W3af
De Linuxmemo.
(Différences entre les versions)
(→Config) |
(→Script de démarrage) |
||
| Ligne 37 : | Ligne 37 : | ||
set verbosity 5 | set verbosity 5 | ||
back | back | ||
| + | #profiles | ||
| + | #use full_audit | ||
| + | #back | ||
# could change this to audit all but just doing Cross Site Scripting Now | # could change this to audit all but just doing Cross Site Scripting Now | ||
#target | #target | ||
| - | #set target http://localhost | + | #set target http://localhost |
#back | #back | ||
| + | #start | ||
./w3af_console –s basic.w3af | ./w3af_console –s basic.w3af | ||
Version du 30 juillet 2015 à 12:47
Framework d'Attaque et d'Audit d'Application Web (w3af),
Install
git clone https://github.com/andresriancho/w3af.git
- Memo Python modules via proxy==
vim /tmp/w3af_dependency_install.sh
ajouter le proxy en httpS
sudo pip install --proxy "https://xxx.xxx.xxx.xxx:8080" module
si nécessaire
sudo pip install --proxy "https://xxx.xxx.xxx.xxx:8080" --timeout 30 module
Config
- plugin output
w3af>>> plugins w3af/plugins>>> output console,html_file w3af/plugins>>> output config html_file w3af/plugins/output/config:html_file>>> w3af/plugins/output/config:html_file>>> help w3af/plugins/output/config:html_file>>> view w3af/plugins/output/config:html_file>>> save
output_file ~/report.html File name where this plugin will write to
Script de démarrage
# Basic startup script plugins output console,html_File output output config html_File set verbosity 10 back output config console set verbosity 5 back #profiles #use full_audit #back # could change this to audit all but just doing Cross Site Scripting Now #target #set target http://localhost #back #start
./w3af_console –s basic.w3af
