Tobias,
On Thu, Jan 3, 2013 at 7:31 AM, assm...@skygate.de wrote:
Hello dear developers,
first of all I would like to thank all of you for the great work you
are doing on w3af.
Thanks!
I started using it some time ago and have come across the following
issue:
Scanning a customers
Dom,
On Sun, Jan 6, 2013 at 7:31 AM, Dominique RIGHETTO
dominique.righe...@gmail.com wrote:
Hi,
Replacement of String by NamedTuple done in find_vulns() function + UT
update. NamedTuple are a very cool feature ;)
I'm glad you liked, it's something I too discovered a short time ago,
UT
in a console:
$ python
import scapy
Regards,
Best regards,
Johannes
Am 10.01.2013 23:17, schrieb Andres Riancho:
Johannes,
While I appreciate the effort, I wouldn't recommend you package it
yet. The dependencies have changed in the last days and could change
once again in the following
Johannes,
w3af uses a temp dir which is (@see temp_dir.py):
TEMP_DIR = os.path.join(get_home_dir(), 'tmp', str(os.getpid()))
To store temp data, make sure that it has permissions to that
directory. Also, it could be that the creation of the pyc files is
failing because of strict
Dom,
I've merged your changes into threading2 [0] and made use of the
high-level function in the xss.py plugin [1]. All looks good :)
Now that you've got the base CSP parsing ready, do you want to
continue and write the grep plugin that reports insecure CSP policies
around it?
[0]
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://righettod.github.com
No trees were killed to send this message, but a large number of electrons
were terribly inconvenienced.
On Fri, Jan 18, 2013 at 2:16 PM, Andres Riancho andres.rian...@gmail.com
wrote:
Dom
Taras,
On Tue, Jan 22, 2013 at 7:15 AM, Taras ox...@oxdef.info wrote:
Andres,
w3af's code repo has been migrated to github!
Great news! So it's time to study git...:)
That's right :) We'll have to learn something new. This helped me out
during these first days:
to it.
Cheers,
Andres.
On Tue, Jan 22, 2013 at 10:00 AM, Andres Riancho andres.rian...@gmail.com
wrote:
Taras,
On Tue, Jan 22, 2013 at 7:15 AM, Taras ox...@oxdef.info wrote:
Andres,
w3af's code repo has been migrated to github!
Great news! So it's time to study git...:)
That's right
repository, I would love to keep that
repo as clean as possible so that users doing git clone ... don't
suffer.
On Monday 04 February 2013 01:38 Andres Riancho wrote:
Lists,
One of the things I still haven't defined after migrating from
sourceforge to github is where we'll put releases
-downloads-screen , which is
exactly what we need; but was deprecated by github :(
So w3af can be downloaded here:
https://github.com/andresriancho/w3af/tags
On Monday 04 February 2013 01:38 Andres Riancho wrote:
Lists,
One of the things I still haven't defined after migrating from
sourceforge
would love a github solution for this :(
[0] http://www.openshot.org/download/
[1] https://launchpad.net/openshot/+download
Cheerios
On Sun, Feb 3, 2013 at 6:38 PM, Andres Riancho andres.rian...@gmail.com
wrote:
Lists,
One of the things I still haven't defined after migrating from
List,
It's been a long time but I've translated this thread into a
Github issue that you might be interested in reading:
https://github.com/andresriancho/w3af/issues/53
There's a company (still can't mention them because I haven't
talked about how they want to handle this) that's
Guys,
I've been seeing more and more projects [1] using travis-ci [0]
for continuous integration and given that w3af already has lots of
unittests it sounds like the natural next step to use a CI system [2].
Anyone with experience on Travis-CI? Any contributor wants to help
me configure
, Feb 7, 2013 at 12:25 AM, Andres Riancho andres.rian...@gmail.com
wrote:
Guys,
I've been seeing more and more projects [1] using travis-ci [0]
for continuous integration and given that w3af already has lots of
unittests it sounds like the natural next step to use a CI system [2
Taras,
After many months of ignoring this plugin, I finally unittested it
[0] and completed the coding [1][2]. Given that it was your original
work, I figured out you wanted to review the final version, since it
has some changes (removed one of the checks for example).
