yes
Regards,
Shafeeque Olassery Kunnikkal C|EH,C|EI
Graytips Cyber Technologies | www.graytips.com
On Tue, Jun 24, 2014 at 7:37 PM, Andres Riancho <andres.rian...@gmail.com>
wrote:
> Are you running ./w3af_console -s script.w3af ?
>
> On Tue, Jun 24, 2014 at 11:03 AM, Shafeeque O.K [gmail]
> <shafoff...@gmail.com> wrote:
> > Hi
> >
> > I am using the script which is taken from :
> > https://www.owasp.org/index.php/Automated_Audit_using_W3AF
> >
> > done some editing removed the authentiucation details and the current
> > version which I am using is given below. When I run the script, the
> scanning
> > is not started instead it gives the console w3af>>
> >
> >
> > Please guide, using the latest version of w3af in kali.
> >
> > Script is given below.
> >
> > #
> >
> -----------------------------------------------------------------------------------------------------------
> > # W3AF AUDIT SCRIPT FOR WEB
> > APPLICATION
> > #
> >
> -----------------------------------------------------------------------------------------------------------
> > #Configure HTTP settings
> > http-settings
> > set timeout 30
> > back
> >
> > #Configure scanner global behaviors
> > misc-settings
> > set max_discovery_time 20
> > set fuzz_cookies True
> > set fuzz_form_files True
> > set fuzz_url_parts True
> > set fuzz_url_filenames True
> > back
> >
> >
> > plugins
> > #Configure entry point (CRAWLING) scanner
> > crawl web_spider
> > crawl config web_spider
> > set only_forward False
> > set ignore_regex (?i)(logout|disconnect|signout|exit)+
> > back
> >
> >
> > #Configure vulnerability scanners
> > ##Specify list of AUDIT plugins type to use
> > audit blind_sqli, buffer_overflow, cors_origin, csrf, eval, file_upload,
> > ldapi, lfi, os_commanding, phishing_vector, redos, response_splitting,
> sqli,
> > xpath, xss, xst
> > ##Customize behavior of each audit plugin when needed
> > audit config file_upload
> > set extensions
> > jsp,php,php2,php3,php4,php5,asp,aspx,pl,cfm,rb,py,sh,ksh,csh,bat,ps,exe
> > back
> >
> >
> > ##Specify list of GREP plugins type to use (grep plugin is a type of
> plugin
> > that can find also vulnerabilities or informations disclosure)
> > grep analyze_cookies, click_jacking, code_disclosure, cross_domain_js,
> csp,
> > directory_indexing, dom_xss, error_500, error_pages,
> > html_comments, objects, path_disclosure, private_ip, strange_headers,
> > strange_http_codes, strange_parameters, strange_reason, url_session,
> > xss_protection_header
> >
> >
> > ##Specify list of INFRASTRUCTURE plugins type to use (infrastructure
> plugin
> > is a type of plugin that can find informations disclosure)
> > infrastructure server_header, server_status, domain_dot, dot_net_errors
> > back
> >
> >
> > #Configure reporting in order to generate an HTML report
> > output console, html_file
> > output config html_file
> > set output_file /tmp/samir-W3afReport.html
> > set verbose False
> > back
> > output config console
> > set verbose True
> > back
> >
> >
> > back
> > #Set target informations, do a cleanup and run the scan
> > target
> > set target http://www.xxxxxxx.com
> > back
> >
> > cleanup
> > start
> >
> >
> >
> > shafeeque
> >
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>
------------------------------------------------------------------------------
Open source business process management suite built on Java and Eclipse
Turn processes into business applications with Bonita BPM Community Edition
Quickly connect people, data, and systems into organized workflows
Winner of BOSSIE, CODIE, OW2 and Gartner awards
http://p.sf.net/sfu/Bonitasoft
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
