Hello,
First, it's always good to include the steps you used to reproduce the
issue reported. Help us the community help you by providing more details
and things you have tried.
What version of w3af?
GUI or Console?
Your selection of plugins/profiles/exploits, etc.? (you mentioned OWASP
top 10).
What is the output of the scan?
Try this and let me know if you find something interesting.
w3af -s testfire.w3af.script
[testfire script file contents]
profiles use audit_high_risk
plugins output html_file
plugins output config html_file
set output_file /root/testfire.html
back
plugins audit blind_sqli sqli
target set target http://demo.testfire.net
start
Thx,
ad^2
On Wed, Oct 5, 2016 at 1:59 AM, Shreyas M R <shreyas7...@gmail.com> wrote:
> Hi,
>
> I'm using w3af owasp top10 profile on http://demo.testfire.net/ which has
> sqli and xss vulnerabilities. I'm not getting any vulnerabilities from w3af
> scan. please anyone help me out in this.
>
>
>
>
> [image: --]
>
> Shreyas M R
> [image: http://]about.me/shreyasmrs
> <http://about.me/shreyasmrs?promo=email_sig>
>
>
> ------------------------------------------------------------
> ------------------
> Check out the vibrant tech community on one of the world's most
> engaging tech sites, SlashDot.org! http://sdm.link/slashdot
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
