Re: [W3af-users] performance issues post-scan

Another comment on that, the version that is embedded in the latest docker might not be the latest from w3af github repo (master branch). The latest from master might have multiple improvements. On Wed, Oct 30, 2019 at 2:30 AM Chris Herdt wrote: > > I believe my issue was due to low drive

Re: [W3af-users] New to w3af

James, Thanks for your email, comments and questions inline: On Wed, Sep 18, 2019 at 4:00 PM James Pifer wrote: > > I came across w3af and have it installed (for the most part). With the > help of docker I'm able to run the console, but I keep getting this when > I run the gui: > >

Re: [W3af-users] w3af as a service

; Rafael > > Em qui, 13 de jun de 2019 às 18:20, Andres Riancho < > andres.rian...@gmail.com> escreveu: > >> Rafael, >> >> Thanks for your interest in w3af and using it to build a SaaS. >> Answers and comments inline: >> >> On Thu, Jun

Re: [W3af-users] w3af as a service

Rafael, Thanks for your interest in w3af and using it to build a SaaS. Answers and comments inline: On Thu, Jun 13, 2019 at 4:07 PM Rafael Barbosa da Silva wrote: > > Hello everyone, how are you? > > I would like to biuld a service that runs w3af and persists results in a > database. The

[W3af-users] JavaScript Crawling: Beta testers wanted!

List, Its been a long time, and the list is very inactive, but if you've been paying attention to the GitHub commit logs [0] you'll notice that the project is very much alive and improving every day! At this point I'm looking for beta-testers for the initial implementation of our

Re: [W3af-users] REST API authenticated scan help

Snehil, Answers and comments inline, On Fri, Sep 14, 2018 at 10:03 AM wrote: > > Hello, > > Recently, I started exploring REST API > of w3af and stumbled upon few things which I couldn't understand and > thought of seeking your advice. > > From the documentation it's understood that in order

Re: [W3af-users] Install issues

Oh, that is a bug. Sorry! Fixed it here: https://github.com/andresriancho/w3af/commit/3012a3f94fa8dfa9136a0292491c90766dae132e Also I merged develop into master, so everyone will get this fix. Thanks, On Tue, Aug 21, 2018 at 10:45 AM Rafael Barbosa da Silva wrote: > > Hi, > > I'm trying

[W3af-users] Holm Security is sponsoring w3af!

List, Prepare yourself for great news: Holm Security , an information security solutions provider based in Sweden, is sponsoring the w3af project! The interesting news and what is coming can be found at http://w3af.org/blog , but just in case you were wondering… here are some FAQs: #0

Re: [W3af-users] Can't find files that contain the vulnerabilities' description for report generation

or > your work with W3af, it's fantastic! > > Regards, > > Amanda > > > Em 03-05-2018 13:07, Andres Riancho escreveu: >> Amanda, >> >> Sorry for the very late response, but I was unable to get to this sooner. >> >> The vulndb now supports tr

Re: [W3af-users] Can't find files that contain the vulnerabilities' description for report generation

amazing software! > > Amanda > > > Em 16/03/2018 10:44, Andres Riancho escreveu: >> Amanda, >> >> Thanks for your email and sorry for the late response. >> >> The vulnerability database data is in this repository [0] and >> there have bee

Re: [W3af-users] Authenticated spider issues and questions

Kukulkan, The authentication plugins do not send the login / check URLs to the core. So any URL you put in the configuration, or is a result of requesting those URLs will not make it to other plugins / the crawler. That was the original design and is working as expected. Might not be

Re: [W3af-users] Authenticated spider issues and questions

Kukulkan, Answers inline, On Wed, Apr 25, 2018 at 4:33 AM, Volker Schmid wrote: > Hi, > > I'm new to w3af and start to get deeper into authentication. I use only two > PlugIns: crawl->web_spider and auth->detailed. The current site is using a > form in

Re: [W3af-users] Can't find files that contain the vulnerabilities' description for report generation

Amanda, Thanks for your email and sorry for the late response. The vulnerability database data is in this repository [0] and there have been some efforts to translate it to other languages [1][2] but sadly I've been unable to deliver the fix for [2] which is a blocker for translations.

Re: [W3af-users] can I scan when I crawl the site?

