Vulnerability assessment tool stands for web application attack and audit framework, it is easily available and open source web application security scanner. The development offers a vulnerability scanner and exploitation tool for web applications. It enables information regarding security vulnerabilities to consider useful in penetration testing engagement. The scanner provides a command-line interface and graphical user interface.

The framework of the vulnerability assessment tool is used to call the “Metasploit for the web”, but it’s much more than that, due to it also determining the web application vulnerabilities using black-box scanning tools. The core and plug INS of w3af is written in python language. The tool has over 130 plug-ins, which recognizes and exploits cross-site scripting, (XSS), exploit SQL injection and distant file inclusion, and so on.

How Does Vulnerability Assessment Work?

Security Vulnerability Assessment 300x166

The framework of W3af comprises a couple of parts: core and plug-in. The core operates the noticeable process and coordinates the work of the plug-in, also the change of information between them. Turn to plug-in, search vulnerabilities, and enable them to exploit them, from the core plug-in exchange information, such as about available requirements for fizzing. The system works as a prime repository for a so-called “knowledge base”.

Plug-in to find potential entry points to the application or for discovery plug-in gather links, forms, and normally everything that can produce requests to a web application, Since making a query map of the tested map of the application.

Audit plug-in utilizing output plug-in ( that is the beginning point to the application) to notice targets for searching vulnerabilities that help you to carry out attacks like SQL injection, SQL injection, XSS, and lots of others.

Read related: Let’s Discuss Regarding Penetration Testing Tool Browser Exploitation Framework BeEF

On another step operates grep plug-in via which bypasses a couple of HTTP request/responses and searches for details like credit card information, credentials, etc. these plug-ins can find for plots of possibly dangerous JavaScript code.

  • Avoidance of plug-in is considered to bypass firewalls.
  • Output plug-ins are planned to make easy to read final reports
  • Force plug-in brute such as for fundamental authentication brute-forcing
  • Contort plug-in that allows to intercept requests and provide the possibility to update data inside
  • Auth plug-ins is accountable for calculating the number of users sitting during the execution of the test.
  • Output plug-in is designed to make it easy to read the final report.

In A Nutshell

Download 300x158

Indeed, a vulnerability assessment tool is a very useful and bendable framework for web application penetration testing with many interesting options which can facilitate a lot at the time of test execution. But it also has one huge minus. It requires loads of process resources and its process must be somehow bound with available resources so that it may just eat all your CPU. One more thing to remember is that it is a free penetration tool.

Categories: Uncategorized


Leave a Reply

Your email address will not be published. Required fields are marked *