An thought occurred to me after seeing a supposed screenshot of BackTrack 5 on a Xoom tablet: This sort of "Maltego-like" interface has the potential to be a much better touch-screen interface then the current one. If w3af had such an interface I could use it from my hammock in the back yard, so I'm thinking this sounds like a great idea ;-)
Steve Andres Riancho wrote: > List, > > Could you guys please give me your opinion on this new feature > that I'm thinking about? Thanks! > > """ > Today I described one of my w3af improvement ideas to Javier and after > really believing that it would be a good idea; I'm documenting it here > so we don't forget about it. > > The basic idea is to have two different ways to run w3af from the GUI: > > * Batch > * Interactive > > In batch mode (which is the mode we have now) you simply choose all > the plugins you want to run, set the target, hit play, wait for 5 > hours and see your results. > > The problem with batch mode is that most users are actually doing this: > > * Scan with plugins A, B, C enabled. Analyze results. Clear results. > * Start a new scan with plugins A, B, C, D, E enabled. Analyze > results. Clear results. > * Start a new scan with plugins A, B, C, D, E, X, Y, Z enabled. > Analyze results. > > Each time they clear the results, they have to start all over, which > takes time. For example, in run #2, they are running A, B, C for the > second time, and in run #3 they are running A, B, C for the third time > and D and E for the second time. > > The new interactive mode will look like Maltego. We'll basically ask > the user to create a new target; and then he'll be able to apply > plugins to that target. The workflow will look like this: > > * Create a new target in the GUI > * Drag and drop a plugin to the target, in this example we'll use > the webspider plugin. > * When the plugin results are available, the user can choose an > audit plugin and apply it to: > o The target object: which will inject in all links > o A directory object: which will inject in all links below > that directory > o A link object: which will inject only in that link > * When a grep plugin is dropped, all the request/responses in the > DB are analyzed. > > The view for this interactive mode would be fairly simple: > > * Left: the plugin treeview > * Right: A canvas where all the information is drawn > > The user can choose a group of plugins to run at the same time by > clicking "ctrl" over the plugin treeview. > """ > > All the previous information is available in our Trac [0]. > > [0] https://sourceforge.net/apps/trac/w3af/ticket/160719 > > Regards, -- | Steven Pinkham, Security Consultant | | http://www.mavensecurity.com | | GPG public key ID CD31CAFB | ------------------------------------------------------------------------------ Xperia(TM) PLAY It's a major breakthrough. An authentic gaming smartphone on the nation's most reliable network. And it wants your games. http://p.sf.net/sfu/verizon-sfdev _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