Sorry but I failed to understand the question. Could you please rephrase it? El 5 sept. 2017 12:22 a. m., "MengYuan Yang" escribió: > > from the document, i know w3af will request a set of urls, then it scan > they all. > > can I feed w3af some urls, then i continue crawl and

Re: [W3af-users] does w3af handle javascript

Donald, Sadly there is no javascript engine in w3af. There are plans [0] for implementing a javascript crawler, but I haven't worked on that idea in a while and have no plans on doing it either. [0] https://github.com/andresriancho/w3af/milestone/9 On Mon, May 15, 2017 at 3:47 PM, Don

Re: [W3af-users] most recent tutorials

Ali, I believe docs.w3af.org is the best source for w3af information and how to perform different tasks On Sat, Nov 5, 2016 at 1:38 PM, Ali Khalfan wrote: > Hi Andres, > > > Where can I find the most recent tutorials related to w3af? I haven't > been using it for a

Re: [W3af-users] CVE/CVSS-W3af compatibility

Waqas, Some vulnerabilities, such as SQL injection should display vulndb data [0] in the UI and some output reports. vulndb references owasp top10, and cwe. The complete list of vulnerabilities which include this description is here [1]. This is only available in the latest w3af versions.

Re: [W3af-users] how to update pluggin

Mohsen, I've been linking to this document too often these last weeks: "How To Ask Questions The Smart Way" [0]. Sorry but based on your "question" I can only guess what your problem is. Please explain it a little bit more, follow guidelines from [0] and most likely someone will answer. [0]

Re: [W3af-users] how many attack pluggin and pattern are there in w3af ?

Please take a moment to read this document [0] and try again :) [0] http://www.catb.org/esr/faqs/smart-questions.html On Fri, Sep 23, 2016 at 5:31 AM, mohsen Abbaspour wrote: > hi > i have a question > how many attack plugin and pattern are there in w3af?? >

Re: [W3af-users] Regarding scan of w3af

the same result > > On 20 September 2016 at 23:52, Andres Riancho <andres.rian...@gmail.com> > wrote: > >> Suhas, >> >> Well... most likely the two scans had different plugins enabled. >> But if not... is there any way I can reproduce this potential is

Re: [W3af-users] facing issue while executing commands inside w3af console when connected through ssh connection handler

the same way it works.. But while using pexpect python module > I'm facing issue.. > > Let's think it's a pexpect issue, but the same module works for Metasploit, > nessus, etc.. > > On Sep 23, 2016 11:45 PM, "Andres Riancho" <andres.rian...@gmail.com> wrote: &

Re: [W3af-users] facing issue while executing commands inside w3af console when connected through ssh connection handler

Works on my PC (tm) [pablo:/home/pablo] 35m40s $ ssh pablo@127.0.0.1 The authenticity of host '127.0.0.1 (127.0.0.1)' can't be established. ECDSA key fingerprint is a0:6d:ef:23:e0:e0:0a:3a:63:67:cd:1d:4f:79:4d:4e. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently

Re: [W3af-users] Regarding scan of w3af

Suhas, Well... most likely the two scans had different plugins enabled. But if not... is there any way I can reproduce this potential issue? On Tue, Sep 20, 2016 at 11:44 AM, Suhas Lalige wrote: > Hi all > I'm new to w3af. I tried running the scan by enabling crawl

Re: [W3af-users] w3af on owasp

Shreyas, I believe that your question is way too open. To answer it someone would have to spend considerable time setting up the environment, running w3af, etc. If you've got the time, please read [0]: "In the world of hackers, the kind of answers you get to your technical questions

Re: [W3af-users] HTTP redirect

I believe the answer is in the authentication part of docs [0], most likely in [1]. Regarding 2FA, the way I would do it is to authenticate using a browser, then get the cookie and set it in w3af as explained in [1] [0] http://docs.w3af.org/en/latest/authentication.html [1]

Re: [W3af-users] W3AF scan behaviour (now in users list)

Tiago, On Sat, Jul 23, 2016 at 12:32 PM, Tiago Vieira wrote: > Hello, > > My name is Tiago, I'm doing a master thesis in web security and I'm using > w3af to perform some tests. > > My question is related with the scan, when we select a URL to attack, does > the

