w3af

/w3af/w3af 1.0-stable/w3af_1.0_stable_setup.exe

/w3af/w3af 1.0-rc6/w3af 1.0 rc6 setup.exe

/w3af/w3af 1.0-rc6/w3af 1.0 rc6 setup.exe

Since our latest release back in November, the w3af team has focused on making the framework better, stronger and faster. By downloading this release you'll be able to enjoy new vulnerability checks, more stable code and a about 15% performance boost ... [More] in the overall speed of your scan. Here's what's new: * Now using bloom filters instead of sqlite3 databases, which are persistent on disk, effectively increasing scan performance by about 15%! * Fixed most of the bugs that cause w3afMustStopExceptions and wrote debugging code to allow us to identify the remaining ones. * Based on many community requests we've updated our XML output plugin and wrote an XSD file to help other tools parse the output from our scanner. * Added new plugin to measure the number of hops for port 80 vs 443 and perform a comparison. Which is useful to identify load balancers, reverse proxies and any other network appliances. On top of that, we've also worked on writing unit tests and a continuous integration system that we'll use for testing our code each night. When we complete this task, we'll be able to deliver high quality code on each release, with fewer bugs and no regressions. [Less]

Since our latest release back in November, the w3af team has focused on making the framework better, stronger and faster. By downloading this release you'll be able to enjoy new vulnerability checks, more stable code and a about 15% performance ... [More] boost in the overall speed of your scan. Here's what's new: * Now using bloom filters instead of sqlite3 databases, which are persistent on disk, effectively increasing scan performance by about 15%! * Fixed most of the bugs that cause w3afMustStopExceptions and wrote debugging code to allow us to identify the remaining ones. * Based on many community requests we've updated our XML output plugin and wrote an XSD file to help other tools parse the output from our scanner. * Added new plugin to measure the number of hops for port 80 vs 443 and perform a comparison. Which is useful to identify load balancers, reverse proxies and any other network appliances. On top of that, we've also worked on writing unit tests and a continuous integration system that we'll use for testing our code each night. When we complete this task, we'll be able to deliver high quality code on each release, with fewer bugs and no regressions. [Less]

Since our latest release back in November, the w3af team has focused on making the framework better, stronger and faster. By downloading this release you'll be able to enjoy new vulnerability checks, more stable code and a about 15% performance boost ... [More] in the overall speed of your scan. Here's what's new: * Now using bloom filters instead of sqlite3 databases, which are persistent on disk, effectively increasing scan performance by about 15%! * Fixed most of the bugs that cause w3afMustStopExceptions and wrote debugging code to allow us to identify the remaining ones. * Based on many community requests we've updated our XML output plugin and wrote an XSD file to help other tools parse the output from our scanner. * Added new plugin to measure the number of hops for port 80 vs 443 and perform a comparison. Which is useful to identify load balancers, reverse proxies and any other network appliances.On top of that, we've also worked on writing unit tests and a continuous integration system that we'll use for testing our code each night. When we complete this task, we'll be able to deliver high quality code on each release, with fewer bugs and no regressions. [Less]

/w3af/w3af 1.0-rc5/w3af-1.0-rc5.tar.bz2

/w3af/w3af 1.0-rc5/w3af-1.0-rc5.tar.bz2

This is one of those great moments in the life of a project, a moment that I've been dreaming about for a couple of years. We're releasing a new version of w3af, but that's not important. The major achievement is the story behind the release, the ... [More] effort put in this release by all the contributors, Javier Andalia (our core developer) and Rapid7 (the company that allows all this to happen). For the first time in the project's life, we have a roadmap [0] , a prioritized backlog [1] and a structured development process we follow to deliver new features and fixing bugs. The efforts for this release have been major, some of them haven been really organized like our sprints that started one month ago [2][3] and some others can be tracked through the SVN logs, like Taras' great improvements of the GUI. Just to name a few things we've done for this release: * We've written new HOWTO documents for our users * Considerably improved the speed of all grep plugins * Replaced Beautiful Soup by the faster libxml2 library * Introduced the usage of XPATH queries that will allow us to improve performance and reduce false positives * Fixed hundreds of bugs On this release you'll also find that after exploiting a vulnerability you can leverage that access using our Web Application Payloads, a feature that we developed together with Lucas Apa from Bonsai Information Security. These payloads allow you to escalate privileges and will help you get from a low privileged vulnerability (e.g. local file read) to a remote code execution. In order to try them, exploit a vulnerability, get any type of shell and then run any of the following commands: help, lsp, payload tcp (the last one will show you the open connections in the remote box). We still have tons of things to do, but for the first time in the project's life we have a defined process that will make us achieve our objectives. [0] https://sourceforge.net/apps/trac/w3af/roadmap [1] https://sourceforge.net/apps/trac/w3af/report/1 [2] https://sourceforge.net/apps/trac/w3af/query?group=status&milestone=owls-sprint-1 [3] https://sourceforge.net/apps/trac/w3af/query?group=status&milestone=owls-sprint-2 [Less]

This is one of those great moments in the life of a project, a moment that I've been dreaming about for a couple of years. We're releasing a new version of w3af, but that's not important. The major achievement is the story behind the release, the ... [More] effort put in this release by all the contributors, Javier Andalia (our core developer) and Rapid7 (the company that allows all this to happen). For the first time in the project's life, we have a roadmap [0] , a prioritized backlog [1] and a structured development process we follow to deliver new features and fixing bugs. The efforts for this release have been major, some of them haven been really organized like our sprints that started one month ago [2][3] and some others can be tracked through the SVN logs, like Taras' great improvements of the GUI. Just to name a few things we've done for this release: * We've written new HOWTO documents for our users * Considerably improved the speed of all grep plugins * Replaced Beautiful Soup by the faster libxml2 library * Introduced the usage of XPATH queries that will allow us to improve performance and reduce false positives * Fixed hundreds of bugs On this release you'll also find that after exploiting a vulnerability you can leverage that access using our Web Application Payloads, a feature that we developed together with Lucas Apa from Bonsai Information Security. These payloads allow you to escalate privileges and will help you get from a low privileged vulnerability (e.g. local file read) to a remote code execution. In order to try them, exploit a vulnerability, get any type of shell and then run any of the following commands: help, lsp, payload tcp (the last one will show you the open connections in the remote box). We still have tons of things to do, but for the first time in the project's life we have a defined process that will make us achieve our objectives. [0] https://sourceforge.net/apps/trac/w3af/roadmap [1] https://sourceforge.net/apps/trac/w3af/report/1 [2] https://sourceforge.net/apps/trac/w3af/query?group=status&milestone=owls-sprint-1 [3] https://sourceforge.net/apps/trac/w3af/query?group=status&milestone=owls-sprint-2 [Less]