Just a small update on the w3af API, the priority for it is rather low as you can see in the milestone list [0]. While I'm very interested in this subject, I believe that the other milestones should be completed before.
This doesn't mean that the API requires code from the previous milestones, so if anyone wants to start working on it, I'll be happy to assist and help with the writing of some pieces of code. I wrote some ideas around having a minimal API in the w3af wiki [1]. The document is still very trivial, but will be a good starting point for the next things to do. [0] https://github.com/andresriancho/w3af/issues/milestones?with_issues=yes [1] https://github.com/andresriancho/w3af/wiki/REST-API-v1.0 On Thu, Mar 20, 2014 at 12:21 PM, Delaporte, Edward Charles V <delap...@illinois.edu> wrote: > I'm switching out of lurk mode briefly to say that I'm delighted by the plan > to add a REST API, and would be happy to assist. > > This is something my team may well make use of in the future. We do most of > our scanning with IBM Rational AppScan at the moment, but I've been > considering w3af as a supplement for awhile. > Being able to automate w3af through a REST API would go a long way toward > being able to scan a lot more often (our AppScan license is currently booked > pretty solidly doing final acceptance scans). > > Once the w3af scan REST API is in prototype stage, I should be able to find > some things around here to test it against, and since the technology stack > matches ours, I may also be able to submit patches for simple issues. > > - Edward > > Edward Delaporte > > Lead Software Developer, CITES Software Development Group > University of Illinois at Urbana Champaign > > Email: delap...@illinois.edu > Lync/Cell Phone: 217-244-6420 > > > ________________________________________ > From: w3af-develop-requ...@lists.sourceforge.net > [w3af-develop-requ...@lists.sourceforge.net] > Sent: Thursday, March 20, 2014 10:09 AM > To: w3af-develop@lists.sourceforge.net > Subject: W3af-develop Digest, Vol 74, Issue 3 > > Send W3af-develop mailing list submissions to > w3af-develop@lists.sourceforge.net > > To subscribe or unsubscribe via the World Wide Web, visit > https://lists.sourceforge.net/lists/listinfo/w3af-develop > or, via email, send a message with subject or body 'help' to > w3af-develop-requ...@lists.sourceforge.net > > You can reach the person managing the list at > w3af-develop-ow...@lists.sourceforge.net > > When replying, please edit your Subject line so it is more specific > than "Re: Contents of W3af-develop digest..." > > > Today's Topics: > > 1. Bug fixing sprint (Andres Riancho) > 2. REST API for w3af (Andres Riancho) > 3. Re: REST API for w3af (Bipin Upadhyay) > 4. Re: REST API for w3af (Andres Riancho) > 5. Re: REST API for w3af (Bipin Upadhyay) > > > ---------------------------------------------------------------------- > > Message: 1 > Date: Wed, 19 Mar 2014 15:48:17 -0300 > From: Andres Riancho <andres.rian...@gmail.com> > Subject: [W3af-develop] Bug fixing sprint > To: "w3af-develop@lists.sourceforge.net" > <W3af-develop@lists.sourceforge.net> > Message-ID: > <CA+1Rt65oi_H3G2nR9hgJGr=tom_yfgd4lxc6ocdrvo63qwi...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > List, > > I've been fixing a lot of the bugs I prioritized last week, these > are the bugs blocking the next release: > > * nosetests w3af/plugins/tests/audit/test_os_commanding.py is unstable > * Broken youtube links and url links > * AssertionError: Can NOT join a stopped consumer > * An exception was found while running audit.os_commanding at > mutant.py:_create_mutants_worker():274 > * pybloomfiltermmap stack overflow crash on startup - Mac OSX blocker > > And you can find them here [0]. If you're interested in helping > out with any of those, you're more than welcome to join the w3af > channel at freenode and speak up! > > [0] > https://github.com/andresriancho/w3af/issues?labels=bug&milestone=7&state=open > > Regards, > -- > Andr?s Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > > > ------------------------------ > > Message: 2 > Date: Thu, 20 Mar 2014 11:47:00 -0300 > From: Andres Riancho <andres.rian...