Re: [W3af-users] How to do w3af_gui settings of spider_man

I believe you can't fix this issue by changing any settings. If possible follow these [0] steps to report a bug. [0] http://docs.w3af.org/en/latest/report-a-bug.html On Mon, Jun 13, 2016 at 1:02 AM, Kazuo Fukukawa wrote: > To Whom It May Concern: > > Thank you

Re: [W3af-users] incredibly slow crawling and auditing

On Fri, Jan 8, 2016 at 6:40 AM, Vojtěch Polášek wrote: > Greetings, > I am testing a web application with lots of Javascript with W3AF. I use > spider_man to gather starting information and I use almost all audit > plugins but no other crawling plugins. > I browsed just through

Re: [W3af-users] Launch scan after form submit

I believe you'll have to use something like Celery or Python RQ [0] to queue the job and run it in workers. The worker will receive the URL as parameter and run (almost) the same steps as start() in console UI. [0] http://python-rq.org/ On Sun, Dec 13, 2015 at 1:15 PM, Luigino

Re: [W3af-users] using spider_man with W3AF and Docker

Vojta, Please read answers inline: On Wed, Dec 9, 2015 at 12:46 PM, Vojtěch Polášek wrote: > Greetings, > I need to use spider_man plugin for my testing. I am running W3AF within > Docker on Windows server 2012. Awesome! > I run something like > docker run -p

Re: [W3af-users] run profile without target

Vojtěch, Questions are welcome :) I assume you wanted to say JavaScript instead of Java, if JS is heavily used, then yes the web_spider is "almost useless". Well, the scan of the target URL can't be prevented, but if you set the URL to http://target.com/ and disable web_spider, then

Re: [W3af-users] W3AF Docker and Windows

> shows only sshd running Ok > When I try to run command posted in the previous mail, still receiving > password prompt and w3af as a password does not work. > Any ideas? Yes, I already asked: Are you sure your SSH client expects the private key to be set using -i ? > Thank y

Re: [W3af-users] w3af plugin timeout

Moises, On Mon, Oct 26, 2015 at 7:46 AM, Moises Solorzano wrote: > Hello > > I have a question about the timeout of any individual plugin or in general > on the command line. > > I can see that there is a timeout for the crawling (misc settings max > discovery time), but i

Re: [W3af-users] running W3AF on Windows

I haven't run any recent (~5 years) version of w3af in windows. Some dependencies (the ones you mention and others) are linux/mac only. I recommend you try boot to docker and the w3af docker image. On Wed, Oct 21, 2015 at 12:57 PM, Vojtěch Polášek wrote: > Greetings, > I am

Re: [W3af-users] Several w3af questions and issues

n: w3af - Web Application Attack and Audit Framework Version: 1.7.6 Revision: d7cb405316 - 09 oct 2015 21:26 Branch: master Local changes: No Author: Andres Riancho and the w3af team. What's yours? > Point 3) I really wish I can contribute, but I am not a programmer :P If I &g

Re: [W3af-users] Several w3af questions and issues

Ziadmo, On Thu, Sep 24, 2015 at 3:01 PM, ziadmo1 . wrote: > Point 1) > Not sure if its a bug or not.. When I create a custom profile (based on > OWASP top 10 for example), the changes don't take effect on the newly saved > custom profile. For example, if I disable

[W3af-users] New feature: Self contained profiles

List, I've been working on a new feature during the last hours: Self contained profiles. The basic idea is that you're now able to save the profile (with all the referenced files) in one file. This is useful for sharing your complex configurations with others as well as running scans using

[W3af-users] Twitter: @w3af

List, Just noticed that less than half the features I work on get announced on the mailing list, but I tweet about almost all of them. If you want to get the whole w3af news feed please follow me on twitter! @w3af https://twitter.com/w3af Regards, -- Andrés Riancho Project Leader

[W3af-users] w3af - Opportunity to contribute

Here are two easy tickets you can solve, it's your opportunity to contribute with w3af! https://github.com/andresriancho/w3af/issues/10980 https://github.com/andresriancho/w3af/issues/9011 -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit

[W3af-users] w3af REST API: Done!

