List,
Open source rocks, python rocks, and w3af rocks ;) We all know
that, but here is one more proof.
Today a friend of mine sent me a link about the wivet project "Web
Input Vector Extractor Teaser", which is basically a testbed for web
spiders. In their main page they have a screenshot [0] with a w3af run
that says 0% code coverage. My first impression was that it was a
configuration problem or something like that, because... 0% was...
really... embarrassing!
So I decided to give wivet a try, and I found out that it's THE
GREATEST tool for testing web spiders, and I also realized that w3af
was actually covering 0% of the page on the scans. The problem was
that wivet developer used a <base> tag, which is rare thing nowadays,
and the HTML parser wasn't analyzing it (completely MY fault!). After
working with the framework for a couple of hours, I modified it in
order to achieve a 100% code coverage in wivet [1]. In case you are
wondering, the patch [2] is not a hack, it is something totally
generic that will also work with the rest of the pages around the
world.
I don't want to brag about it because w3af should have gotten 100%
in the first test that was done by the wivet developer but... now we
have more code coverage than all the other commercial and free
scanners! The second best is now WebInspect with an impressive 86% [3]
(but I have 100% ;).
[0] http://code.google.com/p/wivet/wiki/W3afVsWivet
[1] http://w3af.sourceforge.net/screenshots/wivet-w3af.png
[2] http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=2292
[3] http://code.google.com/p/wivet/wiki/WebInspectVsWivet
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