The code has many
Dom,
Thanks for the update, I just wrote a Contributing 101 document
with 10 steps for contributing with the w3af project using github:
https://github.com/andresriancho/w3af/wiki/Contributing-101
If you decide to follow it, let me know if it has any missing pieces
Regards,
On
List,
I'll be offline until March 6th. Don't expect any answers from me
during this period.
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
I'm still on vacations, just checked emails and saw at least 5 new threads
in the Mailing list. I won't be able to answer them until March 7th.
Someone else could answer, after all this is a Community, rigth? :)
--
Dom,
On Mon, Mar 11, 2013 at 2:50 AM, Dominique Righetto
dominique.righe...@gmail.com wrote:
Hi,
I think that it can be an idea, in order to supports Windows platform, to
provide a Cygwin bundle in the same way than ARACHNI:
Arachni does not yet run natively on Windows systems, however
Dom,
On Mon, Mar 11, 2013 at 2:42 AM, Dominique Righetto
dominique.righe...@gmail.com wrote:
Hi,
A first draft of the csp grep plugin is implemented with unit tests and PHP
scripts.
For the moment, it list all csp vulns found for each url but I will continue
to work on it in order to apply
Dom,
On Sat, Mar 9, 2013 at 5:33 AM, Dominique RIGHETTO
dominique.righe...@gmail.com wrote:
Hi,
As I started using Contributing 101
Today I've been working on improving that wiki page, mostly because of
the w3af workshop I'll be delivering @ ISSA Charlotte (more on this on
a later email). The
Dom,
On Wed, Mar 13, 2013 at 5:00 PM, Dominique RIGHETTO
dominique.righe...@gmail.com wrote:
Hi,
Sorry for delay, I have searched how to push my git flow feature branch to
my w3af repository fork = git push origin feature/csp_plugin ;o)
On
:18 PM, Andres Riancho andres.rian...@gmail.com
wrote:
Stephen,
I've implemented a couple of test scripts for HTTP Parameter
Pollution that you can see here:
http://sourceforge.net/apps/trac/w3af/browser/extras/testEnv/webroot/w3af/audit/hpp
You might find them useful for testing
Same as with the HPP stuff, this has been sitting in my inbox for way
too much time. Created this issue so that everyone can follow up:
https://github.com/andresriancho/w3af/issues/168
On Fri, May 4, 2012 at 11:10 AM, Stephen Breen breen.mach...@gmail.com wrote:
Usually we keep things like
- (16 hours ago) add filename and path bruteforce by the
correct way — Tomas Velazquez (filebrute)
| * 2f2aae1 - (4 days ago) add bruteforce files to dir_bruter — Tomas Velazquez
|/
* 874c67d - (8 days ago) Skip evasion tests which I'm not sure how to
fix. Also creating issue #193 — Andres Riancho
Created a new pull-request just for fun:
https://github.com/andresriancho/w3af/pull/196
On Thu, Apr 4, 2013 at 1:07 PM, Andres Riancho andres.rian...@gmail.com wrote:
Tomas,
I've been hating you for the last 40 minutes of my life ;) The
good thing is now I know about git cherry-pick
Taras, List,
I'm doing a branch cleanup, many old and outdated branches have
been removed in the last minutes. Some were mine and some were
inactive for at least 2 years. Those were easy to remove, but now we
have the oxdef branch [0] which actually has something that users
might be
Something similar happens with [0] but most of that code is already in
master. Please advise.
[0] https://github.com/andresriancho/w3af/compare/master...taras
On Sat, Apr 13, 2013 at 4:57 PM, Andres Riancho
andres.rian...@gmail.com wrote:
Taras, List,
I'm doing a branch cleanup, many old
Guys,
I merged threading2 into master. The threading2 branch will be
shortly removed and you shouldn't use it anymore. The master branch
is where you want to be! :D
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
Ulises,
On Tue, Apr 16, 2013 at 10:26 PM, Ulises Cuñé ulise...@gmail.com wrote:
Andres,
I report this bug
git clone https://github.com/andresriancho/w3af.git
cd w3af
apt-get -y install python2.6-dev
If you run ./w3af_console before installing the python2.6-dev package,
does w3af ask you
Johannes,
On Sun, Apr 28, 2013 at 8:33 AM, jweberho...@weberhofer.at wrote:
Dear all!