List, Yesterday I completed the development of the REST API for w3af :) The documentation can be found here [0] and the code is ready to use in the develop branch: git clone https://github.com/andresriancho/w3af.git cd w3af git checkout develop Before merging it to the

Re: [W3af-users] Didn't get it right letting W3AF ignore some URLs by confuring ignore_regex

Christian, On Mon, Jun 1, 2015 at 6:33 AM, spass-bill...@gmx.de wrote: Hello, I didn't get it right to ignore some URLs during evaluation of a target webapp. Let's say the target URL should be http://test.host/foo/bar/index.html On this entry site there are two links (among others)

[W3af-users] Impressive memory usage improvements

List, Just wanted to let you guys know that after a long fight with lxml I've been able to improve w3af's memory usage in an almost incredible way. As seen here [0] Performance profiling of new develop branch (ab428c5): * PSUtils measurement 25 (after 45 minutes of scan): 118.9 MB RSS *

Re: [W3af-users] W3af - CMS scanning

On Thu, May 14, 2015 at 11:28 AM, Shafeeque O.K [gmail] shafoff...@gmail.com wrote: Hello, Is it possible for w3af to find web application vulnerabilities of CMS like Joomla, Word Press? Yes If so what are the plugin need to enabled. All audit plugins Alos let me know Is there a way

[W3af-users] 1.6.45 released!

List, Just released 1.6.45 [0] which includes a ton of improvements: * HTTP response parsers are now run in a different process * Added support for SSL's SNI using OpenSSL * Added support for scanning servers with specific SSL protocols disabled (poodle) * Added new platforms to the

Re: [W3af-users] Blocked scan error database

Miguel, Please read inline, On Thu, Feb 19, 2015 at 5:49 AM, Miguel Ángel Martínez Martínez miguelang031...@hotmail.com wrote: Hallo!, I am a beginner user regarding W3af. I am scanning several external web pages with the following configuration: profile: full_audit / OWASP_TOP10

Re: [W3af-users] W3af - Not working in Kali 1.1.0

Shafeeque, On Tue, Feb 17, 2015 at 5:55 AM, Shafeeque O.K [gmail] shafoff...@gmail.com wrote: Hi Require an immediate support. Hahaha, this is not a product for which you get a support 1-800 number, anyways, some comments below. Unable to install w3af in kali - 1.1.0 Error: Your python

Re: [W3af-users] unexpected keyword

Hussam, Which w3af version are you using? Could you please run these commands and send us the output? ./w3af_console --version git rev-parse HEAD On Sun, Feb 8, 2015 at 9:17 AM, Hussam Alamza eng.hussam...@gmail.com wrote: Hello people, after the succession in fulfilling all w3af desires

[W3af-users] Pre-merge action: Ask users to test develop branch

List, I'm near a rather big merge from the develop branch into master, that means that in a while most of you will get a message asking if you want to update your w3af installs or not. This is great!, but before doing it I want a few of you to test the develop branch and report any

Re: [W3af-users] w3af and multiprocessing

Sergey, On Mon, Jan 19, 2015 at 8:12 AM, Sergey w...@kovalev.com.ru wrote: Hi, everyone. I'm trying to execute w3af scans of multiple domains in parallel with multiprocessing package http://pastebin.com/ha2K4NCP This script fails with AssertionError: No calls to SQLiteDBMS can be made

[W3af-users] stopit and long running scans

List, In some specific cases w3af hangs and the scan never finishes, one of those cases was reported here [0] and today I was able to (hopefully) fix it. It seems that the issue was the PDF parser we are using, which has an endless loop. We could try to fix the third party library, but

Re: [W3af-users] W3af in the Background

Aman, On Wed, Oct 29, 2014 at 4:10 PM, Aman Thakur aman.thakur.1...@gmail.com wrote: Hi Guys, Good Day!! I am trying to automate the w3af scanning process in my LAN. But i am having hard time with it. What i have done till now is that. I have made a small http server in python. In which,

[W3af-users] SSL3 handshake used when TLS1 protocol specified?

List, I'm trying to fix w3af [0] in order to be able to scan sites which have disabled SSLv3 because of the POODLE vulnerability, and I'm seeing some strange behaviour in the logs. The problem is that even when I tell python to use TLS (version 3 in ssl.py) it seems to use SSLv3 (don't

[W3af-users] Shell shock exploit

List, Just finished my shell shock exploit [0], feel free to improve it and send me pull requests. [0] https://gist.github.com/andresriancho/1a259f01312c0c5ddd1e Regards, -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af

[W3af-users] Shell shock plugin for w3af: Done!

