Shafeeque, On Thu, Aug 8, 2013 at 11:25 AM, Shafeeque O.K [gmail] <[email protected]> wrote: > Hi, > > I have playing around with latest w3af and testing DVWA using this tools. > > Some how I am failing to get the SQLi, injection vulnerabilities of DVWA > detected by w3af. I am able to get BlindSQLi bugs.. So I decided to check > whether the SQLi is realling working (ofcourse it works) > > I understand that there was some unit testing scripts shipped with earlier > w3af. I have seen this on SecurityDojo, however when I run the SQLi test > against the w3af unit testing scripts available in SecurityDojo, the sqli is > not detected. > > I understand the problem is that the script to recreate the required tables > create_tables.sqli is missing, hence the required tables are not created > properly. > > Would like to know whether the framework testing scrips are still valid > against the latest version of 3waf, if so where can I get the complete > working scripts.
Well, if you really want to run unit-tests for w3af you'll need to install nosetests, more on this here [0]. The scripts you find in the "scripts/" directory are our OLD, really OLD, "unit-tests". Right now we use things like this [1] to verify that our framework works. [0] https://github.com/andresriancho/w3af/wiki/Developer's-Guide [1] https://github.com/andresriancho/w3af/blob/master/plugins/tests/audit/test_sqli.py > During my test I have found interesting observations on latest w3af. I will > compile the lists and send this after reconfirming my experiments. > Meanwhile I look for the support to get the unit testing scripts. Intrigued to know what you've found :) > Thanks in advance. > > -- > Regards, > -S- > > ------------------------------------------------------------------------------ > Get 100% visibility into Java/.NET code with AppDynamics Lite! > It's a free troubleshooting tool designed for production. > Get down to code-level detail for bottlenecks, with <2% overhead. > Download for free and get started troubleshooting in minutes. > http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