After some pause, I'm working on RPM packages of the current master
branch, which looks very promising. Still I have two issues:
That sounds great, totally recommend building from it.
1) On startup, I
that setup.py compiles py to pyc when you
install a module in site-packages. This is an interesting question to
solve :)
Am 28.04.2013 21:48, Andres Riancho wrote:
Johannes,
On Sun, Apr 28, 2013 at 8:33 AM, jweberho...@weberhofer.at wrote:
Dear all!
After some pause, I'm working on RPM packages
Johanes,
On Mon, Apr 29, 2013 at 12:05 PM, Johannes Weberhofer
jweberho...@weberhofer.at wrote:
Am 29.04.2013 16:00, schrieb Andres Riancho:
On Mon, Apr 29, 2013 at 6:37 AM, Johannes Weberhofer
jweberho...@weberhofer.at wrote:
Andres,
thank you for your notes. Unfortunately I'm my
Johannes,
On Tue, Apr 30, 2013 at 8:36 AM, Johannes Weberhofer
jweberho...@weberhofer.at wrote:
Yes, it's the same bug as the one you're finding in the console,
created [0] for this. Will try to fix it today,
[0] https://github.com/andresriancho/w3af/issues/294
I think it's fixed now.
Andri,
On Sat, May 4, 2013 at 10:47 AM, Andri Herumurti vynx_1...@yahoo.com wrote:
Dear all,
It is possible to pass file that currently scanning by w3af to anti
malware/anti virus to scan ?
Since currently there is some file like java that content malware/infected.
100% possible, but
2013, at 00:26, Andres Riancho andres.rian...@gmail.com wrote:
Andri,
On Sat, May 4, 2013 at 10:47 AM, Andri Herumurti vynx_1...@yahoo.com wrote:
Dear all,
It is possible to pass file that currently scanning by w3af to anti
malware/anti virus to scan ?
Since currently there is some file
://github.com/andresriancho/w3af/blob/master/plugins/grep/xss_protection_header.py
If you create this plugin, please use a backend malware scanner
which is open source, freely available, well supported and GPLv2
license compatible.
Regards,
Regards
Andri
On 5 Mei 2013, at 09:53, Andres Riancho
vints...@gmail.com wrote:
Well I'd love to take this on with some help from you, Andres!
Many thanks
-Daniel
—
Sent from Mailbox for iPhone
On Fri, May 10, 2013 at 9:11 AM, Andres Riancho andres.rian...@gmail.com
wrote:
Lists,
After reading Practical HTTP Host header attacks [0] I
Dom,
Thanks for this :) There was an old version here [0], hidden in
our repository. What do you think we should do? Remove the one in our
repo and keep the one in vim.org? Keep both updated seems dumb...
maybe our w3af.vim should point users to the one in vim.org?
[0]
10.05.2013 15:23, schrieb Andres Riancho:
Great :) So lets start right away. Please read the article, and try to
identify the different vulnerabilities which are present there. Once
you've got that, think about which ones could be automated with w3af
and send an email to this thread.
At this point
List,
I've developed a new plugin which uses ClamAV to find malware on
your site. The basic idea is that w3af will send all http response
bodies to clamd, and then report any findings it returns.
I need your help for testing! Follow these steps if you've got
some minutes to spare:
git
Achim,
On Wed, May 15, 2013 at 9:53 AM, Achim Hoffmann webse...@sic-sec.org wrote:
Hi all,
I'm searching for a plugin which can multiple encode a payload.
Does such a thing exist in w3af?
No, it doesn't. w3af doesn't play with encoding as much as it should.
As a side note, I think I
Am 15.05.2013 15:41, schrieb Andres Riancho:
Achim,
On Wed, May 15, 2013 at 9:53 AM, Achim Hoffmann webse...@sic-sec.org wrote:
Hi all,
I'm searching for a plugin which can multiple encode a payload.
Does such a thing exist in w3af?
