Re: [W3af-users] W3af is not doing PT

2016-10-12 Thread Shreyas M R 
That I know. But I'm not able to resolve it.
I'm having OWASP broken web apps in my system, Everyone knows it has
security issues but I'm still not able to get any exploit in that.

Sometimes I get exploit sometimes I dont. Is there any way to resolve this
http timeout error.
I have tried giving max timeout(which is 30 second in w3af) still it didnt
yield nothing

Thanks
Shreyas



[image: --]

Shreyas M R
[image: http://]about.me/shreyasmrs



On Wed, Oct 12, 2016 at 7:36 PM, ad^2  wrote:

> Hey Shreyas,
>
> According to the output of "report-full audit.html" there was a connection
> issue. There were a number of 'HTTP timeout errors'.
>
> The sqli plugin got an error while requesting "http://demo.testfire.net/
> subscribe.aspx". Reason: "HTTP timeout error"
> rror"
>
>
> Thx,
>
> ad^2
>
> On Wed, Oct 12, 2016 at 2:34 AM, Shreyas M R 
> wrote:
>
>> Hi,
>>
>> Thanks for suggestions ad^2
>> Sorry for late reply
>>
>> 1) I have used w3af version: 1.6.54
>> 2) I used console to do the scan as gui hangs sometimes
>> 3) I used Full audit profile (other than this i didnt not use any plugins
>> or exploit)
>> 4) scan output I'm sharing as attachment
>>
>>
>> the steps I followed are
>> profiles Full audit
>> plugins output html_file, csv_file
>> target set target http://demo.testfire.net
>> start
>>
>> I have different output for same profile and same target.
>>
>> Please help me out in this
>>
>> Thanks
>> Shreyas
>>
>>
>>
>>
>>
>>
>> [image: --]
>>
>> Shreyas M R
>> [image: http://]about.me/shreyasmrs
>> 
>>
>>
>> On Wed, Oct 5, 2016 at 9:15 PM, ad^2  wrote:
>>
>>> Hello,
>>>
>>> First, it's always good to include the steps you used to reproduce the
>>> issue reported. Help us the community help you by providing more details
>>> and things you have tried.
>>>
>>> What version of w3af?
>>> GUI or Console?
>>> Your selection of plugins/profiles/exploits, etc.?  (you mentioned OWASP
>>> top 10).
>>> What is the output of the scan?
>>>
>>>
>>> Try this and let me know if you find something interesting.
>>>
>>> w3af -s testfire.w3af.script
>>>
>>> [testfire script file contents]
>>>
>>> profiles use audit_high_risk
>>> plugins output html_file
>>> plugins output config html_file
>>> set output_file /root/testfire.html
>>> back
>>> plugins audit blind_sqli sqli
>>> target set target http://demo.testfire.net
>>> start
>>>
>>>
>>>
>>>
>>> Thx,
>>>
>>> ad^2
>>>
>>>
>>>
>>>
>>> On Wed, Oct 5, 2016 at 1:59 AM, Shreyas M R 
>>> wrote:
>>>
 Hi,

 I'm using w3af owasp top10 profile on http://demo.testfire.net/ which
 has sqli and xss vulnerabilities. I'm not getting any vulnerabilities from
 w3af scan. please anyone help me out in this.




 [image: --]

 Shreyas M R
 [image: http://]about.me/shreyasmrs
 


 
 --
 Check out the vibrant tech community on one of the world's most
 engaging tech sites, SlashDot.org! http://sdm.link/slashdot
 ___
 W3af-users mailing list
 W3af-users@lists.sourceforge.net
 https://lists.sourceforge.net/lists/listinfo/w3af-users


>>>
>>
>
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Re: [W3af-users] W3af is not doing PT

2016-10-12 Thread ad^2 
Hey Shreyas,

According to the output of "report-full audit.html" there was a connection
issue. There were a number of 'HTTP timeout errors'.