List, Take a look at the w3af plugin I've just finished coding [0], it detects shell shock vulnerabilities by using time delays. Pull requests with improvements are welcome :) [0] https://gist.github.com/andresriancho/4ef11d75c1f517c24f94 Regards, -- Andrés Riancho Project Leader at w3af -

Re: [W3af-users] Shell shock plugin for w3af: Done!

-packages/phply-0.9.1.egg-info/top_level.txt On 09/25/2014 03:22 PM, Andres Riancho wrote: List, Take a look at the w3af plugin I've just finished coding [0], it detects shell shock vulnerabilities by using time delays. Pull requests with improvements are welcome :) [0] https

Re: [W3af-users] Shell shock plugin for w3af: Done!

on a url and once it says it was vulnerable and the other says it wasn't On ٢٥ سبتمبر، ٢٠١٤ ٧:١٨:٣٦ م GMT+03:00, Andres Riancho andres.rian...@gmail.com wrote: Check the github repository issues, mailing list, etc. This issue (for mac?) has workarounds documented somewhere On Thu, Sep 25

Re: [W3af-users] authentication not being performed

Don't have the time to reproduce now, but I believe that you might be hitting this bug: https://github.com/andresriancho/w3af/issues/4391 Could you talk with foobarmonk to try to solve this? On Tue, Sep 23, 2014 at 7:42 AM, Ali Khalfan ali.khal...@gmail.com wrote: Hi Andres, I've tried

Re: [W3af-users] Force web_spider to crawl a directory only

Thanks for asking, I've added a new section to the docs to address this: http://docs.w3af.org/en/develop/common-use-cases.html Please let me know if the docs are clear. On Sun, Sep 7, 2014 at 4:44 AM, Ali Khalfan ali.khal...@gmail.com wrote: Is there a way I can force the Web_spider plug-in

Re: [W3af-users] Changes!

There's no Kali package for these latest changes yet, but it should work well if you install from source [0] [0] http://docs.w3af.org/en/latest/install.html#id1 On Fri, Sep 5, 2014 at 9:36 AM, Ali Khalfan ali.khal...@gmail.com wrote: kali? On 09/05/2014 03:14 PM, Andres Riancho wrote: List

Re: [W3af-users] Changes!

, Sep 5, 2014 at 8:43 AM, Andres Riancho andres.rian...@gmail.com wrote: There's no Kali package for these latest changes yet, but it should work well if you install from source [0] [0] http://docs.w3af.org/en/latest/install.html#id1 On Fri, Sep 5, 2014 at 9:36 AM, Ali Khalfan ali.khal

[W3af-users] An uncaught exception was raised _setFrameworkScaleFactor

List, Anyone else seeing this [0] An uncaught exception was raised _setFrameworkScaleFactor error in Mac OS? Please comment on the github issue [0] https://github.com/andresriancho/w3af/issues/3953 Regards, -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack

Re: [W3af-users] I saw on the project page thoughts about moving to docker for deployment

Andrew, Please read inline, On Mon, Aug 18, 2014 at 9:41 PM, Andrew King aking1012@gmail.com wrote: Is everyone set on docker or is pure LXC okay too? Docker seems neat, but it's changing pretty rapidly. LXC has been around for a while now, and it seems a little more stable for the

Re: [W3af-users] I saw on the project page thoughts about moving to docker for deployment

PS: The TODO for the docker image can be found here [0] [0] https://registry.hub.docker.com/u/andresriancho/w3af/ On Tue, Aug 19, 2014 at 8:51 AM, Andres Riancho andres.rian...@gmail.com wrote: Andrew, Please read inline, On Mon, Aug 18, 2014 at 9:41 PM, Andrew King aking1012

Re: [W3af-users] Session ID cookie

Daniel, Just guessing, but I believe that the problem is here: set data_format username=adminpassword=passwordcsrfmiddlewaretoken=blahblahblah Specifically in the csrfmiddlewaretoken value will change each time w3af is run against your site; BUT will be kept static in the

