LogoScannerVersionBuildVendor
W3AF1.6rev-5460aa0377W3AF developers

Tested Against WAVSEP Version:
1.5

Product Details:
Accurate
Version
License /
Technology
Last Update
Source Code
Activity
1.6 (Beta)
Build rev-5460aa0377
GPL2
Python 2.6.x
04-12-2013 04-12-2013
Source Code

General Features:
GUIConfigUsageStabilityPerformanceReportScanLogPauseSession
ComplexComplexUnstableFast

Authentication, Control and Connection Features:
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param

Coverage Features:
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
6

Input Vector Support:
C
O
U
N
T
G
E
T
P
O
S
T
C
O
O
K
I
E
H
E
A
D
E
R
S
E
C
R
E
T
P
N
a
m
e
X
M
L
X
m
l
A
T
T
X
m
l
T
A
G
J
S
O
N
.
N
e
t
E
N
C
A
M
F
J
a
v
a
S
E
R
.
N
e
t
S
E
R
W
C
F
W
C
F
-
B
i
n
W
e
b
S
o
c
k
D
W
R
C
u
s
t
o
m
8

Audit Features:
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
23

Complimentary Audit Features:
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
Fuzzing Features, Exploitation Features (Metasploit, Other), Partial Autofill Support (fuzzFormComboValues), Credential Enumeration.

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
35.29% Detection Rate
30.00% False Positives
(48/136)
(3/10)

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
37.88% Detection Rate
0.00% False Positives
(25/66)
(0/7)

The Path Traversal / Local File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
57.48% Detection Rate
12.50% False Positives
(469/816)
(1/8)

The Remote File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
16.67% Detection Rate
16.67% False Positives
(18/108)
(1/6)

The WIVET Score of the Scanner:
WIVET ScoreChart
19.00% Detection Rate

Additional Audit Features:
Eval, Clickjacking, WebDAV, XST, Frontpage Issues, htAccessMethod, Generic Injection, preg_replace (PHP), SSL Issues, phishingVector, generic flaws, Partial DOM-XSS detection, RegEx DoS, Technology specific vulnerabilities and a TON of discovery plugins, evasion, fingerprinting, brute-force, enumeration and analysis features.

Additional Features:
Fuzzing Features, Exploitation Features (Metasploit, Other), Partial Autofill Support (fuzzFormComboValues), Credential Enumeration.

Overview:
The current stable version of W3AF is very easy to install, and the automatic SVN updates are an excellent feature that will help both the users and the authors resolve problems quickly; that being said, I still had my share of problems when I updated my v1.0 stable version to the latest SVN version, and I have no one to blame but myself, for obsessively pressing the update button. As it always is with W3AF, the tester needs to learn how to configure it for each type of scan. and needs to learn how avoid being greedy? Simply put, avoid using plenty of plug-ins altogether (especially grep plug-ins).


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.