w3af

web application attack and audit framework 基于python語言開發

此框架的目標是幫助你發現和利用所有WEB應用程序漏洞

9大類近150個plugin

audit

infrastructure

grep

evasion

mangle

auth

bruteforce

output

crawl

arachni

owasp-zap

安裝：

reference from:

blog.csdn.net/weixin_37224075/article/details/78215791?locationNum=10&fps=1

#cd/usr/local/src

#gitclonehttps://github.com/andresriancho/w3af.git

#install-ypython-pybloomfiltermmap

#cd/usr/local/src/w3af

#vim w3af/core/controllers/dependency_check/requirements.py

PIPDependency(‘pybloomfilter’, ‘pybloomfiltermmap’, ‘0.3.15’),

PIPDependency(‘OpenSSL’, ‘pyOpenSSL’, ‘16.2.0’),

PIPDependency(‘lxml’, ‘lxml’, ‘3.7.1’),

#vim w3af/core/controllers/dependency_check/platforms/mac.py

MAC_CORE_PIP_PACKAGES.remove(PIPDependency(‘pybloomfilter’, ‘pybloomfiltermmap’, ‘0.3.15’)

#./w3af_gui??? ? ? ? ? ? ? ? ? ?? ? //會顯示需要安裝的依賴，并在/tmp下面生成執行命令./w3af_dependency_install.sh

#cd/tmp

#./w3af_dependency_install.sh

#cd/usr/local/src/w3af

#./w3af_gui???????????????????????? //提示需要安裝graphviz包

#apt-get install graphviz

#./w3af_gui???????????????????????? //再次執行w3af_gui 提示no module named webkit下載軟件包

#cd ../

下載軟件包以及依賴包：

#wget http://ftp.br.debian.org/debian/pool/main/p/pywebkitgtk/python-webkit_1.1.8-3_amd64.deb

#wget http://ftp.br.debian.org/debian/pool/main/w/webkitgtk/libjavascriptcoregtk-1.0-0_2.4.11-3_amd64.deb

#wget http://ftp.br.debian.org/debian/pool/main/p/python-support/python-support_1.0.15_all.deb

#wget http://ftp.br.debian.org/debian/pool/main/w/webkitgtk/libwebkitgtk-1.0-0_2.4.11-3_amd64.deb

#dpkg -i libjavascriptcoregtk-1.0-0_2.4.11-3_amd64.deb

#dpkg -i python-support_1.0.15_all.deb

#dpkg -i libwebkitgtk-1.0-0_2.4.11-3_amd64.deb

#dpkg -i python-webkit_1.1.8-3_amd64.deb

這里如果執行安裝命令dpkg -i python-webkit_1.1.8-3_amd64.deb時出現下圖，提示還是缺少依賴則執行修復安裝命令#apt? --fix-broken install

再次執行安裝命dpkg -i python-webkit_1.1.8-3_amd64.deb就可以了

要驗證webkit是否安裝成功，可以

#cd /usr/local/src/w3af

#python

#import webkit

再次執行./w3af_gui提示缺少模塊gtksourceview2

#apt-getinstall python-gtksourceview2

#./w3af_gui，大功告成

升級：

git pull

創建快捷方式：

/usr/share/applocations/w3af.desktop

用戶接口：

console

gui

api

w3af_console:

help??????????????????? //顯示可用指令

plugin????????????????? //進入plugin子命令

??? help????????????????? //顯示可用指令

??? list audit???????????? //列出audit類所有插件

??? audit sqli sxx ? ? //選擇使用的audir 插件

http-settings / misc-settings??? //全局配置

???? help

?? ? view?????????????????? //查看可配置的參數

?? ? set????????????????????? //設置參數

???? back??????????????????? //回到上一級命令

profiles:

??? save as self-contained

??? save as test self-contained

target:

??? set target http://1.1.1.1/

??? script

??????? script/*.w3af

w3af 身份認證：

http basic

NTLM

Form

Cookie??????????? //雙因素身份認證? anti-CSRF tokens

2003 做個webserver

mstsc.msc? appwiz.cpl????

開始-管理工具-iis管理器-網站-右擊默認網站屬性-目錄安全性-身份驗證方式-編輯-取消啟用匿名訪問-勾選基本身份驗證?? 最后重啟iis

net user administrator *???? //設置密碼

w3af身份認證form和cookie

cookies.txt

.netscape.com?? TRUE?? /??? FALSE?? 946684799?? NETSCAPE_ID??? 100103

域名或IP??? flag(域里所有的機器都可用訪問) ?? 路徑 ? flag(安全相關)??? 時間值（從1970 1 1 0點0分，區別cookies是否過期） ?? 名稱???? 值

w3af身份認證-HTTP header file

截段代理功能：w3af-proxy

w3af身份認證-其他特性:

exploit

fuzzy requests

??? numbers from 0 to 4: $range(5)$

??? first ten letters:$string.lowercase[:10]$

??? the words spam and eggs: $['spam','eggs']$

??? the content of a fil: $[l.strip() for l in file('inout.txt')]$

cluster responses

arachni

kali自帶舊的arachni是閹割版

安裝：

http://www.arachni-scanner.com/download/#Linux

tar xvf arachni.tar.gz

http://localhost:9292/

??? admin@admin.admin / administrator

profile

??? import

??? export

??? new

dispatcher

??? ./arachnirpcd --address=127.0.0.1 -port=1111 -nickname=test1

grid

??? ./arachnirpcd --nickname=test2 --address=127.0.0.1 --neighbour=127.0.0.1:1111

scan

login/?-s