Disclaimer so we don't get sued: As *any other automated tool* w3af is dangerous to run against a production environment. Any plugin can destroy your system, you should use it only in test environments.
With that said, w3af's plugin try not to break anything. But, imagine the worse case: w3af scans a site, finds a "hidden" directory, follows a link in that path, and the link was actually to a button that said: "Self destruct server". There's no confirmation for this action, the server is wiped. All this would be possible by only enabling web_spider plugin which follows all links. Regards, On Thu, Feb 28, 2013 at 9:39 AM, Andri Herumurti <vynx_1...@yahoo.com> wrote: > Dear All, > > anyone can advise is W3AF method dangerous or not for scanning ? > > Regards, > Andri > > > > ------------------------------------------------------------------------------ > Everyone hates slow websites. So do we. > Make your web apps faster with AppDynamics > Download AppDynamics Lite for free today: > http://p.sf.net/sfu/appdyn_d2d_feb > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Symantec Endpoint Protection 12 positioned as A LEADER in The Forrester Wave(TM): Endpoint Security, Q1 2013 and "remains a good choice" in the endpoint security space. For insight on selecting the right partner to tackle endpoint security challenges, access the full report. http://p.sf.net/sfu/symantec-dev2dev _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
