com/search.php?test=query | Method: POST |
Parameters: (searchFor="")
Starting sqli plugin execution.
Starting osCommanding plugin execution.
A possible OS Commanding was found at:
"http://testphp.example.com/search.php?test=query", using
HTTP method POST. The sent post-data was:
"searchFor=run+ping+-n+3+localhost&goButton=go".Please review manually.
This information was found in the request with id 22.
Starting xss plugin execution.
Cross Site Scripting was found at:
"http://testphp.example.com/search.php?test=query",
using HTTP method POST. The sent post-data was:
"searchFor=<ScRIPt/SrC=http://x4Xp/x.js></ScRIPt>&goButton=go". 

This vulnerability affects Internet Explorer 6, Internet Explorer 7, Netscape with IE rendering engine, Mozilla Firefox, Netscape with Gecko rendering engine. This vulnerability was found in the request with id 39. Starting htaccessMethods plugin execution. Finished scanning process.

As you can see, we have found several serious security vulnerabilities in the target web application. As per our configuration, the default location for the testing report (HTML) is /usr/share/web/w3af/testreport.html, detailing all vulnerabilities including debug information about each data request and response transferred between W3AF and the target web application. The test case we provided in the previous code does not reflect the use of other useful plugins, profiles, and exploitation options. Therefore, we highly recommend that you practice through the various exercises available in the user guide, which is available at

Retrieved from "https://onnocenter.or.id/wiki/index.php?title=VULNERABILITY:_w3af_(en)&oldid=71778"