Are you running ./w3af_console -s script.w3af ? On Tue, Jun 24, 2014 at 11:03 AM, Shafeeque O.K [gmail] <shafoff...@gmail.com> wrote: > Hi > > I am using the script which is taken from : > https://www.owasp.org/index.php/Automated_Audit_using_W3AF > > done some editing removed the authentiucation details and the current > version which I am using is given below. When I run the script, the scanning > is not started instead it gives the console w3af>> > > > Please guide, using the latest version of w3af in kali. > > Script is given below. > > # > ----------------------------------------------------------------------------------------------------------- > # W3AF AUDIT SCRIPT FOR WEB > APPLICATION > # > ----------------------------------------------------------------------------------------------------------- > #Configure HTTP settings > http-settings > set timeout 30 > back > > #Configure scanner global behaviors > misc-settings > set max_discovery_time 20 > set fuzz_cookies True > set fuzz_form_files True > set fuzz_url_parts True > set fuzz_url_filenames True > back > > > plugins > #Configure entry point (CRAWLING) scanner > crawl web_spider > crawl config web_spider > set only_forward False > set ignore_regex (?i)(logout|disconnect|signout|exit)+ > back > > > #Configure vulnerability scanners > ##Specify list of AUDIT plugins type to use > audit blind_sqli, buffer_overflow, cors_origin, csrf, eval, file_upload, > ldapi, lfi, os_commanding, phishing_vector, redos, response_splitting, sqli, > xpath, xss, xst > ##Customize behavior of each audit plugin when needed > audit config file_upload > set extensions > jsp,php,php2,php3,php4,php5,asp,aspx,pl,cfm,rb,py,sh,ksh,csh,bat,ps,exe > back > > > ##Specify list of GREP plugins type to use (grep plugin is a type of plugin > that can find also vulnerabilities or informations disclosure) > grep analyze_cookies, click_jacking, code_disclosure, cross_domain_js, csp, > directory_indexing, dom_xss, error_500, error_pages, > html_comments, objects, path_disclosure, private_ip, strange_headers, > strange_http_codes, strange_parameters, strange_reason, url_session, > xss_protection_header > > > ##Specify list of INFRASTRUCTURE plugins type to use (infrastructure plugin > is a type of plugin that can find informations disclosure) > infrastructure server_header, server_status, domain_dot, dot_net_errors > back > > > #Configure reporting in order to generate an HTML report > output console, html_file > output config html_file > set output_file /tmp/samir-W3afReport.html > set verbose False > back > output config console > set verbose True > back > > > back > #Set target informations, do a cleanup and run the scan > target > set target http://www.xxxxxxx.com > back > > cleanup > start > > > > shafeeque > >
-- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Open source business process management suite built on Java and Eclipse Turn processes into business applications with Bonita BPM Community Edition Quickly connect people, data, and systems into organized workflows Winner of BOSSIE, CODIE, OW2 and Gartner awards http://p.sf.net/sfu/Bonitasoft _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
