http://sourceforge.net/projects/w3af/
W3af ini merupakan framework untuk audit web aplikasi (pentest) dengan aneka plugin. Berikut ini
adalah plugin yang bisa kita pakai untuk penetrasi suatu web
Code:
LDAPi Find LDAP injection bugs.
+ blindSqli Find blind SQL injection vulnerabilities.
buffOverflow Find buffer overflow vulnerabilities.
dav Tries to upload a file using HTTP PUT method.
+ fileUpload Uploads a file and then searches for the file inside all known directories
.
formatString Find format string vulnerabilities.
+ frontpage Tries to upload a file using frontpage extensions (author.dll).
+ generic Find all kind of bugs without using a fixed database of errors.
globalRedirect Find scripts that redirect the browser to any site.
htaccessMethods Find misconfigurations in the “
” configuration of Apache.
localFileInclude Find local file inclusion vulnerabilities.
mxInjection Find MX injection vulnerabilities.
osCommanding Find OS Commanding vulnerabilities.
phishingVector Find phishing vectors.
preg_replace Find unsafe usage of PHPs preg_replace.
+ remoteFileInclude Find remote file inclusion vulnerabilities.
responseSplitting Find response splitting vulnerabilities.
sqli Find SQL injection bugs.
ssi Find server side inclusion vulnerabilities.
sslCertificate Check the SSL certificate validity( if https is being used ).
unSSL Find out if secure content can also be fetched using http.
xpath Find XPATH injection vulnerabilities.
xsrf Find the easiest to exploit xsrf vulnerabilities.
+ xss Find cross site scripting vulnerabilities.
xst Verify Cross Site Tracing vulnerabilities.
Untuk masuk ke konsole w3af silahkan ke direktori tempat anda taruh elf binary w3af Anda. misal
di
/pentest/web/w3af
ketikkan :
Code:
./w3af
Contoh:
Code:
bt w3af # pwd
/pentest/web/w3af
bt w3af # w3af
w3af>>> help
The following commands are available:
help You are here. help [command] prints more specific help.
http-settings Configure the URL opener.
misc-settings Configure w3af misc settings.
plugins Enable, disable and configure plugins.
profiles List and start scan profiles.
start Start site analysis.
exploit Exploit a vulnerability.
tools Enter the tools section.
target Set the target URL.
version Show the w3af version.
exit Exit w3af.
w3af>>>
Misal kita mao audit saja dengan menggunakan semua plugin di atas:
Code:
w3af>>> plugins
w3af/plugins>>>audit all
next ketikkan back:
Code:
w3af/plugins>>> back
w3af>>>
Lalu kita set target kita, ketikkan target:
Code:
w3af>>> target
w3af/target>>>
Misal kita set target url http://jasakom.com
Code:
w3af/target>>> set target http://jasakom.com
w3af/target>>> back
Untuk mulai kita ketik start:
Code:
w3af/target>>> set target http://jasakom.com
w3af/target>>> back
w3af>>> start
Auto-enabling plugin: grep.collectCookies
Auto-enabling plugin: grep.httpAuthDetect
Auto-enabling plugin: discovery.allowedMethods
Auto-enabling plugin: discovery.serverHeader
The Server header for this HTTP server is: Apache/2.2.4 (Ubuntu) mod_fastcgi/2.4.2
x-powered-by header for this HTTP server is: PHP/5.2.3-1ubuntu6.4
The methods: COPY, GET, HEAD, LOCK, MOVE, OPTIONS, POST, PROPFIND, PROPPATCH, TRACE, UNLOCK
are enabled on the following URLs:
– http://jasakom.com
– http://jasakom.com/
Found 4 URLs and 4 different points of injection.
The list of URLs is:
– http://jasakom.com
– http://jasakom.com/login.php?do=login
– http://jasakom.com/search.php?do=process
– http://jasakom.com/profile.php?do=dismissnotice
The list of fuzzable requests is: http://w3af.sourceforge.net/