No, it doesn't. w3af doesn't play with encoding
Lists,
I've been working hard on making w3af a python module, the
information, and of course a request for all here [0].-
[0] http://w3af.org/import-w3af
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG:
Saleem,
On Fri, Jun 21, 2013 at 12:31 PM, saleem asaleemud...@cdac.in wrote:
Hi all ,
I have written a script which uses w3af script in the background, and trying
to execute that script through browser , but i am not getting any output if
i do the same in the terminal i am getting the output
, Andres Riancho wrote:
Saleem,
On Fri, Jun 21, 2013 at 12:31 PM, saleem asaleemud...@cdac.in wrote:
Hi all ,
I have written a script which uses w3af script in the background, and
trying
to execute that script through browser , but i am not getting any output
if
i do the same
not getting the file generated if i run the code from
the browser or by normal user.
root user is able to generate the files using the same code .
please help me out !
On Monday 24 June 2013 04:14 PM, Andres Riancho wrote:
Saleem,
On Mon, Jun 24, 2013 at 1:11 AM, saleem asaleemud
:58 PM, Andres Riancho wrote:
On Mon, Jun 24, 2013 at 8:08 AM, saleem asaleemud...@cdac.in wrote:
thanks for the response andrews.
Why do you suspect of permissions issue?
I suspect permission issue because when i run the code as root user in
the
terminal it is generating the output file
, i am
using mozilla browser .
The browser has nothing to do with all this. In any case it's PHP and
the way you call w3af from it.
On Monday 24 June 2013 06:04 PM, Andres Riancho wrote:
Saleem,
On Mon, Jun 24, 2013 at 9:14 AM, saleem asaleemud...@cdac.in wrote:
Thanku so much
and if same i
run as www-data user i am unable to get the output xml file .
please guide me in setting right permissions so that i can get XML as output
file .
On Tuesday 25 June 2013 05:07 PM, Andres Riancho wrote:
On Tue, Jun 25, 2013 at 7:06 AM, saleem asaleemud...@cdac.in wrote
asaleemud...@cdac.in
i have given all permissions to that folder , still i am not able to
generate the file .
On Tuesday 25 June 2013 05:30 PM, Andres Riancho wrote:
Nothing special. The directory /var/www/scanreports/ needs to be
writable by the www-data user.
On Tue, Jun 25, 2013 at 8:56 AM
have seen a
error like ---
An internal error occurred while searching for id 36, even after
commit/retry Liked it
what is the possibility of getting this error ??
On Tuesday 25 June 2013 05:30 PM, Andres Riancho wrote:
Nothing special. The directory /var/www/scanreports/ needs
The xss [0] plugin is a good example for what you're trying to
achieve. The interesting parts are:
fake_mutants = create_mutants(freq, ['',])
Where you create mutants (modified http requests) based on a fuzzable
request (which is the result of the crawling phase) with a fake
value of an
On Sun, Jul 14, 2013 at 4:49 AM, Dominique RIGHETTO
dominique.righe...@gmail.com wrote:
Hi Tomas,
Thanks you very much.
I try to understand the objective of each of the value in
[-012345, -2147483649, -2147483648, 012345, 2147483647,
2147483648, 4294967295, 4294967296, 023456].
regards,
Dominique Righetto
dominique.righe...@gmail.com
dominique.righe...@owasp.org
Twitter: @righettod
GPG: 0x323D19BA
http://www.righettod.eu
No trees were killed to send this message, but a large number of electrons
were terribly inconvenienced.
On Mon, Jul 15, 2013 at 1:54 PM, Andres
???
On Wednesday 26 June 2013 09:01 PM, Andres Riancho wrote:
I would disable the XML output plugin, enable the text plugin with
debug, run the scan and analyze the output
On Wed, Jun 26, 2013 at 12:13 PM, Laurent Guyon
laurent.gu...@algosecure.fr wrote:
Hi,
I've got the same error, with the same
.
Maybe you and I can work on this further to get a better idea of how it will
work?
On Mon, Jul 29, 2013 at 8:24 AM, Andres Riancho andres.rian...@gmail.com
wrote:
Dom,
On Fri, Jul 26, 2013 at 4:41 PM, Dominique Righetto
dominique.righe...@gmail.com wrote:
Hi,
I have spend the 2 last
I don't understand, why do you want to ignore __init__.py files? They
are actually used for stuff and required to be there. Also, they don't
change unless you do something to them.