Re: [W3af-users] w3af not Starting

What happens if you just run sudo pip install phply==0.9.1 ? On Tue, Jul 15, 2014 at 5:19 AM, Aman Thakur aman.thakur.1...@gmail.com wrote: Hello Everyone, I have updated my w3af directory contents using the git pull command. But the w3af is not working after the update. I am getting these

Re: [W3af-users] w3af not Starting

installed phply Cleaning up... But still the w3af_console doesn't starts up and gives the same error. Thanks Regards Aman Thakur On Tue, Jul 15, 2014 at 5:25 PM, Andres Riancho andres.rian...@gmail.com wrote: What happens if you just run sudo pip install phply==0.9.1 ? On Tue, Jul 15

[W3af-users] w3af in Debian

List, We're looking for a new maintainer for Debian's w3af package [0]. If you're interested let me know :) [0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754472 Regards, -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter:

Re: [W3af-users] w3af not Starting

for phply Skipping installation of /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace package) Installing /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth Successfully installed phply Cleaning up... On Tue, Jul 15, 2014 at 5:35 PM, Andres Riancho

Re: [W3af-users] w3af API

Guillermo, On Mon, Jul 14, 2014 at 9:34 AM, Guillermo D.A.G gen...@gmail.com wrote: Dear Andres, First of all, congratulations for w3af, you are doing a great job. Now, im working on the testing of several tools for private use, with an a commercial approach, with acunetix, appscan, etc.

Re: [W3af-users] pass in target

Geoff, I remember answering this question before, and a small thread about this (not sure if it was in the mailing list). The best solution for me is to use some kind of templating system to generate the scripts. Example: // template.w3af file # plugin configuration target set target

Re: [W3af-users] Why report pragma/cache header errors for 404 or 302 responses?

: return Short answer: fork and then send a pull request. Long answer: https://github.com/andresriancho/w3af/wiki/Contributing-101 On Tue, Jul 8, 2014 at 6:10 AM, Andres Riancho andres.rian...@gmail.com wrote: Ben, Please read inline, On Mon, Jul 7, 2014 at 7:15 PM, Ben Kirk davidbenk

Re: [W3af-users] W3af in metasploit

Its impossible to answer your questions, first read: http://www.catb.org/esr/faqs/smart-questions.html And then ask your question using it. On Sun, Jul 6, 2014 at 3:50 PM, risataim cusan risatai...@gmail.com wrote: create plugin to w3af ?? El jul 5, 2014 2:01 PM, Andres Riancho andres.rian

Re: [W3af-users] W3af in metasploit

Please ask specific questions, and decide which one you want to ask :) 2014-07-05 14:16 GMT-03:00 risataim cusan risatai...@gmail.com: As use w3af + metasploit ?? Como uso w3af y metasploit Como puedo crear un plugin para w3af ?? -- Andrés Riancho Project Leader at w3af -

Re: [W3af-users] Script for automated testing

Are you running ./w3af_console -s script.w3af ? On Tue, Jun 24, 2014 at 11:03 AM, Shafeeque O.K [gmail] shafoff...@gmail.com wrote: Hi I am using the script which is taken from : https://www.owasp.org/index.php/Automated_Audit_using_W3AF done some editing removed the authentiucation details

Re: [W3af-users] Script for automated testing

PM, Andres Riancho andres.rian...@gmail.com wrote: Are you running ./w3af_console -s script.w3af ? On Tue, Jun 24, 2014 at 11:03 AM, Shafeeque O.K [gmail] shafoff...@gmail.com wrote: Hi I am using the script which is taken from : https://www.owasp.org/index.php

Re: [W3af-users] Scan mobile devices with w3af

Well, w3af scans web applications, so if your phone exposes a web server you'll be able to scan it. That's REALLY uncommon. On the other hand, some web apps are designed for being accessed from mobile devices. Those are good targets for w3af On Tue, Jun 24, 2014 at 12:10 PM, Aman Thakur

Re: [W3af-users] Throttling requests

Simon, Yep, the answer is still the same. Usually people just want it to go faster, not slower :) Pull-requests for adding this feature are welcome. On Mon, Jun 9, 2014 at 9:04 AM, bm-2ctc7ndxaq76tymu5rb1nbg3nqcnjyq...@bitmessage.ch wrote: Hi, I was searching the web on how to

