I'm running a Dockerized version of w3af via w3af_console_docker on Kali Linux. I'm targeting an instance of Mutillidae, using the OWASP_TOP10 profile.
The scan appeared to take about 15 minutes, but never completed. I no longer see web requests to the target server, but for the past 20 hours or so I see messages like this, with decreasing values for "requests per minute" over time: |------------------------------------------------------------------------------| > | Crawling Method: GET | http://192.168.1.57/icons/small/ | Query string: > | > | (view) using crawl.phpinfo > | > | Auditing Method: GET | http://192.168.1.57/icons/small/ | Query string: > | > | (view) using audit.frontpage > | > | Crawl phase: In (None URLs/min) Out (None URLs/min) Pending (None URLs) > ETA | > | (None) > | > | Audit phase: In (None URLs/min) Out (None URLs/min) Pending (None URLs) > ETA | > | (None) > | > | Requests per minute: 9 > | > > |------------------------------------------------------------------------------| > Other profiles, such as web_infrastructure, finished faster but still had a substantial delay after the actual scanning appeared to be complete. I saw similar behavior described years ago in this thread, but I'm not sure if the root cause of that issue was determined: https://sourceforge.net/p/w3af/mailman/message/31150639/ Thanks for any insights, -- Chris Herdt
_______________________________________________ W3af-users mailing list W3af-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users