On Sat, Aug 17, 2013 at 6:23 AM, Dominique RIGHETTO
dominique.righe...@gmail.com wrote:
Hi,
I have just found a
Guillaume,
On Thu, Aug 22, 2013 at 8:04 AM, Guillaume Rousse
guillomovi...@gmail.com wrote:
Hello.
I've troubles packaging w3af for mageia (more exactly, updating the
current package from 1.1 to 1.5), because of dependencies management.
Here is the list of dependencies given in
Guys,
We already have a clamav plugin that will identify if an http
response body (usually a PE, DLL, ELF, PDF, DOC etc.) contains a virus
or not. The other day I was thinking about how to improve this and
came up with the idea of using snort rules to detect malware [0]
The idea is
vynx_1...@yahoo.com wrote:
Hi Andres,
how if use Suricata than Snort ?
here is the comparison : http://wiki.aanval.com/wiki/Snort_vs_Suricata
Regards,
Andri
From: Andres Riancho andres.rian...@gmail.com
To: w3af-us...@lists.sourceforge.net w3af-us
on which ruleset is the best one to
use. Sent an email to the snort and suricata mailing lists to ask some
questions
Regards
Andri
On 6 Okt 2013, at 18.58, Andres Riancho andres.rian...@gmail.com wrote:
Maybe the focus should be moved away from the detection engines
(snort, suricata
Diana,
On Fri, Nov 8, 2013 at 4:46 PM, Diana Carolina Echeverria Rojas
minima...@gmail.com wrote:
Good afternoon engineers,
I do not know if this is the appropriate email account to ask the
following in yesterday w3af install the application on redhat 5.0 and I
could not use the
How w3af uses Continuous Integration [0]
http://w3af.org/how-w3af-uses-continuous-integration-to-improve
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
Israel,
Haven't tried with that specific version, but what's wrong with:
git clone g...@github.com:andresriancho/w3af.git
cd w3af
git checkout feature/module
./w3af_console
On Wed, Jan 22, 2014 at 6:00 PM, Israel Duvdavan
israelzero...@gmail.com wrote:
Hi, does anyone have a working way
:03:23 пользователь Andres Riancho
написал:
Taras,
Added that because it is the best thing to do. Search the
mailing
list for the issue we had with pdfminer, what happen there was:
* w3af had a requirement for pdfminer, any version
* w3af worked without issues
List,
One of my enhancements for future versions of w3af is to start
using a real ORM inside w3af [0] and while I'm thinking about it I
would like your inputs. For those who don't know exactly where the ORM
would be used, here is a summary:
* HTTP requests and responses (at least the
, Feb 18, 2014 at 2:15 PM, Taras ox...@oxdef.info wrote:
Andres,
Ok, I've got your opinion. Let's close this discussion.
17.02.2014 00:04, Andres Riancho пишет:
Taras,
On Sun, Feb 16, 2014 at 4:28 PM, Taras ox...@oxdef.info wrote:
Andres,
I think it is my last attempt to change your
Will continue working on this tomorrow, hopefully finishing during the
morning. Please report any bugs, typos, missing sections, etc. Thanks!
Regards,
On Thu, Mar 6, 2014 at 3:08 PM, Andres Riancho andres.rian...@gmail.com
wrote:
List,
After some analysis of the tools I was using to build
/HTML/PDF
06.03.2014 22:08, Andres Riancho пишет:
List,
After some analysis of the tools I was using to build the
documentation, the poor update frequency, low visibility (nobody reads
it?), and some other factors I've decided that:
* w3af's documentation will be moved from
List,
I've been fixing a lot of the bugs I prioritized last week, these
are the bugs blocking the next release:
* nosetests w3af/plugins/tests/audit/test_os_commanding.py is unstable
* Broken youtube links and url links
* AssertionError: Can NOT join a stopped consumer
* An exception was
Lists,
Talking with different users off-list, I've noticed that the
advanced users want to integrate w3af with other tools, and while this
is possible today (w3af console script + XML output) it is not the
best approach.
The world is moving towards REST APIs, and we're going there too.