Re: [W3af-users] blacklist URL from being scanned by anything

Dne 20.5.2014 21:42, Andres Riancho napsal(a): Vojtech, Please read inline, On Tue, May 20, 2014 at 4:41 AM, Vojtěch Polášek krec...@gmail.com wrote: Hi, I am scanning a web application which is quite dynamic. I have to use spider_man to walk through it. There is one problem - whenever

Re: [W3af-users] [Gentoo] Help with packages w3af depend on

I believe you might be hitting this [0] bug. The solution might be to disable the dependency_check (until #2703 is fixed). [0] https://github.com/andresriancho/w3af/issues/2703 On Thu, May 8, 2014 at 12:11 PM, Raphael de Albuquerque Lima rapd...@gmail.com wrote: Hi all, I've got w3af to work

Re: [W3af-users] w3af XML

Tom, On Tue, May 27, 2014 at 11:38 AM, Tom Stage voro...@voronwe.dk wrote: Hi All I am working on the OWASP DEF Project, and i was wondering if it would be possible to get my hands on some test data xml, and i would like to include this data in the project for documentation purpose. I have

Re: [W3af-users] phply dependency failure on latest on ubuntu

Well, that's strange! Why don't you give the develop branch a try? On Wed, May 28, 2014 at 2:05 PM, Ben Kirk davidbenk...@gmail.com wrote: hi, I downloaded latest w3af from git, ran all the dep checks, but when I run w3af_console it still complains about: Your python installation needs the

Re: [W3af-users] phply dependency failure on latest on ubuntu

You might be hitting this bug https://github.com/andresriancho/w3af/issues/2766 On Wed, May 28, 2014 at 2:50 PM, Andres Riancho andres.rian...@gmail.com wrote: Well, that's strange! Why don't you give the develop branch a try? On Wed, May 28, 2014 at 2:05 PM, Ben Kirk davidbenk...@gmail.com

Re: [W3af-users] web_spider not crawling proprely

/html Original Message Subject: Re: [W3af-users] web_spider not crawling proprely From: Andres Riancho andres.rian...@gmail.com To: Ali Khalfan ali.khal...@gmail.com CC: w3af-users@lists.sourceforge.net w3af-users@lists.sourceforge.net Date: Tue May 20 2014 22:44:22

Re: [W3af-users] IP Blockage Problem

Nope, no way to solve this other than disabling the IP blocking software that runs on the server. On Fri, May 23, 2014 at 11:50 AM, Aman Thakur aman.thakur.1...@gmail.com wrote: Hello Geeks, Good Day!! I have been using w3af for a while now. I have noticed that when we do the scan against

Re: [W3af-users] blacklist URL from being scanned by anything

Vojtech, Please read inline, On Tue, May 20, 2014 at 4:41 AM, Vojtěch Polášek krec...@gmail.com wrote: Hi, I am scanning a web application which is quite dynamic. I have to use spider_man to walk through it. There is one problem - whenever anyone tries to access its root URL

Re: [W3af-users] web_spider not crawling proprely

Maybe the site is rather complex (a lot of JavaScript), and can't be understood by w3af's HTML parser? If so, try this out: http://docs.w3af.org/en/latest/complex-web-apps.html On Tue, May 20, 2014 at 1:50 AM, Ali Khalfan ali.khal...@gmail.com wrote: hi andres, i noticed when scanning a few

Re: [W3af-users] Scan Contents of PDF?

Short answer: No [0] Long answers: * No, SSN detection only works for html see this call is_text_or_html(). * No but... w3af is open source and you can modify the plugin to make it work like you want. It seems to make sense to add this feature, so if you like I can guide you. [0]

[W3af-users] w3af installation on Mac OSX

Vinny, Thanks for your tweet, and blog post. What do you think about adding your steps to our online docs [0][1]? I believe that the best is for you to send me a pull-request with changes for the install.rst file which contain the instructions from your blog, but in RST format. You may

Re: [W3af-users] links for tutorials

You could use spiderman+selenium On Tue, May 13, 2014 at 1:01 AM, Ali Khalfan ali.khal...@gmail.com wrote: one last thing I forgot to ask...would there be a possibility to use selenium scripts on w3af? pretty far-fetched, but just wondering... On Mon, May 12, 2014 at 2:35 PM, Ali Khalfan

Re: [W3af-users] links for tutorials

If [0] is not enough, please let me know why and I'll try to improve it. If you want, send me the improvements yourself. [0] http://w3af.org/howtos/authenticated-scans On Mon, May 12, 2014 at 6:35 AM, Ali Khalfan ali.khal...@gmail.com wrote: I'm looking for tutorials to cover w3af.

