> You're welcome. As we talk about OpenVAS, maybe it's good time and > place to ask about it. My plan is to write OpenVAS NVT (NASL) script > which would run w3af automatically if http(s) port(s) is found > (similar to nikto NASL plugin). I think this mailing list is best > place (and you Andres) to ask what is the best command line for w3af > for automatic vulnerability discovery? i.e. so NASL can launch w3af > and parse the results and report it through standard OpenVAS > reporting mechanism. Any help would be appreciated. > Great Idea!
Here's the experimental NVT on OpenVAS SVN trunk: http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-plugins/scripts/remote-web-w3af.nasl?root=openvas&view=log Also, it seems that output console cannot be used as w3af (using termios) is spitting lot of errors when using NASL pread: [ Sun Oct 18 22:39:43 2009 - console ] termios error: (25, 'Inappropriate ioctl for device') [ Sun Oct 18 22:39:43 2009 - console ] [ Sun Oct 18 22:39:43 2009 - console ] termios error: (25, 'Inappropriate ioctl for device') So, I'm using textFile... Let me know if you have any comments! Kost ------------------------------------------------------------------------------ Come build with us! The BlackBerry(R) Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9 - 12, 2009. Register now! http://p.sf.net/sfu/devconference _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
