• Stars
    star
    4,309
  • Rank 9,999 (Top 0.2 %)
  • Language
    Python
  • Created over 13 years ago
  • Updated almost 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

w3af: web application attack and audit framework, the open source web vulnerability scanner.

w3af - Web Application Attack and Audit Framework

w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

The scanner is able to identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection and OS commanding.

Contributing

Pull requests are always welcome! If you're not sure where to start, please take a look at the First steps as a contributor document in our wiki. All contributions, no matter how small, are welcome.

Links and documentation

Sponsors

Holm Security sponsors the project and uses w3af as part of their amazing automated and continuous vulnerability assessment platform.

Found this project useful? Donations are accepted via ethereum at 0xb1B56F04E6cc5F4ACcB19678959800824DA8DE82

More Repositories

1

enumerate-iam

Enumerate the permissions associated with AWS credential set
Python
840
star
2

nimbostratus

Tools for fingerprinting and exploiting Amazon cloud infrastructures
Python
429
star
3

race-condition-exploit

Tool to help with the exploitation of web application race conditions
Python
178
star
4

websocket-fuzzer

HTML5 WebSocket message fuzzer
Python
133
star
5

mongo-objectid-predict

Predict Mongo ObjectIds
Python
106
star
6

jwt-fuzzer

JWT fuzzer
Python
104
star
7

cc-lambda

Search the common crawl using lambda functions
Python
76
star
8

secure-ubuntu-desktop

Maintain a list of tips and tricks to be used by Ubuntu users to secure their laptops.
65
star
9

w3af-webui

Django Web UI contributed by Yandex for w3af.
JavaScript
52
star
10

vpc-vpn-pivot

Pivot into private VPC networks using a VPN connection
Python
37
star
11

django-moth

A Django vulnerable Web application for testing the w3af framework
Python
31
star
12

w3af-moth

A set of vulnerable PHP scripts used to test w3af's vulnerability detection features.
HTML
29
star
13

w3af-kali

w3af packaging for Kali distribution
Python
25
star
14

splunk-logger

A logging handler for Splunk. Lets you send information to Splunk directly from your Python code.
Python
23
star
15

aws-audit-automation

Tools to automate AWS Cloud security assessments
Python
23
star
16

nimbostratus-target

This repository holds a target infrastructure you can use for running the nimbostratus tools.
Python
22
star
17

w3af-api-client

REST API client to consume w3af
Python
17
star
18

pico-wavsep

A minimalistic way to run WAVSEP
Python
13
star
19

docker-anomalies

Docker container anomaly detection
Python
12
star
20

aws-backup

AWS Backup implementation in terraform
HCL
12
star
21

owaspantisamy

Automatically exported from code.google.com/p/owaspantisamy
HTML
12
star
22

pico

Tool to identify and exploit timing attacks
Python
10
star
23

burp-proxy-search

Burp suite HTTP history advanced search
Python
10
star
24

w3af-module

Tools to install w3af as a Python module
Python
9
star
25

docker-tag-naming

A small tool that helps name docker tags
Python
9
star
26

sentinela

Sentinela is a highly configurable operating system watchdog which can take actions based on pre-configured rules.
Python
8
star
27

collector

Collect performance metrics for any software using AWS
Python
7
star
28

w3af-api-docker

Docker image for w3af REST API with nginx, uwsgi and supervisord
Python
6
star
29

w3af-packages

Files and utilities that define w3af packages and installers for Windows, Debian, FreeBSD, etc.
C
6
star
30

w3af-qa

Quality related stuff for w3af.
Python
4
star
31

dirty-dependency-check

Vulnerability dependency check for Maven projects
Python
4
star
32

django-uwsgi-nginx-ssh

Django 1.5.1 with uwsgi, nginx and SSH.
Nginx
4
star
33

cryptopals

My solutions to the cryptopals challenge
Python
4
star
34

hash-blender

Takes various inputs and separators, mixes them, applies a hash function and verifies if match was found
Python
3
star
35

w3af-performance-analysis

Analysis tool for performance output generated by w3af
Python
3
star
36

py-xchat-twitter

Twitter client written as an XChat plugin (Python)
Python
3
star
37

pico-string-compare-local

String comparison scripts for pico
Python
2
star
38

qotd

A simple quote of the day library
Python
2
star
39

w3af-misc

Misc code loosely related to the w3af project.
Python
1
star
40

burp-extensions

Collection of Burp extensions
1
star
41

w3af-kali-ci

A helper repository to build w3af-kali in CircleCI
Shell
1
star
42

django-registration

https://bitbucket.org/ubernostrum/django-registration with minor modifications
Python
1
star
43

django-rest-framework-timing

Minimalistic Django REST framework to test timing attacks
Python
1
star
44

high-entropy-json

Call Lyft's high-entropy-string for each string in a JSON document
Python
1
star