Top Rating
- Top Contributors
  Discover the Top Open Source contributors by country or by language
- Interviews
  Discover real stories from Open Source developers
Discover

Discover your Favorite Language
Discover the top trending repositories and projects on Github. Explore the latest trends in your preferred languages.

Perl

Erlang

C++

Lua

Go

F#

TypeScript

Zig

More Languages
Awesome

Awesome repositories
Discover the most awesome repositories and projects of your favorite languages. Inspired by the Awesome-* lists trend in GitHub.

Scala

PHP

Groovy

Julia

Rust

Crystal

TypeScript

Shell

More Languages
By Country

Rankings by Country
Discover the community of talented open source contributors in each country.

🇾🇹 Mayotte

🇲🇲 Myanmar (Burma)

🇮🇶 Iraq

🇳🇺 Niue

🇿🇲 Zambia

🇻🇺 Vanuatu

🇸🇪 Sweden

🇱🇧 Lebanon

All Countries Compare Countries

andresriancho/w3af

Stars
4,309
Rank 9,494 (Top 0.2 %)
Language
Python
Created over 12 years ago
Updated about 1 year ago

andresriancho/w3af

andresriancho

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

w3af: web application attack and audit framework, the open source web vulnerability scanner.

w3af - Web Application Attack and Audit Framework

w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

The scanner is able to identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection and OS commanding.

Contributing

Pull requests are always welcome! If you're not sure where to start, please take a look at the First steps as a contributor document in our wiki. All contributions, no matter how small, are welcome.

Links and documentation

Sponsors

Holm Security sponsors the project and uses w3af as part of their amazing automated and continuous vulnerability assessment platform.

Found this project useful? Donations are accepted via ethereum at 0xb1B56F04E6cc5F4ACcB19678959800824DA8DE82

enumerate-iam

Enumerate the permissions associated with AWS credential set

nimbostratus

Tools for fingerprinting and exploiting Amazon cloud infrastructures

race-condition-exploit

Tool to help with the exploitation of web application race conditions

websocket-fuzzer

HTML5 WebSocket message fuzzer

mongo-objectid-predict

Predict Mongo ObjectIds

jwt-fuzzer

cc-lambda

Search the common crawl using lambda functions

secure-ubuntu-desktop

Maintain a list of tips and tricks to be used by Ubuntu users to secure their laptops.

w3af-webui

Django Web UI contributed by Yandex for w3af.

vpc-vpn-pivot

Pivot into private VPC networks using a VPN connection

django-moth

A Django vulnerable Web application for testing the w3af framework

w3af-moth

A set of vulnerable PHP scripts used to test w3af's vulnerability detection features.

w3af-kali

w3af packaging for Kali distribution

splunk-logger

A logging handler for Splunk. Lets you send information to Splunk directly from your Python code.

aws-audit-automation

Tools to automate AWS Cloud security assessments

nimbostratus-target

This repository holds a target infrastructure you can use for running the nimbostratus tools.

w3af-api-client

REST API client to consume w3af

pico-wavsep

A minimalistic way to run WAVSEP

docker-anomalies

Docker container anomaly detection

owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy

aws-backup

AWS Backup implementation in terraform

pico

Tool to identify and exploit timing attacks

burp-proxy-search

Burp suite HTTP history advanced search

w3af-module

Tools to install w3af as a Python module

docker-tag-naming

A small tool that helps name docker tags

sentinela

Sentinela is a highly configurable operating system watchdog which can take actions based on pre-configured rules.

collector

Collect performance metrics for any software using AWS

w3af-api-docker

Docker image for w3af REST API with nginx, uwsgi and supervisord

w3af-packages

Files and utilities that define w3af packages and installers for Windows, Debian, FreeBSD, etc.

w3af-qa

Quality related stuff for w3af.

dirty-dependency-check

Vulnerability dependency check for Maven projects

django-uwsgi-nginx-ssh

Django 1.5.1 with uwsgi, nginx and SSH.

cryptopals

My solutions to the cryptopals challenge

w3af-performance-analysis

Analysis tool for performance output generated by w3af

hash-blender

Takes various inputs and separators, mixes them, applies a hash function and verifies if match was found

py-xchat-twitter

Twitter client written as an XChat plugin (Python)

pico-string-compare-local

String comparison scripts for pico

qotd

A simple quote of the day library

w3af-misc

Misc code loosely related to the w3af project.

django-registration

https://bitbucket.org/ubernostrum/django-registration with minor modifications

burp-extensions

Collection of Burp extensions

w3af-kali-ci

A helper repository to build w3af-kali in CircleCI

django-rest-framework-timing

Minimalistic Django REST framework to test timing attacks

high-entropy-json

Call Lyft's high-entropy-string for each string in a JSON document