Re: [W3af-users] how many attack pluggin and pattern are there in w3af ?
Please take a moment to read this document [0] and try again :) [0] http://www.catb.org/esr/faqs/smart-questions.html On Fri, Sep 23, 2016 at 5:31 AM, mohsen Abbaspour wrote: > hi > i have a question > how many attack plugin and pattern are there in w3af?? > pleaseintroduce more about it > tnx > -- > > > > > Check out my professional profile and connect with me on LinkedIn. > http://lnkd.in/RqFEqH > > -- > > ___ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
Re: [W3af-users] Regarding scan of w3af
Can't repro if you don't give me the details On Thu, Sep 22, 2016 at 8:26 AM, Suhas Lalige wrote: > I had enabled the same plugins and the target was also the same for the > second time. It was the same repetition of the first step but i'm not > getting the same result > > On 20 September 2016 at 23:52, Andres Riancho > wrote: > >> Suhas, >> >> Well... most likely the two scans had different plugins enabled. >> But if not... is there any way I can reproduce this potential issue? >> >> On Tue, Sep 20, 2016 at 11:44 AM, Suhas Lalige >> wrote: >> > Hi all >> > I'm new to w3af. I tried running the scan by enabling crawl and audit >> > plugin, first time I got SQL injection vulnerabilities second time when >> I >> > repeated it again I could not find any vulnerabilities please help me >> out in >> > solving this issue >> > Thanks >> > Suhas >> > >> > >> > >> -- >> > >> > ___ >> > W3af-users mailing list >> > W3af-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/w3af-users >> > >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> > > > > -- > > ___ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
Re: [W3af-users] facing issue while executing commands inside w3af console when connected through ssh connection handler
Ah, your initial bug report never mentioned pexpect. ^J is a control char, new line according to [0]. This doesn't seem to be a w3af problem. [0] http://www.robelle.com/smugbook/ascii.html On Fri, Sep 23, 2016 at 3:20 PM, ravi keerthi m d wrote: > Even I tried the same way it works.. But while using pexpect python module > I'm facing issue.. > > Let's think it's a pexpect issue, but the same module works for Metasploit, > nessus, etc.. > > On Sep 23, 2016 11:45 PM, "Andres Riancho" wrote: >> >> Works on my PC (tm) >> >> [pablo:/home/pablo] 35m40s $ ssh pablo@127.0.0.1 >> The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. >> ECDSA key fingerprint is a0:6d:ef:23:e0:e0:0a:3a:63:67:cd:1d:4f:79:4d:4e. >> Are you sure you want to continue connecting (yes/no)? yes >> Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. >> pablo@127.0.0.1's password: >> Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-96-generic x86_64) >> >> * Documentation: https://help.ubuntu.com/ >> >> Last login: Mon Aug 8 13:59:49 2016 >> [pablo@eulogias:/home/pablo] 1 $ cd pch/w3af/ >> [pablo@eulogias:/home/pablo/pch/w3af] master ± ./w3af_console >> w3af>>> plugins >> w3af/plugins>>> back >> w3af>>> exit >> >> Liked it? Donate some money! >> >> [pablo@eulogias:/home/pablo/pch/w3af] master 12s ± >> >> >> >> On Thu, Sep 22, 2016 at 4:42 PM, ravi keerthi m d >> wrote: >> > >> >> > Hi, >> >> > >> >> > Manually I am able to execute my w3af commands successfully. When >> >> > trying >> >> > to >> >> > execute same w3af commands using a ssh connection then it is >> >> > appending a >> >> > ^J, >> >> > so whatever commands I am executing it is executing like "^Jplugins". >> >> > >> >> > >> >> > Example: >> >> > root@kali# w3af_console >> >> > w3af >>> ^J >> >> > >> >> > this is the first output after executing w3af_console using ssh >> >> > connection >> >> > handler, now when I execute "plugins" command the output looks like >> >> > this >> >> > >> >> > >> >> > root@kali# w3af_console >> >> > w3af >>> ^Jplugins >> >> > >> >> > It is saying command not found. >> >> > >> >> > >> >> > Can you please help me out in this. Because using same ssh connection >> >> > handler I am able to run metasploit framework commands on msfconsole. >> >> > >> >> > >> >> > Thanks, >> >> > Ravi >> >> > >> >> > >> >> >> >> >> >> >> >> -- >> >> Andrés Riancho >> >> Project Leader at w3af - http://w3af.org/ >> >> Web Application Attack and Audit Framework >> >> Twitter: @w3af >> >> GPG: 0x93C344F3 >> > >> > >> > >> > -- >> > >> > ___ >> > W3af-users mailing list >> > W3af-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/w3af-users >> > >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
Re: [W3af-users] facing issue while executing commands inside w3af console when connected through ssh connection handler
