Hello: On Wed, Apr 29, 2009 at 08:20:47PM -0300, Andres Riancho wrote: > On Wed, Apr 29, 2009 at 7:55 PM, Robert Carr <carr.m.rob...@gmail.com> wrote: > > 1. Iterative scans of a website > > ??? Basically I like to get a saved discovery then run different scan types > > against a site. (using tools that allow it) Especially with those > > ??? touchy clients who have crappy sites. > > Ok, it seems that this is a common use case, because I've heard it > more than once.
I definitely agree on this one (and the others in this thread). Maybe something that would help a little in the interim would be to have an exportResults output plugin that corresponds with the importResults plugin that gets run after the discovery phase? Other than grepping through the text logs, is there any comparable functionality right now? I could potentially work on something like this if it would be useful. > > 2. Webserver or heaven forbid w3af fails during a scan.? Being able to save > > the discovery before scanning would be awesome. > > Yes, I also heard this and I would like to give you an answer... but... I > still don't have it. I think that we could work on something to get w3af > sessions working. > > > 3. Reporting. Since Burp is on the table, having the ability to re-open > > saved state and actually review the requests/responses is great. This can > > already be done with w3af with the text output, but it is convenient to > > have everything in a state file. (application settings, data) > > Ok, Another unrelated note I have on the reporting front -- Something that would be nice is to be able to have more control over filtering/combining report output. One thing that might help would be to put a unique plugin id in each vulnerability listed in the xml output file. That way I could filter out an entire plugin's output or more easily combine reports when needed. Speaking of this, is there any xslt or other way to transform the xml into a html or text report? > > 4. Pausing a scan. I hate doing this, but sometimes you have to, especially > > when you have very restrictive scan windows. With Burp, when you are > > finished you can pick up where you left off and you have only one state > > file, not 1 half finished and another full etc.. > > I failed to understand this one, Being able to pause a scan would definitely be nice (but I suspect it would also require w3af sessions). I have a site I'm working on now that only has a 3 hour window per day that I can work on it. HTH, Aaron ------------------------------------------------------------------------------ Register Now & Save for Velocity, the Web Performance & Operations Conference from O'Reilly Media. Velocity features a full day of expert-led, hands-on workshops and two days of sessions from industry leaders in dedicated Performance & Operations tracks. Use code vel09scf and Save an extra 15% before 5/3. http://p.sf.net/sfu/velocityconf _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