@gmail.com> > Subject: [W3af-develop] REST API for w3af > To: "w3af-us...@lists.sourceforge.net" > <w3af-us...@lists.sourceforge.net>, > "w3af-develop@lists.sourceforge.net" > <W3af-develop@lists.sourceforge.net> > Message-ID: > <CA+1Rt67yxjGOXX3dBAC0tYi3UJ=_v9muhbp6dzab0ef_f-t...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > Lists, > > Talking with different users off-list, I've noticed that the > advanced users want to integrate w3af with other tools, and while this > is possible today (w3af console script + XML output) it is not the > best approach. > > The world is moving towards REST APIs, and we're going there too. > A REST API allows users to spawn a w3af server in their datacenter and > have it run scans of all their web applications, calling it remotely > from continuous integration / delivery systems, etc. > > w3afRemote [1] was an innovative project built by Deb some time > ago, which had the main goals but a different technology stack: > xmlrpc. Together with Deb we've decided to code a REST API wrapper > around w3afCore/kb and make that part of the project. When this is > done you'll be able to run ./w3af_api and have a fully functioning > HTTP daemon exposing the REST API listening on localhost. > > This part of the project is just starting [0]: we have the idea > and some time to dedicate to it. If you want to join us speak now!; > your input is very valuable. > > [0] https://github.com/andresriancho/w3af/issues?milestone=8&state=open > [1] http://sourceforge.net/projects/w3afremote/ > > Regards, > -- > Andr?s Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > > > ------------------------------ > > Message: 3 > Date: Thu, 20 Mar 2014 16:01:25 +0100 > From: Bipin Upadhyay <muxical.g...@gmail.com> > Subject: Re: [W3af-develop] REST API for w3af > To: Andres Riancho <andres.rian...@gmail.com> > Cc: "w3af-us...@lists.sourceforge.net" > <w3af-us...@lists.sourceforge.net>, > "w3af-develop@lists.sourceforge.net" > <W3af-develop@lists.sourceforge.net> > Message-ID: > > <CALCtKA+jQ0JJud_TTnL8eYPpqTsChVXzZ00kDejdoekX5uaX=a...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > This is good news, Andres! > Is the API list available somewhere for us to see before it's actually > implemented? It's been my personal experience that defining a REST API > properly is vital before getting started with the code. It may provoke a > purist vs non-purist REST debates, but it's mostly works in favor of the > project. > > -- > Bipin Upadhyay > http://projectbee.org/ > > > On Thu, Mar 20, 2014 at 3:47 PM, Andres Riancho > <andres.rian...@gmail.com>wrote: > >> Lists, >> >> Talking with different users off-list, I've noticed that the >> advanced users want to integrate w3af with other tools, and while this >> is possible today (w3af console script + XML output) it is not the >> best approach. >> >> The world is moving towards REST APIs, and we're going there too. >> A REST API allows users to spawn a w3af server in their datacenter and >> have it run scans of all their web applications, calling it remotely >> from continuous integration / delivery systems, etc. >> >> w3afRemote [1] was an innovative project built by Deb some time >> ago, which had the main goals but a different technology stack: >> xmlrpc. Together with Deb we've decided to code a REST API wrapper >> around w3afCore/kb and make that part of the project. When this is >> done you'll be able to run ./w3af_api and have a fully functioning >> HTTP daemon exposing the REST API listening on localhost. >> >> This part of the project is just starting [0]: we have the idea >> and some time to dedicate to it. If you want to join us speak now!; >> your input is very valuable. >> >> [0] https://github.com/andresriancho/w3af/issues?milestone=8&state=open >> [1] http://sourceforge.net/projects/w3afremote/ >> >> Regards, >> -- >> Andr?s Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> >> >> ------------------------------------------------------------------------------ >> Learn Graph Databases - Download FREE O'Reilly Book >> "Graph Databases" is the definitive new guide to graph databases and their >> applications. Written by three acclaimed leaders in the field, >> this first edition is now available. Download your free book today! >> http://p.sf.net/sfu/13534_NeoTech >> _______________________________________________ >> W3af-develop mailing list >> W3af-develop@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > Message: 4 > Date: Thu, 20 Mar 2014 12:06:51 -0300 > From: Andres Riancho <andres.rian...