W3af is a web application attack and auditing framework similar to Metasploit. It combines mapping, discovery, and exploitation plugins to audit websites for vulnerabilities like SQL injection, XSS, file inclusions, and more. The discovery plugin finds URLs and injection points, the audit plugin tests those points for vulnerabilities, and the exploit plugin exploits any vulnerabilities found, returning things like SQL dumps or remote shells.

1. Web Application Attack and Audit Framework By Prajwal Panchmahalkar

2. W3af is a well known web attack and auditing framework . Very similar to Metasploit framework W3af combines all necessary actions for a complete web attack. Mapping Discovery Exploitation This puts the framework into three major plug-ins.

3. Web Service Support Exploits SQL injections(blind) OS commanding remote file inclusions local file inclusions XSS and more A good harmony among plug-ins.

4. Discovery Plugin URLS Injection Points Audit Plugin Uses the above injection points Sends crafted data to find vulnerabilities Exploit Plugin Exploits vulnerabilities found Provides SQL dumps / remote shell is returned

7. Find all the URLs Create Fuzzable request Plugins: WebSpider URL fuzzer Pykto GoogleFuzzer

8. They use the discovery plug-in outputs and find their respective vulnerabilities SQL Injection (blind) XSS Buffer Overflow Response Splitting

9. Grep every HTTP request and response findComments passwordProfiling privateIP DirectoryIndexing Getmails lang

10. BruteForce Bruteforce logins Evasion Modify the request to evade IDS detection Mangle Modify requests/responses based on regular expressions. Output Write logs .

11. Prajwal Panchmahalkar Team : Matriux , n|u [email_address]

12. THANKS TO ALL