The sqli plugin got an error while requesting "
http://demo.testfire.net/subscribe.aspx";. Reason: "HTTP timeout error"
rror"


Thx,

ad^2

On Wed, Oct 12, 2016 at 2:34 AM, Shreyas M R  wrote:

> Hi,
>
> Thanks for suggestions ad^2
> Sorry for late reply
>
> 1) I have used w3af version: 1.6.54
> 2) I used console to do the scan as gui hangs sometimes
> 3) I used Full audit profile (other than this i didnt not use any plugins
> or exploit)
> 4) scan output I'm sharing as attachment
>
>
> the steps I followed are
> profiles Full audit
> plugins output html_file, csv_file
> target set target http://demo.testfire.net
> start
>
> I have different output for same profile and same target.
>
> Please help me out in this
>
> Thanks
> Shreyas
>
>
>
>
>
>
> [image: --]
>
> Shreyas M R
> [image: http://]about.me/shreyasmrs
> 
>
>
> On Wed, Oct 5, 2016 at 9:15 PM, ad^2  wrote:
>
>> Hello,
>>
>> First, it's always good to include the steps you used to reproduce the
>> issue reported. Help us the community help you by providing more details
>> and things you have tried.
>>
>> What version of w3af?
>> GUI or Console?
>> Your selection of plugins/profiles/exploits, etc.?  (you mentioned OWASP
>> top 10).
>> What is the output of the scan?
>>
>>
>> Try this and let me know if you find something interesting.
>>
>> w3af -s testfire.w3af.script
>>
>> [testfire script file contents]
>>
>> profiles use audit_high_risk
>> plugins output html_file
>> plugins output config html_file
>> set output_file /root/testfire.html
>> back
>> plugins audit blind_sqli sqli
>> target set target http://demo.testfire.net
>> start
>>
>>
>>
>>
>> Thx,
>>
>> ad^2
>>
>>
>>
>>
>> On Wed, Oct 5, 2016 at 1:59 AM, Shreyas M R 
>> wrote:
>>
>>> Hi,
>>>
>>> I'm using w3af owasp top10 profile on http://demo.testfire.net/ which
>>> has sqli and xss vulnerabilities. I'm not getting any vulnerabilities from
>>> w3af scan. please anyone help me out in this.
>>>
>>>
>>>
>>>
>>> [image: --]
>>>
>>> Shreyas M R
>>> [image: http://]about.me/shreyasmrs
>>> 
>>>
>>>
>>> 
>>> --
>>> Check out the vibrant tech community on one of the world's most
>>> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
>>> ___
>>> W3af-users mailing list
>>> W3af-users@lists.sourceforge.net
>>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>>>
>>>
>>
>
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Re: [W3af-users] W3af is not doing PT

2016-10-05 Thread ad^2 
Hello,

First, it's always good to include the steps you used to reproduce the
issue reported. Help us the community help you by providing more details
and things you have tried.

What version of w3af?
GUI or Console?
Your selection of plugins/profiles/exploits, etc.?  (you mentioned OWASP
top 10).
What is the output of the scan?


Try this and let me know if you find something interesting.

w3af -s testfire.w3af.script

[testfire script file contents]

profiles use audit_high_risk
plugins output html_file
plugins output config html_file
set output_file /root/testfire.html
back
plugins audit blind_sqli sqli
target set target http://demo.testfire.net
start




Thx,

ad^2




On Wed, Oct 5, 2016 at 1:59 AM, Shreyas M R  wrote:

> Hi,
>
> I'm using w3af owasp top10 profile on http://demo.testfire.net/ which has
> sqli and xss vulnerabilities. I'm not getting any vulnerabilities from w3af
> scan. please anyone help me out in this.
>
>
>
>
> [image: --]
>
> Shreyas M R
> [image: http://]about.me/shreyasmrs
> 
>
>
> 
> --
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> ___
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
--
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot___
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users