Bedirhan, On Wed, Dec 31, 2008 at 5:29 AM, Bedirhan Urgun <[email protected]> wrote: > > Hi everyone, > Andres, I'm thrilled that you've done tests against Wivet. I can't say > that it was a right choice to implement a base tag as a booby trap at the > first place. But having solved that w3af will perform much much better. w3af > is a great slick tool and will be much solid when it crushes the commercial > ones on spidering. :) > > I haven't tested new w3af against wivet. But I will to see it in action.
Thanks for the great tool, and PLEASE add more tests! The community needs more tests! Cheers, > cheers, > Bedirhan Urgun > http://www.owasp.org/index.php/Turkey > > > > > > >> Date: Tue, 30 Dec 2008 22:59:51 -0200 >> From: [email protected] >> To: [email protected] >> Subject: wivet vs. w3af - Now with 100% code coverage! =) >> >> List, >> >> Open source rocks, python rocks, and w3af rocks ;) We all know >> that, but here is one more proof. >> >> Today a friend of mine sent me a link about the wivet project "Web >> Input Vector Extractor Teaser", which is basically a testbed for web >> spiders. In their main page they have a screenshot [0] with a w3af run >> that says 0% code coverage. My first impression was that it was a >> configuration problem or something like that, because... 0% was... >> really... embarrassing! >> >> So I decided to give wivet a try, and I found out that it's THE >> GREATEST tool for testing web spiders, and I also realized that w3af >> was actually covering 0% of the page on the scans. The problem was >> that wivet developer used a <base> tag, which is rare thing nowadays, >> and the HTML parser wasn't analyzing it (completely MY fault!). After >> working with the framework for a couple of hours, I modified it in >> order to achieve a 100% code coverage in wivet [1]. In case you are >> wondering, the patch [2] is not a hack, it is something totally >> generic that will also work with the rest of the pages around the >> world. >> >> I don't want to brag about it because w3af should have gotten 100% >> in the first test that was done by the wivet developer but... now we >> have more code coverage than all the other commercial and free >> scanners! The second best is now WebInspect with an impressive 86% [3] >> (but I have 100% ;). >> >> [0] http://code.google.com/p/wivet/wiki/W3afVsWivet >> [1] http://w3af.sourceforge.net/screenshots/wivet-w3af.png >> [2] http://w3af.svn.sourceforge.net/viewvc/w3af?view=rev&revision=2292 >> [3] http://code.google.com/p/wivet/wiki/WebInspectVsWivet >> >> Cheers, >> -- >> Andres Riancho >> http://w3af.sourceforge.net/ >> Web Application Attack and Audit Framework > > > ________________________________ > Send e-mail faster without improving your typing skills. Get your Hotmail(R) > account. -- Andres Riancho http://w3af.sourceforge.net/ Web Application Attack and Audit Framework ------------------------------------------------------------------------------ _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
