Waqas,
Some vulnerabilities, such as SQL injection should display vulndb
data [0] in the UI and some output reports. vulndb references owasp
top10, and cwe. The complete list of vulnerabilities which include
this description is here [1]. This is only available in the latest
w3af versions.
[0] https://github.com/vulndb/data/blob/master/db/45-sql-injection.json
[1] https://github.com/vulndb/data/tree/master/db
On Wed, Nov 16, 2016 at 7:57 AM, Waqas Aman <waqasama...@gmail.com> wrote:
> Hi,
> I just started using the tool. I was wondering whether the w3af scan results
> include the CVE/CVSS information of the vulnerabilities found, or
> information of other standard vuln.DBs/standards for the matter. I didn't
> see such info yet, may be I am missing it.
> IF not provided natively,, are there any external plugins that can be
> installed on the w3af to add such info to the vuln. found. And, if there
> isnt any such plugins available, are there any other opensource web vuln
> scanners whose scans reveal CVE/CVSS or related information?
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
------------------------------------------------------------------------------
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