@gmail.com> > Subject: Re: [W3af-develop] REST API for w3af > To: Bipin Upadhyay <muxical.g...@gmail.com> > Cc: "w3af-us...@lists.sourceforge.net" > <w3af-us...@lists.sourceforge.net>, > "w3af-develop@lists.sourceforge.net" > <W3af-develop@lists.sourceforge.net> > Message-ID: > <CA+1Rt64j_pxb7xgL6v23=drzqk2yrmgurekhxqr4fapygvb...@mail.gmail.com> > Content-Type: text/plain; charset=ISO-8859-1 > > +1 on defining the API before coding. > For now nothing is really defined, any chance you've got the time to > draft the first version in the wiki? > > On Thu, Mar 20, 2014 at 12:01 PM, Bipin Upadhyay <muxical.g...@gmail.com> > wrote: >> This is good news, Andres! >> Is the API list available somewhere for us to see before it's actually >> implemented? It's been my personal experience that defining a REST API >> properly is vital before getting started with the code. It may provoke a >> purist vs non-purist REST debates, but it's mostly works in favor of the >> project. >> >> -- >> Bipin Upadhyay >> http://projectbee.org/ >> >> >> On Thu, Mar 20, 2014 at 3:47 PM, Andres Riancho <andres.rian...@gmail.com> >> wrote: >>> >>> Lists, >>> >>> Talking with different users off-list, I've noticed that the >>> advanced users want to integrate w3af with other tools, and while this >>> is possible today (w3af console script + XML output) it is not the >>> best approach. >>> >>> The world is moving towards REST APIs, and we're going there too. >>> A REST API allows users to spawn a w3af server in their datacenter and >>> have it run scans of all their web applications, calling it remotely >>> from continuous integration / delivery systems, etc. >>> >>> w3afRemote [1] was an innovative project built by Deb some time >>> ago, which had the main goals but a different technology stack: >>> xmlrpc. Together with Deb we've decided to code a REST API wrapper >>> around w3afCore/kb and make that part of the project. When this is >>> done you'll be able to run ./w3af_api and have a fully functioning >>> HTTP daemon exposing the REST API listening on localhost. >>> >>> This part of the project is just starting [0]: we have the idea >>> and some time to dedicate to it. If you want to join us speak now!; >>> your input is very valuable. >>> >>> [0] https://github.com/andresriancho/w3af/issues?milestone=8&state=open >>> [1] http://sourceforge.net/projects/w3afremote/ >>> >>> Regards, >>> -- >>> Andr?s Riancho >>> Project Leader at w3af - http://w3af.org/ >>> Web Application Attack and Audit Framework >>> Twitter: @w3af >>> GPG: 0x93C344F3 >>> >>> >>> ------------------------------------------------------------------------------ >>> Learn Graph Databases - Download FREE O'Reilly Book >>> "Graph Databases" is the definitive new guide to graph databases and their >>> applications. Written by three acclaimed leaders in the field, >>> this first edition is now available. Download your free book today! >>> http://p.sf.net/sfu/13534_NeoTech >>> _______________________________________________ >>> W3af-develop mailing list >>> W3af-develop@lists.sourceforge.net >>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> >> > > > > -- > Andr?s Riancho > Project Leader at w3af - http://w3af.org/ > Web Application Attack and Audit Framework > Twitter: @w3af > GPG: 0x93C344F3 > > > > ------------------------------ > > Message: 5 > Date: Thu, 20 Mar 2014 16:08:39 +0100 > From: Bipin Upadhyay <muxical.g...@gmail.com> > Subject: Re: [W3af-develop] REST API for w3af > To: Andres Riancho <andres.rian...@gmail.com> > Cc: "w3af-us...@lists.sourceforge.net" > <w3af-us...@lists.sourceforge.net>, > "w3af-develop@lists.sourceforge.net" > <W3af-develop@lists.sourceforge.net> > Message-ID: > <calctka+30rzj89gytz1kpprhm4hk8_yn9zwtvlep82zncud...