List,
I'm glad to release the fifth beta of w3af. For those that still
don't know, w3af is a fully automated auditing and exploiting
framework for the web. More info can be found at
http://w3af.sourceforge.net/ .
They are really *a lot* of changes from beta4 to make an detailed
list, but a small summary will give you an idea of the new features I
have been working on:
- Virtual daemon, a way to use Metasploit framework
payloads/shellcodes while exploiting web applications.
- w3afAgent, a reverse VPN that allows you to route packets
through the compromised server
- Good samaritan, a module that allows you to exploit blind sql
injections much faster
- 20+ new plugins
- A lot of bug fixes
- A much more stable core.
The users guide can be found here:
- http://w3af.sourceforge.net/documentation/user/w3afUsersGuide.pdf
I also uploaded the presentation materials of my talk at the T2
conference in Finland ( http://www.t2.fi/ ). The PDF file is a nice
introduction to the interesting features implemented in the framework
and can be found here:
- http://w3af.sourceforge.net/documentation/user/w3af-T2.pdf
Cheers,
--
Andres Riancho
http://w3af.sourceforge.net/
Web Application Attack and Audit Framework
-------------------------------------------------------------------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common application-level
attacks that hackers use to sneak into web applications today. This
whitepaper will discuss how traditional XSS attacks are performed, how to
secure your site against these attacks and check if your site is protected.
Cross-Site Scripting Explained - Download this whitepaper today!
https://www.watchfire.com/securearea/whitepapers.aspx?id=701700000009405
-------------------------------------------------------------------------
Received on Oct 18 2007
Intro
