Monday, May 13, 2013

HOWTO : W3af on Ubuntu Desktop 12.04 LTS

W3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

Step 1 :

Make sure you follow the steps below one by one.

sudo -sH
cd /opt

apt-get update
apt-get install git build-essential

git clone https://github.com/andresriancho/w3af.git

apt-get install python2.7-dev python-setuptools python-pip

pip install PyGithub GitPython pybloomfiltermmap esmre nltk pdfminer futures scapy-real guess-language cluster msgpack-python python-ntlm

pip install -e git+git://github.com/ramen/phply.git#egg=phply

apt-get install graphviz python-gtksourceview2

pip install xdot


Step 2 :

To run it.

sudo -sH
cd /opt/w3af

./w3af_gui


or

./w3af_console

Step 3 :

Make sure you change the path of the Metasploit at "Configuration" -- "Miscellaneous" -- "Metasploit".

e.g. /opt/metasploit/app/
e.g. /opt/metasploit/apps/pro/msf3/

Remarks :



Automated Audit using W3AF

That's all! See you.