W3af

VERIFIED

Web application attack and audit framework

Web Application HackingOSS

Intermediate

Linux

Description

W3af (Web Application Attack and Audit Framework) is an open-source framework for finding and exploiting web application vulnerabilities. It provides over 130 plugins covering discovery, audit, grep, brute force, attack, evasion, and output, offering both a console and GUI interface.

Use Cases

Perform comprehensive web application vulnerability assessments
Automate SQL injection and XSS detection with plugins
Create custom audit profiles for specific security testing needs

Attack Phases

01. RECON

02. SCAN

03. EXPLOIT

04. PERSIST

05. COVER

MITRE ATT&CK Techniques (2)

T1190Exploit Public-Facing Application

Related Tools (3)

Burp Suite OWASP ZAP SQLMap