Re: [W3af-users] Kaspersky alert - Heur:trojan

Which AV complained? The one on the host running w3af or the one on the server? Is it complaining about some file on the target host? El 10/05/2014 11:57, José Antonio jacfrei...@gmail.com escribió: Hi guys, I'm trying to use w3af from a virtual box kali instalation, when kaspersky found

Re: [W3af-users] Fwd: How to setup Spiderman to use SSL

://jmeter.apache.org/usermanual/component_reference.html#HTTP%28S%29_Test_Script_Recorder Well, for now I believe that it is a good idea to just generate one CA, one certificate and simply use that for all w3af traffic. On Wed, Apr 30, 2014 at 12:51 PM, Andres Riancho andres.rian...@gmail.com wrote

[W3af-users] [slightly-off-topic] Me at Bogota - Colombia

List, I'll be a speaker at OWASP LATAM Tour @ Bogota [0], I'll arrive on Tuesday and leave on Friday morning. If you want to meet for beers and talk appsec, let me know! [0] https://www.owasp.org/index.php/LatamTour2014#tab=COLOMBIA Regards, -- Andrés Riancho Project Leader at w3af -

Re: [W3af-users] Fix for Exception in w3af

of the w3af script i am using.Then I am running the command $ w3af_console -s scriptname On Mon, Apr 28, 2014 at 6:51 PM, Andres Riancho andres.rian...@gmail.com wrote: Please send me the details on how you're launching the scan, your operating system, etc. Please follow the bug reporting best

Re: [W3af-users] How to setup Spiderman to use SSL

Aaron, Well, that's actually a very good question! I haven't used the spiderman proxy for years, and when I tried now (after reading your email) I realized that there is no CA being distributed with w3af. The certificate the w3af is using is at [0], but that's kind of useless to solve your

Re: [W3af-users] w3af_console breaks after import ConsoleUI

, Andres Riancho andres.rian...@gmail.com wrote: Well, if it hangs in that line then you should be able to do something like this: try: filename = unicode_filename.encode(utf-8) except Exception, e: print(e) On Mon, Apr 14, 2014 at 8:50 AM, assm...@skygate.de wrote: sorry, as I don

Re: [W3af-users] w3af_console breaks after import ConsoleUI

Did you add some prints to the setup handler method? https://github.com/andresriancho/w3af/blob/master/w3af/core/data/db/dbms.py#L263 What do you see? On Fri, Apr 11, 2014 at 10:26 AM, assm...@skygate.de wrote: Hi Andres, I could track it down to the following call:

Re: [W3af-users] Kali packaging for w3af - Automated and unittested

Integration (CI) for Kali Linux however CI should be possible with Tox and Jenkins. You have also raised Tox in the past within https://github.com/andresriancho/w3af/issues/1048 On Fri, Apr 4, 2014 at 1:33 AM, Andres Riancho andres.rian...@gmail.com wrote: How do you believe we can improve

Re: [W3af-users] Kali packaging for w3af - Automated and unittested

Regards, On Wed, Apr 2, 2014 at 12:30 AM, Christian Heinrich christian.heinr...@cmlh.id.au wrote: Andres, I can assist and have maintained a package for Kali Linux since December 2012. On Wed, Apr 2, 2014 at 2:47 AM, Andres Riancho andres.rian...@gmail.com wrote: List, Anyone

[W3af-users] Kali packaging for w3af - Automated and unittested

List, Anyone with experience packaging software for Debian/Ubuntu who wants to help out? I would like to create a set of scripts which are run each time I push to the repository, that will create the .deb file, install it in a chroot and test that it works by running a scan. Volunteers?

  1   2   3   4   5   6   >