How to use w3af in kali linux
Intro – w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.
1. How to open
A. GUI Method
Application → Kali linux→ Web Applications→ Web Vulnerability Scanners→ w3af (click image for large view)
B. Open Terminal, type w3af and hit enter
2. We can choose profile. I recommend full_audit. First of all click on full_audit than you will see a dialogue box just click Yes there.
3. Now we are ready to scan so write your URL on Target filed and click on start for starting the scan.
4. We have one more option if we want to scan our target on some particular plugins than we can check or uncheck those plugins. W3af will scan your target url only on the basis of those plugins. I recommend it for advance user or for those who knows there target and want to scan particular vulnerabilities.
5. After finishing the scan carefully read log area If your site has vulnerabilities than it will show you the vulnerabilities.
6. If you want to know about your site’s vulnerabilities than just go to Result tab → KB browser here you will see which type of vulnerability your website have and many other information.
7. We can see php based url by going Result → URLs
8. You can also see your site’s vulnerability type etc on Exploit tab.
9. As we noticed the URL in image no 6 so just type the url on your address bar than put your XSS script and see the magic.
(click image for large view)
Like it ? Share it.