In this tutorial we are going to learn what is w3af and how to open in on linux machine.
Q. What is w3af ?
w3af is a Web Application Attack and Audit Framework which aims to identify and exploit all web application vulnerabilities.
This package provides a Graphical User Interface (GUI) for the framework. If you want a command-line application only, install w3af-console.
The framework has been called the “metasploit for the web”, but it’s actually much more as it also discovers the web application vulnerabilities using black-box scanning techniques.
The w3af core and its plugins are fully written in Python. The project has more than 130 plugins, which identify and exploit SQL injection, cross-site scripting (XSS), remote file inclusion and more.
See this to understand simple and clearly.
w3af is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements.
Q. How to open it ?
To open it, go to Applications → 03-Web Application Analysis → Click w3af.
This is all what is w3af.