Re: [W3af-users] targets with port or without

Fri, 15 Feb 2013 10:06:54 -0800 

Geoff,

On Fri, Feb 15, 2013 at 7:51 AM, Geoff Galitz <ge...@galitz.org> wrote:
>
>
> Hi.
>
> I've got a basic usage question. If I point w3af at a target using a given
> profile (e.g. full_audit) I get quite different behavior and results
> depending on if I specify the port or not.
>
> If I specify the port (http://192.168.2.5:80, for example) I get a pretty
> short and not particularly useful output.  If I leave the port off, I get
> a ton more data and is much more what I expect including traversing
> subdirectories which does not happen if I specify the port.
>
> Is this behavior by design?  It affects scripting and wrapping from some
> other tools I use.

This is not by design, it should be a bug. Which version are you
using? If it's not threading2, could you test it there using the
console UI? (GUI is broken in threading2 at the moment). These steps
might be useful for you to debug:

    git clone git://github.com/andresriancho/w3af.git
    cd w3af
    git checkout -b theading2

    ./w3af_console -p full_audit
        target set target http://192.168.2.5:80/
        start
        exit

    ./w3af_console -p full_audit
        target set target http://192.168.2.5/
        start
        exit

I remember a similar problem being reported a while ago, I think I
fixed it in threading2, but it's never bad to double check.

Regards,

> -G
>
>
>
>
> ------------------------------
> Geoff Galitz
> http://www.galitz.org
>
>
> ------------------------------------------------------------------------------
> Free Next-Gen Firewall Hardware Offer
> Buy your Sophos next-gen firewall before the end March 2013
> and get the hardware for free! Learn more.
> http://p.sf.net/sfu/sophos-d2d-feb
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users



--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

------------------------------------------------------------------------------
Free Next-Gen Firewall Hardware Offer
Buy your Sophos next-gen firewall before the end March 2013 
and get the hardware for free! Learn more.
http://p.sf.net/sfu/sophos-d2d-feb
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users

Reply via email to