form_autocomplete

This plugin greps every page for autocomplete-able forms containing password-type inputs. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats...

blind_sqli

This plugin finds blind SQL injections using two techniques: time delays and true/false response comparison. Only one configurable parameters exists: eqlimit Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- eqlimit | float | 0.9 | String equal ratio 0...

email_report

This plugin sends short report only vulnerabilities by email to specified addresses. There are some configurable parameters: smtpServer smtpPort toAddrs fromAddr Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- smtpServer | string | localhost | SMTP...

password_profiling

This plugin creates a list of possible passwords by reading responses and counting the most common words. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understa...

wsdl_finder

This plugin finds new web service descriptions and other web service related files by appending "?WSDL" to all URLs and checking the response. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests,...

robots_txt

This plugin searches for the robots.txt file, and parses it. This file is used to as an ACL that defines what URLs a search engine can access. By parsing this file, you can get more information about the target web application. Plugin type Crawl Options This plugin doesnt have any user configured...

dns_wildcard

This plugin compares the contents of www.site.com and site.com and tries to verify if the target site has a DNS wildcard configuration or not. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated...

html_comments

This plugin greps every page for HTML comments, special comments like the ones containing the words "password" or "user" are specially reported. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests,...

urllist_txt

This plugin searches for the urllist.txt file, and parses it. The urllist.txt file is/was used by Yahoos search engine. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source...

phishing_vector

This plugins finds phishing vectors in web applications, for example, a bug of this type is found if I request the URL "http://site.tld/asd.asp?info=http://attacker.tld" and in the response HTML the web application sends: … iframe src="http://attacker.tld" …. Plugin type Audit Options This plugin...

find_backdoors

This plugin searches for web shells in the directories that are sent as input. For example, if the input is: http://host.tld/w3af/f00b4r.php The plugin will perform these requests: http://host.tld/w3af/c99.php http://host.tld/w3af/cmd.php http://host.tld/w3af/webshell.php … Plugin type Crawl...

finger_google

This plugin finds mail addresses in google. Two configurable parameters exist: resultlimit fastsearch If fastsearch is set to False, this plugin searches google for : "@domain.com", requests all search results and parses them in order to find new mail addresses. If the fastsearch configuration...

mx_injection

This plugin will find MX injections. This kind of web application errors are mostly seen in webmail software. The tests are simple, for every injectable parameter a string with special meaning in the mail server is sent, and if in the response I find a mail server error, a vulnerability was found...

shift_out_in_between_dots

This evasion plugin insert between dots shift-in and shift-out control characters which are cancelled each other when they are below so some ".." filters are bypassed Example: Input: ../../etc/passwd Output: .%0E%0F./.%0E%0F./etc/passwd Plugin type Evasion Options This plugin doesnt have any user...

dom_xss

This plugin greps every page for traces of DOM XSS. An interesting paper about DOM XSS can be found here: http://www.webappsec.org/projects/articles/071105.shtml Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the...

htaccess_methods

This plugin finds .htaccess misconfigurations in the LIMIT configuration parameter. This plugin is based on a paper written by Frame and madjoker from kernelpanik.org. The paper is called : "htaccess: bilbao method exposed" The idea of the technique and the plugin is to exploit common...

user_defined_regex

This plugin greps every response for a user defined regex. You can specify a single regex or an entire file of regexes each line one regex, if both are specified, the singleregex will be added to the list of regular expressions extracted from the file. A list of example regular expressions can be...

rnd_hex_encode

This evasion plugin adds random hex encoding. Example: Input: /bar/foo.asp Output : /b%61r/%66oo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand...

error_pages

This plugin scans every page for error pages, and if possible extracts the web server or programming framework information. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the sourc...

ssl_certificate

This plugin audits SSL certificate parameters. One configurable parameter exists: minExpireDays CA PEM file path Note: Its only usefull when testing HTTPS sites. Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- minExpireDays | integer | 30 | Set minim...