@mail.gmail.com> > Content-Type: text/plain; charset="utf-8" > > I'd love to, but haven't played with w3af in a while (change of jobs, > country) > I can assist you though. > > -- > Bipin Upadhyay > http://projectbee.org/ > > > On Thu, Mar 20, 2014 at 4:06 PM, Andres Riancho > <andres.rian...@gmail.com>wrote: > >> +1 on defining the API before coding. >> For now nothing is really defined, any chance you've got the time to >> draft the first version in the wiki? >> >> On Thu, Mar 20, 2014 at 12:01 PM, Bipin Upadhyay <muxical.g...@gmail.com> >> wrote: >> > This is good news, Andres! >> > Is the API list available somewhere for us to see before it's actually >> > implemented? It's been my personal experience that defining a REST API >> > properly is vital before getting started with the code. It may provoke a >> > purist vs non-purist REST debates, but it's mostly works in favor of the >> > project. >> > >> > -- >> > Bipin Upadhyay >> > http://projectbee.org/ >> > >> > >> > On Thu, Mar 20, 2014 at 3:47 PM, Andres Riancho < >> andres.rian...@gmail.com> >> > wrote: >> >> >> >> Lists, >> >> >> >> Talking with different users off-list, I've noticed that the >> >> advanced users want to integrate w3af with other tools, and while this >> >> is possible today (w3af console script + XML output) it is not the >> >> best approach. >> >> >> >> The world is moving towards REST APIs, and we're going there too. >> >> A REST API allows users to spawn a w3af server in their datacenter and >> >> have it run scans of all their web applications, calling it remotely >> >> from continuous integration / delivery systems, etc. >> >> >> >> w3afRemote [1] was an innovative project built by Deb some time >> >> ago, which had the main goals but a different technology stack: >> >> xmlrpc. Together with Deb we've decided to code a REST API wrapper >> >> around w3afCore/kb and make that part of the project. When this is >> >> done you'll be able to run ./w3af_api and have a fully functioning >> >> HTTP daemon exposing the REST API listening on localhost. >> >> >> >> This part of the project is just starting [0]: we have the idea >> >> and some time to dedicate to it. If you want to join us speak now!; >> >> your input is very valuable. >> >> >> >> [0] https://github.com/andresriancho/w3af/issues?milestone=8&state=open >> >> [1] http://sourceforge.net/projects/w3afremote/ >> >> >> >> Regards, >> >> -- >> >> Andr?s Riancho >> >> Project Leader at w3af - http://w3af.org/ >> >> Web Application Attack and Audit Framework >> >> Twitter: @w3af >> >> GPG: 0x93C344F3 >> >> >> >> >> >> >> ------------------------------------------------------------------------------ >> >> Learn Graph Databases - Download FREE O'Reilly Book >> >> "Graph Databases" is the definitive new guide to graph databases and >> their >> >> applications. Written by three acclaimed leaders in the field, >> >> this first edition is now available. Download your free book today! >> >> http://p.sf.net/sfu/13534_NeoTech >> >> _______________________________________________ >> >> W3af-develop mailing list >> >> W3af-develop@lists.sourceforge.net >> >> https://lists.sourceforge.net/lists/listinfo/w3af-develop >> > >> > >> >> >> >> -- >> Andr?s Riancho >> Project Leader at w3af - http://w3af.org/ >> Web Application Attack and Audit Framework >> Twitter: @w3af >> GPG: 0x93C344F3 >> > -------------- next part -------------- > An HTML attachment was scrubbed... > > ------------------------------ > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > > ------------------------------ > > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop > > > End of W3af-develop Digest, Vol 74, Issue 3 > ******************************************* > > ------------------------------------------------------------------------------ > Learn Graph Databases - Download FREE O'Reilly Book > "Graph Databases" is the definitive new guide to graph databases and their > applications. Written by three acclaimed leaders in the field, > this first edition is now available. Download your free book today! > http://p.sf.net/sfu/13534_NeoTech > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test & Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
