Hi steve, w3af is a web application scanner, what you are describing are more infrastructure tests. Testing for weak passwords via the web is somewhat strange because the passwords are irrelevant if you manage to get an SQL injection. Your time would be better spent if you tested the backend directly, with bruteforce tools like Medusa or THC Hydra. As for thue missing patches, you would have better luck with a tool like Nessus.
The only thing w3af might help you with is for c), the grep plugins might help you find that.Since they just read the content, you can enable all of them, it won't take longer to scan. Hope it helps, Sébastien On Fri, Oct 2, 2009 at 3:11 PM, steve jacobs <[email protected]> wrote: > Dear Seasoned w3af users - > > Do you know which w3af plugins could help my company identify: > > a) Weak SQL Server passwords for our apps that have a backend SQL DB > b) Weak MS Access passwords for our apps that have a backend MS Access DB > c) Passwords exposed in source code > d) Weak passwords on Windows Servers running IIS > e) Missing patches on Web Servers (IIS, Apache). > > Any pointers if w3af can identify these would be great. > > Regards, > Steve. > > ________________________________ > View your Twitter and Flickr updates from one place – Learn more! > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