A
/
On Thu, Mar 20, 2014 at 3:47 PM, Andres Riancho andres.rian...@gmail.com
wrote:
Lists,
Talking with different users off-list, I've noticed that the
advanced users want to integrate w3af with other tools, and while this
is possible today (w3af console script + XML output
List,
I'm trying to fix an ugly bug that only affects Mac users [0] and
because I don't have any installations of that OS it is really hard to
make any progress. Could someone give me a hand? All you need is some
time, minimal python knowledge and the will to help.
Find me at 2pm GMT-3
Andres
On Mar 21, 2014 12:53 PM, Andres Riancho andres.rian...@gmail.com wrote:
List,
I'm trying to fix an ugly bug that only affects Mac users [0] and
because I don't have any installations of that OS it is really hard to
make any progress. Could someone give me a hand? All you need
You chickened out ;) ;)
On Fri, Mar 21, 2014 at 1:31 PM, Robin Wood ro...@digininja.org wrote:
On 21 March 2014 16:26, Andres Riancho andres.rian...@gmail.com wrote:
Robin, Leandro,
Thanks for volunteering, to help please join the IRC [0] so we can
chat. I'm __apr__ at the #w3af channel
But... you do have osx to run some tests, right?
On Fri, Mar 21, 2014 at 1:58 PM, Leandro Reox leandro.r...@gmail.com wrote:
I have a mac ... but it runs Debias as main os :)
On Mar 21, 2014 1:38 PM, Robin Wood ro...@digininja.org wrote:
On 21 March 2014 16:35, Andres Riancho andres.rian
Andre,
On Fri, Mar 21, 2014 at 3:59 PM, Andre Daniels andre...@ucsc.edu wrote:
Andres,
Thanks for the insanely quick reply.
Hopefully I'll keep it this way :D
Sorry, I haven't yet figured out how to post to the actual thread...checking
docs...
Just reply to all to the email and it should
List,
Every now and then I ask for a favor, and... well... now I'm
asking for one! The next release will be on Monday, and I need you to
test w3af to make sure it doesn't have any critical bugs before I
merge into develop into master.
I've been working hard on fixing a ton of bugs,
)
print gtk.pygtk_version = (2, 12)
28.03.2014 01:18, Andres Riancho пишет:
List,
Every now and then I ask for a favor, nd... well... now I'm
asking for one! The next release will be on Monday, and I need you to
test w3af to make sure it doesn't have any critical bugs before I
merge
ImportError: No module named gtk
Outside:
$ python -c 'import gtk;print gtk.pygtk_version'
(2, 24, 0)
pygtk is installed as system package
$ dpkg -l | grep python-gtk
ii python-gtk2 2.24.0-3ubuntu1
28.03.2014 01:18, Andres Riancho пишет:
List
. /tmp/w3af_dependency_install.sh
Note the added --system-site-packages
On Sun, Mar 30, 2014 at 10:57 AM, Andres Riancho
andres.rian...@gmail.com wrote:
You might be hitting something like this [0], where your virtualenv
doesn't have access to the package installed using apt-get
[0] http
with --system-site-packages has helped, thanks.
P.S. I also had to delete some installed system packages like pdfminer
because of version conflicts.
30.03.2014 18:00, Andres Riancho пишет:
This might help:
cd ~
apt-get install -y python-pip # This step might change in your OS
pip install
That would be awesome. If you send me a pull request I'll hapily merge it.
El 30/03/2014 12:44, Achim Hoffmann webse...@sic-sec.org escribió:
Andrés, Taras,
it would be nice to get a w3af which runs on plain old unpatched systems
I.e. not everyone has, or can, or would like to install a bunch
/issues/485
[1] http://pythonwheels.com/
[2] https://www.docker.io/
Regards,
On Sun, Mar 30, 2014 at 12:59 PM, Andres Riancho
andres.rian...@gmail.com wrote:
That would be awesome. If you send me a pull request I'll hapily merge it.
El 30/03/2014 12:44, Achim Hoffmann webse...@sic-sec.org
,
workaround with --system-site-packages has helped, thanks.
P.S. I also had to delete some installed system packages like pdfminer
because of version conflicts.
