Steve, Thiago,
On Fri, Dec 10, 2010 at 11:34 AM, Steve Pinkham <[email protected]> wrote:
> On 12/10/2010 05:30 AM, Thiago Stuckert wrote:
>> Every time I ran w3af I realized that I didn't chose correctly the
>> plugins because
>> whenever the program is running it takes a long time and didn't return
>> good results.
>> I know that the choice of plugins is influenced by many factors
>> but I would like to know the generic configuration used by you.
>
> For "spray and pray" scanning I tend to use the "OWASP_TOP_10" profile,
> with the output htmlFile and textFile plugins turned on. It seems to
> perform rather well, and much better in the recent versions then it has
> in the past.
>
> If it's a non-public sites, I have a slightly modified copy of the
> OWASP_TOP_10 preset that turns off the discovery plugins
> yahooSiteExplorer, bing_spider, and userDir (which depends on and
> auto-enables on fingerGoogle, fingerBing, fingerPKS unless you turn it off).
Something else that you guys might like is the new interactive
user interface that we're planning to build in a near future:
https://sourceforge.net/apps/trac/w3af/ticket/160719
That should help us launch scans in a progressive and more controlled way.
> Note that I mostly only use w3af itself on unauthenticated sites at the
> moment, and am playing with this for other uses:
> http://blog.ombrepixel.com/post/2010/09/09/Running-w3af-plugins-in-Burp-Suite
>
>> --
>> Thiago
>
>
>
> --
> | Steven Pinkham, Security Consultant |
> | http://www.mavensecurity.com |
> | GPG public key ID CD31CAFB |
>
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Forrester recently released a report on the Return on Investment (ROI) of
Google Apps. They found a 300% ROI, 38%-56% cost savings, and break-even
within 7 months. Over 3 million businesses have gone Google with Google Apps:
an online email calendar, and document program that's accessible from your
browser. Read the Forrester report: http://p.sf.net/sfu/googleapps-sfnew
_______________________________________________
W3af-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-users
