Lucene search
K

145 matches found

w3af
w3af
•added 2017/11/22 6:51 p.m.•57 views

xml_file

This plugin writes the framework messages to an XML report file. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- outputfile | outputfile | report.xml | File name where this plugin will write to | No...

7.2AI score
Exploits0
w3af
w3af
•added 2014/06/10 4:21 p.m.•79 views

web_spider

This plugin is a classic web spider, it will request a URL and extract all links and forms from the response. Three configurable parameter exist: onlyforward ignoreRegex followRegex IgnoreRegex and followRegex are commonly used to configure the webspider to spider all URLs except the "logout" or...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•18 views

form_autocomplete

This plugin greps every page for autocomplete-able forms containing password-type inputs. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats...

0.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•17 views

directory_indexing

This plugin greps every response directory indexing problems. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin sour...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•26 views

spider_man

This plugin is a local proxy that can be used to give the framework knowledge about the web application when it has a lot of client side code like Flash or Java applets. Whenever a w3af needs to test an application with flash or javascript, the user should enable this plugin and use a web browser...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•65 views

global_redirect

This plugin finds global redirection vulnerabilities. This kind of bugs are used for phishing and other identity theft attacks. A common example of a global redirection would be a script that takes a "url" parameter and when requesting this page, a HTTP 302 message with the location header to the...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•13 views

html_comments

This plugin greps every page for HTML comments, special comments like the ones containing the words "password" or "user" are specially reported. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests,...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•15 views

feeds

This plugin greps every page and finds rss, atom, opml feeds on them. This may be usefull for determining the feed generator and with that, the framework being used. Also this will be helpful for testing feed injection. Plugin type Grep Options This plugin doesnt have any user configured options...

7.5AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•25 views

web_diff

This plugin tries to do a diff of two directories, a local and a remote one. The idea is to mimic the functionality implemented by the linux command "diff" when invoked with two directories. Four configurable parameter exist: localdir remoteurlpath bannedext content This plugin will read the file...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•14 views

oracle

This plugin greps every page for oracle messages, versions, etc. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•21 views

analyze_cookies

This plugin greps every response for session cookies that the web application sends to the client, and analyzes them in order to identify potential vulnerabilities, the remote web application framework and other interesting information. Plugin type Grep Options This plugin doesnt have any user...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•20 views

motw

This plugin will specify whether the page is compliant against the MOTW standard. The standard is explained in: http://msdn2.microsoft.com/en-us/library/ms537628.aspx This plugin tests if the length of the URL specified by "XYZW" is lower, equal or greater than the length of the URL; and also...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•24 views

finger_pks

This plugin finds mail addresses in PGP PKS servers. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin...

0.3AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•16 views

content_negotiation

This plugin uses HTTP content negotiation to find new resources. The plugin has three distinctive phases: Identify if the web server has content negotiation enabled. For every resource found by any other plugin, perform a request to find new related resources. For example, if another plugin finds...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•9 views

reversed_slashes

This evasion plugin changes the slashes from / to \ . Example: Input: /bar/foo.asp Output : \bar\foo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•23 views

text_file

This plugin writes the framework messages to a text file. Four configurable parameters exist: outputfile httpoutputfile verbose Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- verbose | boolean | True | Enable if verbose output is needed | No detail...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•32 views

pykto

This plugin is a nikto port to python. It uses the scandatabase file from nikto to search for new and vulnerable URLs. The following configurable parameters exist: cgidirs admindirs nukedirs extradbfile mutatetests This plugin reads every line in the scandatabase and extradbfile and based on the...

0.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•14 views

get_emails

This plugin greps every page for emails, these can be used in other places, like bruteforce plugins, and are of great value when doing a complete information security assessment. Plugin type Grep Options Name | Type | Default Value | Description | Help ---|---|---|---|--- onlytargetdomain | boole...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•29 views

csv_file

This plugin exports all identified vulnerabilities and informations to the given CSV file. One configurable parameter exists: outputfile Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- outputfile | outputfile | output-w3af.csv | The name of the outp...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•25 views

blind_sqli

This plugin finds blind SQL injections using two techniques: time delays and true/false response comparison. Only one configurable parameters exists: eqlimit Plugin type Audit Options Name | Type | Default Value | Description | Help ---|---|---|---|--- eqlimit | float | 0.9 | String equal ratio 0...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•86 views

lfi

This plugin will find local file include vulnerabilities. This is done by sending to all injectable parameters file paths like "../../../../../etc/passwd" and searching in the response for strings like "root:x:0:0:". Plugin type Audit Options This plugin doesnt have any user configured options...

0.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•14 views

email_report

This plugin sends short report only vulnerabilities by email to specified addresses. There are some configurable parameters: smtpServer smtpPort toAddrs fromAddr Plugin type Output Options Name | Type | Default Value | Description | Help ---|---|---|---|--- smtpServer | string | localhost | SMTP...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•20 views

shift_out_in_between_dots

This evasion plugin insert between dots shift-in and shift-out control characters which are cancelled each other when they are below so some ".." filters are bypassed Example: Input: ../../etc/passwd Output: .%0E%0F./.%0E%0F./etc/passwd Plugin type Evasion Options This plugin doesnt have any user...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•9 views

dom_xss

This plugin greps every page for traces of DOM XSS. An interesting paper about DOM XSS can be found here: http://www.webappsec.org/projects/articles/071105.shtml Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•23 views

htaccess_methods

This plugin finds .htaccess misconfigurations in the LIMIT configuration parameter. This plugin is based on a paper written by Frame and madjoker from kernelpanik.org. The paper is called : "htaccess: bilbao method exposed" The idea of the technique and the plugin is to exploit common...

