Home page logo
/

w3af

W3af is an extremely popular, powerful, and flexible framework for finding and exploiting web application vulnerabilities. It is easy to use and extend and features dozens of web assessment and exploitation plugins. In some ways it is like a web-focused Metasploit. For downloads and more information, visit the w3af homepage.

Popularity #18, new!
Rating ★★★½ (14)
Latest release 1.1
Oct. 11, 2011
(3 years, 1 month ago)
Homepage/Download
Wikipedia
Outdated/incomplete?
★★★★★ 
 43%
★★★★ 
 14%
★★★ 
 14%
★★ 
 14%
★ 
 14%
Screenshot

Comments

★★★ DNdnhtimy

Dude, tool is great when it works, but it took forever to get working on OSX 10.9. Also keeps crashing

★★★★ lehenga choli

w3af is a good tool to begin. An opensource which I love :-)

★★★★★ KTB

I have experienced plenty of little bugs, crashes and other issues while using w3af over the past few years, yet it remains my favorite general vulnerability scanner for web apps.

★★★★★ Doctor

Installation some kind of weird but tool is very useful and easy to use. Best choice for good starting.

★★ andy

Tried to install this on numerous systems and eventually with help got it running. Needs far too many dependencies installed and too much messing about to be of much use. Once running its buggy and begs the question can it be relied upon? Even within Kali it reports website timeouts, yet Zap or Burp are able to do a successful scan. I wanted this to work so much and be able to use it as an additional check of my results but have now binned it.

★★★ Naresh K

This is Fine for Scanning Vulnerabilities. We can use it efficiently by some other ways...

Dane

I've really tried to love w3af - it's python, it's web pentesting, it's open-source - everything I love.

Unfortunately, once you get around the seemingly strict set of prereq's to install it, it is incredibly buggy. It seems to try to do too many things and be too fancy, but simply isn't useful.

A real pity.

★★★★★ Bill

Nice tool...will be sure to try it for my web apps.

★★ babas

I found it buggy - probably takes expert user who knows programming to work it properly

★★★★★ P3nM3

Great. It worked. Can't really complain about that. Lots of tests and lots of results, not good for the PM....

★★★★ xem

Great Web Application PenTest tool. Fine to see it here.

anon

Couldn't use it because I couldn't open the GUI, installed everything but no idea how to open the GUI >.< I tried lol.

no rating netwrkspider

one of the most powerful web penetration tools.

great

★★★★★ unbaiat

very powerful tool in the hands of the right ppl. here is their twitter if you wanna follow them for updates http://twitter.com/#!/w3af

no rating Andres Riancho

w00t! We made it to the list! Thanks for everybody who voted for us and the community effort behind each line of code :)

[Moderator note: 5-star rating removed from this review since it is by tool author]

★★★★★ Oxdef

The best free software for pentesting web applications.

Your comment

Along with your rating, you can use the comment form to post a review, tutorial, tips and tricks, or anything else others will find useful. If you develop this software (or work for the company), please don't rate it. You may leave a clarifying comment as long as you state your affiliation and don't specify a star rating (just leave it as “No rating”).

 
 
  (will not be shown, will not be spammed)
  (web site, Twitter, Facebook, etc.)
(At least 50 characters. No markup is allowed. URLs will be made into links.)
 Which does not belong: buffer overflow, format string, sql injection, flux capacitor, cross-site scripting (antispam)

Feed for updates.

Home

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]