30.03.2014 18:00, Andres Riancho пишет:
This might help:
cd ~
apt-get install -y python-pip # This step might change in your OS
No no, my first answer was the rude one!
El 30/03/2014 15:34, Achim Hoffmann webse...@sic-sec.org escribió:
Am 30.03.2014 18:23, schrieb Andres Riancho:
That came out a little bit rude... let me rephrase that
oops, sorry.
It just happend while I tried to run w3af on a second older (than
Regards,
On Wed, Apr 2, 2014 at 12:30 AM, Christian Heinrich
christian.heinr...@cmlh.id.au wrote:
Andres,
I can assist and have maintained a package for Kali Linux since December 2012.
On Wed, Apr 2, 2014 at 2:47 AM, Andres Riancho andres.rian...@gmail.com
wrote:
List,
Anyone
Integration (CI) for Kali
Linux however CI should be possible with Tox and Jenkins. You have
also raised Tox in the past within
https://github.com/andresriancho/w3af/issues/1048
On Fri, Apr 4, 2014 at 1:33 AM, Andres Riancho andres.rian...@gmail.com
wrote:
How do you believe we can improve
List,
If you're interested in the subject of automated detection of DOM
XSS vulnerabilities, I recommend you start following what's going on
on the tpjs [0] project.
I've been creating several issues with questions, feature
requests, etc. and most notably an idea about a REST API for
the list at
w3af-develop-ow...@lists.sourceforge.net
When replying, please edit your Subject line so it is more specific
than Re: Contents of W3af-develop digest...
Today's Topics:
1. Bug fixing sprint (Andres Riancho)
2. REST API for w3af (Andres Riancho)
3. Re: REST API
with
screenshots together and publish it on GitHub.
It was clear, thanks. No need for that wiki with screenshots.
Were you able to test the latest w3af in Kali? We packaged 1.6.0.1
Regards,
On Fri, Apr 4, 2014 at 10:34 PM, Andres Riancho
andres.rian...@gmail.com wrote:
Christian,
Did you
List,
1.6 was released 24 days ago and I'm happy to say that during
these days we've received many obscure / rare bug reports [0]. If
someone wants to help fix, please let me know, since I'm planning the
1.6.1 release (bug fixes for 1.6) for next month and I really need the
help!
[0]
cleanup upwards.
Cheers,
Owen
On Thu, Apr 24, 2014 at 8:47 PM, Andres Riancho andres.rian...@gmail.com
wrote:
List,
1.6 was released 24 days ago and I'm happy to say that during
these days we've received many obscure / rare bug reports [0]. If
someone wants to help fix, please let me
Sergio,
On Tue, Aug 5, 2014 at 5:42 PM, Sergio A foobarm...@gmail.com wrote:
Hi guys,
Yesterday, while playing with w3af I saw something (detailed below)
with the allowed methods plugin related to checking if the the http
CONNECT method is available in a server or not and I'd like to know if
List,
I've been working on a docker image for w3af [0], for those who've
been experimenting with the technology, could you give it a try and
let me know what you think?
If you want to help improve this docker image, the Dockerfile is
here [1] and pull requests are welcome.
I'll wait
List,
CircleCI, the continuous integration SaaS we use for building
w3af, is now providing a beta feature that allows open source projects
to show their CI builds. I've enabled the feature and now you're able
to see all the unit/functional tests run each time we change something
in w3af:
List,
I'm currently working on (the much needed) error handling
feature for w3af [0], the user story says:
I would like to have better handling for the case in which:
* My network connection died for a couple of seconds
* The server went offline for a couple of seconds
Currently w3af
PS: Please subscribe to the mailing list so you receive emails others send to it
On Wed, Sep 17, 2014 at 4:20 PM, Andres Riancho
andres.rian...@gmail.com wrote:
JB,
Sorry for the delay in the response, since you didn't subscribe to
the mailing list your email was in the moderation queue
JB,
Sorry for the delay in the response, since you didn't subscribe to
the mailing list your email was in the moderation queue (which I
rarely check, just accepted it because I saw your IRC message). Please
read inline:
On Mon, Sep 15, 2014 at 1:34 PM, Chuck Finley cf1n...@gmail.com wrote:
501 - 600 of 631 matches
Mail list logo