Guillermo, On Mon, Jul 14, 2014 at 9:34 AM, Guillermo D.A.G <gen...@gmail.com> wrote: > > Dear Andres, > > First of all, congratulations for w3af, you are doing a great job. Now, im > working on the testing of several tools for private use, with an a commercial > approach, with acunetix, appscan, etc. and an open source approach, with > w3af, wapiti...
Thanks for your email, and mostly for your patience in sending it again to the mailing list. > The first gap that i found is the API documentation (Restful or not). Yes, there is no documentation on how w3af works internally, that's correct. On the other side, I'm always here and on IRC to answer any questions you (or anyone else might have). I would love to see more contributors, and that's why I help each new person that approaches the project with all my time. > I saw some parallel project like w3afRemote, but i dont know the maturity > level of this project. -1 It was a GREAT idea, but since it was an external project and w3af evolved fast since w3afRemote creation, it is now obsolete. The w3af version wrapped/exposed by w3afRemote is too old and buggy. > Do you have in mind publish (soon) an API Rest Documentation? I saw that > https://github.com/andresriancho/w3af/wiki/REST-API-v1.0 and this > http://comments.gmane.org/gmane.comp.security.w3af.user/1783 but if you have > a roadmap in mind would be nice! The roadmap is here [0], to sum up: * 1.6.1 - Bug fixing after 1.6 <---- we're here * 1.7.0 - Increase WAVSEP Coverage and add long vulnerability descriptions * 1.7.2 - Multiple domain names as target * 1.7.5 Scanning sites with anti-CSRF tokens * 1.8.0 - JavaScript crawler * 1.9 - Specific vendor support release * 2.0 - REST API So... it seems that you're out of luck. A lot of works needs to be done before we even start thinking about a due date for the REST API. There are several options at this point: * Your (big banking) company supports w3af, codes the REST API and releases it GPLv2.0 * Your (big banking) company supports w3af by hiring me as a freelance developer to work on the REST API and the code gets released as GPLv2.0 * You choose any other scanner and pay more ;) [0] https://github.com/andresriancho/w3af/issues/milestones > > > Thanks in advance. > > Best regards, > > -- > > Guillermo de Ángel García / Senior Security Consultant > +34 630 340 920 / gen...@gmail.com > > > > Cuidemos del medio ambiente. Por favor no imprimas este e-mail si no es > necesario. > > > ------------------------------------------------------------------------------ > Want fast and easy access to all the code in your enterprise? Index and > search up to 200,000 lines of code with a free copy of Black Duck® > Code Sight™ - the same software that powers the world's largest code > search on Ohloh, the Black Duck Open Hub! Try it now. > http://p.sf.net/sfu/bds > _______________________________________________ > W3af-users mailing list > W3af-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-users > -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Want fast and easy access to all the code in your enterprise? Index and search up to 200,000 lines of code with a free copy of Black Duck® Code Sight™ - the same software that powers the world's largest code search on Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds _______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