6.9AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•12 views

user_defined_regex

This plugin greps every response for a user defined regex. You can specify a single regex or an entire file of regexes each line one regex, if both are specified, the singleregex will be added to the list of regular expressions extracted from the file. A list of example regular expressions can be...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•33 views

svn_users

This plugin greps every page for users of the versioning system. Sometimes the HTML pages are versioned using CVS or SVN, if the header of the versioning system is saved as a comment in this page, the user that edited the page will be saved on that header and will be added to the knowledge base...

7AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•9 views

format_string

This plugin finds format string bugs. Users have to know that detecting a format string vulnerability will be only possible if the server is configured to return errors, and the application is developed in cgi-c or some other language that allows the programmer to do this kind of mistakes. Plugin...

7AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•27 views

wordpress_enumerate_users

This plugin finds usernames in WordPress installations. The authors archive page is tried using "?author=ID" query and incrementing the ID for each request until 404. If the response is a redirect, the blog is affected by TALSOFT-2011-0526 http://seclists.org/fulldisclosure/2011/May/493 advisory...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•10 views

blank_body

This plugin finds HTTP responses with a blank body, these responses may indicate errors or misconfigurations in the web application or the web server. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•11 views

oracle_discovery

This plugin retrieves Oracle Application Server URLs and extracts information available on them. Plugin type Crawl Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exact...

0.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•32 views

allowed_methods

This plugin finds which HTTP methods are enabled for a URI. Two configurable parameters exist: execOneTime reportDavOnly If "execOneTime" is set to True, then only the methods in the webroot are enumerated. If "reportDavOnly" is set to True, this plugin will only report the enabled method list if...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•36 views

afd

This plugin sends custom requests to the remote web server in order to verify if the remote network is protected by an IPS or WAF. afd plugin detects both TCP-Connection-reset and HTTP level filters, the first one usually implemented by IPS devices is easy to verify: if afd requests the custom pa...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•36 views

xss

This plugin finds Cross Site Scripting XSS vulnerabilities. One configurable parameters exists: persistentxss To find XSS bugs the plugin will send a set of javascript strings to every parameter, and search for that input in the response. The "persistentxss" parameter makes the plugin store all...

5.7AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•44 views

eval

This plugin finds eval input injection vulnerabilities. These vulnerabilities are found in web applications, when the developer passes user controled data to the eval function. To check for vulnerabilities of this kind, the plugin sends an echo function with two randomized strings as a parameters...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•21 views

halberd

This plugin tries to find if an HTTP Load balancer is present. Plugin type Infrastructure Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood:...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•23 views

wordnet

This plugin finds new URLs using wn. An example is the best way to explain what this plugin does, lets suppose that the input for this plugin is: http://a/index.asp?color=blue The plugin will search the wordnet database for words that are related with "blue", and return for example: "black" and...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•33 views

strange_headers

This plugin greps all headers for non-common headers. This could be useful to identify special modules and features added to the server. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•15 views

ssi

This plugin finds server side include SSI vulnerabilities. Plugin type Audit Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly whats under the hood: Plugin source...

0.3AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•29 views

password_profiling

This plugin creates a list of possible passwords by reading responses and counting the most common words. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understa...

0.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•17 views

shared_hosting

This plugin tries to find out if the web application under test is stored in a shared hosting. The procedure is pretty simple, using bing search engine, the plugin searches for "ip:1.2.3.4" where 1.2.3.4 is the IP address of the webserver. One configurable option exists: resultlimit Fetch the fir...

6.9AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•11 views

dot_listing

This plugin searches for the .listing file in all the directories and subdirectories that are sent as input and if found it will try to discover new URLs from its content. The .listing file holds information about the list of files in the current directory. These files are created when download...

7.3AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•93 views

csrf

This plugin finds Cross Site Request Forgeries csrf vulnerabilities. The simplest type of csrf is checked to be vulnerable, the web application must have sent a permanent cookie, and the aplicacion must have query string parameters. Plugin type Audit Options This plugin doesnt have any user...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•22 views

rnd_hex_encode

This evasion plugin adds random hex encoding. Example: Input: /bar/foo.asp Output : /b%61r/%66oo.asp Plugin type Evasion Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•16 views

sitemap_xml

This plugin searches for the sitemap.xml file, and parses it. The sitemap.xml file is used by the site administrator to give the Google crawler more information about the site. By parsing this file, the plugin finds new URLs and other useful information. Plugin type Crawl Options This plugin does...

7.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•14 views

strange_http_codes

Analyze HTTP response codes sent by the remote web application and report uncommon findings. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly...

0.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•25 views

generic

This authentication plugin can login to web application with generic authentication schema. Seven configurable parameters exist: username password usernamefield passwordfield authurl checkurl checkstring Plugin type Auth Options Name | Type | Default Value | Description | Help ---|---|---|---|---...

7.2AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•16 views

server_header

This plugin GETs the server header and saves the result to the knowledge base. Nothing strange, just do a GET request to the url and save the server headers to the kb. A smarter way to check the server type is with the hmap plugin. Plugin type Infrastructure Options This plugin doesnt have any us...

Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•21 views

detect_reverse_proxy

This plugin tries to determine if the remote end has a reverse proxy installed. The procedure used to detect reverse proxies is to send a request to the remote server and analyze the response headers, if a Via header is found, chances are that the remote site has a reverse proxy. Plugin type...

0.1AI score
Exploits0
w3af
w3af
•added 2013/06/10 11:2 p.m.•18 views

http_vs_https_dist

This plugin analyzes the network distance between the HTTP and HTTPS ports giving a detailed report of the traversed hosts in transit to target:port. You should have root/admin privileges in order to run this plugin succesfully. Explicitly declared ports on the entered target override those...

7.1AI score
Exploits0
Total number of security vulnerabilities145