Even I tried the same way it works.. But while using pexpect python module I'm facing issue.. Let's think it's a pexpect issue, but the same module works for Metasploit, nessus, etc.. On Sep 23, 2016 11:45 PM, "Andres Riancho" wrote: > Works on my PC (tm) > > [pablo:/home/pablo] 35m40s $ ssh pablo@127.0.0.1 > The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. > ECDSA key fingerprint is a0:6d:ef:23:e0:e0:0a:3a:63:67:cd:1d:4f:79:4d:4e. > Are you sure you want to continue connecting (yes/no)? yes > Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. > pablo@127.0.0.1's password: > Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-96-generic x86_64) > > * Documentation: https://help.ubuntu.com/ > > Last login: Mon Aug 8 13:59:49 2016 > [pablo@eulogias:/home/pablo] 1 $ cd pch/w3af/ > [pablo@eulogias:/home/pablo/pch/w3af] master ± ./w3af_console > w3af>>> plugins > w3af/plugins>>> back > w3af>>> exit > > Liked it? Donate some money! > > [pablo@eulogias:/home/pablo/pch/w3af] master 12s ± > > > > On Thu, Sep 22, 2016 at 4:42 PM, ravi keerthi m d > wrote: > > > >> > Hi, > >> > > >> > Manually I am able to execute my w3af commands successfully. When > trying > >> > to > >> > execute same w3af commands using a ssh connection then it is > appending a > >> > ^J, > >> > so whatever commands I am executing it is executing like "^Jplugins". > >> > > >> > > >> > Example: > >> > root@kali# w3af_console > >> > w3af >>> ^J > >> > > >> > this is the first output after executing w3af_console using ssh > >> > connection > >> > handler, now when I execute "plugins" command the output looks like > this > >> > > >> > > >> > root@kali# w3af_console > >> > w3af >>> ^Jplugins > >> > > >> > It is saying command not found. > >> > > >> > > >> > Can you please help me out in this. Because using same ssh connection > >> > handler I am able to run metasploit framework commands on msfconsole. > >> > > >> > > >> > Thanks, > >> > Ravi > >> > > >> > > >> > >> > >> > >> -- > >> Andrés Riancho > >> Project Leader at w3af - http://w3af.org/ > >> Web Application Attack and Audit Framework > >> Twitter: @w3af > >> GPG: 0x93C344F3 > > > > > > > -- > > > > ___ > > W3af-users mailing list > > W3af-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/w3af-users > > > > > > -- > Andrés Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > -- ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
Re: [W3af-users] facing issue while executing commands inside w3af console when connected through ssh connection handler
Works on my PC (tm) [pablo:/home/pablo] 35m40s $ ssh pablo@127.0.0.1 The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is a0:6d:ef:23:e0:e0:0a:3a:63:67:cd:1d:4f:79:4d:4e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '127.0.0.1' (ECDSA) to the list of known hosts. pablo@127.0.0.1's password: Welcome to Ubuntu 14.04.5 LTS (GNU/Linux 3.13.0-96-generic x86_64) * Documentation: https://help.ubuntu.com/ Last login: Mon Aug 8 13:59:49 2016 [pablo@eulogias:/home/pablo] 1 $ cd pch/w3af/ [pablo@eulogias:/home/pablo/pch/w3af] master ± ./w3af_console w3af>>> plugins w3af/plugins>>> back w3af>>> exit Liked it? Donate some money! [pablo@eulogias:/home/pablo/pch/w3af] master 12s ± On Thu, Sep 22, 2016 at 4:42 PM, ravi keerthi m d wrote: > >> > Hi, >> > >> > Manually I am able to execute my w3af commands successfully. When trying >> > to >> > execute same w3af commands using a ssh connection then it is appending a >> > ^J, >> > so whatever commands I am executing it is executing like "^Jplugins". >> > >> > >> > Example: >> > root@kali# w3af_console >> > w3af >>> ^J >> > >> > this is the first output after executing w3af_console using ssh >> > connection >> > handler, now when I execute "plugins" command the output looks like this >> > >> > >> > root@kali# w3af_console >> > w3af >>> ^Jplugins >> > >> > It is saying command not found. >> > >> > >> > Can you please help me out in this. Because using same ssh connection >> > handler I am able to run metasploit framework commands on msfconsole. >> > >> > >> > Thanks, >> > Ravi >> > >> > >> >> >> >> -- >> Andrés Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 > > > -- > > ___ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
[W3af-users] how many attack pluggin and pattern are there in w3af ?
hi i have a question how many attack plugin and pattern are there in w3af?? pleaseintroduce more about it tnx -- Check out my professional profile and connect with me on LinkedIn. http://lnkd.in/RqFEqH -- ___ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users