SlideShare ist ein Scribd-Unternehmen logo

W3af

Als DOC, PDF herunterladen
V
vjbala
1 von 5
W3af –Web application attack and audit framework W3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for auditing and penetration-testing. It is working on python application. Compatibility for sites use embedded objects, like Macromedia Flash and Java applets, The framework has three types of plugins: discovery, audit and attack. Discovery plugins have only one responsibility, finding new URLs, forms, and other “injection points”. Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities. Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, or a dump of remote tables in the case of SQL injections exploits. W3af has two user interfaces, the console user interface (consoleUI) and the graphical user interface (gtkUi). This user guide will focus on the consoleUI, which ismore fully tested and complete than the gtkUi. To fire up the consoleUI you just have to execute w3af without parameters and you will get a prompt like this one: $ ./w3af_console w3af>>> Graphical user interface (gtkUi) is a framework also has a graphical user interface that you can start by executing. The graphical user interface allows you to perform all the actions that the framework offers and features a much easier
and faster way to start a scan and analyze the results. Here the screen shot-1 Three core types of plugins are discovery, audit and exploit. The complete list of plugins types is:  Discovery: Find new points of injection  Audit: To find vulnerabilities  Grep: It analyze all page content and find vulnerabilities on pages that are requested by other plugins  Exploit: Use the vulnerabilities found in the audit phase and return something useful to the user (remote shell, SQL table dump, a proxy, etc).
 Output: The way the framework and the plugins communicate with the user. Output plugins save the data to a text or html file. Debugging information is also sent to the output plugins and can be saved for analysis.  Mangle: It allows modification of requests and responses based on regular expressions, think “sed (stream editor) for the web”.  Bruteforce: This plugins will bruteforce logins. These plugins are part of the discovery phase.  Evasion: Evasion plugins try to evade simple intrusion detection rules Key features: This following feature allows you to create a reverse tunnel that will route TCP connections through the compromised server. Unlike virtual daemon, this feature is ready to use and doesn't require any other software. Before going through an example to see how to use this feature, we will make a summary of the steps that will happen during exploitation.  w3af finds a vulnerability that allows remote command execution  The user exploits the vulnerability and starts the w3afAgent  W3af performs an extrusion scan by sending a small executable to the remote server. This executable connects back to w3af and allows the framework to identify outgoing firewall rules on the remote network.  W3afAgent Manager will send a w3afAgentClient to the remote server. The process of uploading the file to the remote server depends on the remote operating system, the privileges of the user running w3af and the local operating system; but in most cases the following happens: o W3af reuses the information from the first extrusion scan, which was performed in step 3 in order to know which port it can use to listen for connections from the compromised server. o If a TCP port is found to be allowed in the remote firewall, w3af will try to run a server on that port and make a reverse connection from the
compromised in order to download the PE/ELF generated file. If no TCP ports are enabled, w3af will send the ELF/PE file to the remote server using several calls to the “echo” command, which is rather slow, but should always work because it's an in-band transfer method.  W3afAgent Manager starts the w3afAgentServer that will bind on localhost: 1080 (which will be used by the w3af user) and on the interface configured in w3af (misc-settings->interface) on the port discovered during step 3.  The w3afAgentClient connects back to the w3afAgentServer, successfully creating the tunnel  The user configures the proxy listening on localhost:1080 on his preferred software  When the program connects to the socks proxy, all outgoing connections are routed through the compromised server  Authentication  Authorization  User management and fuzzy request for manual penetration testing.  Session management and compare .  Data validation, including all common attack • such as SQL Injection, Cross Site Scripting, Command Injection, Client Side Validation  Error handling and exception management  Auditing and logging Log: Log is normally a large quantity of text; you can enable and disable the different type of messages, using the checkboxes in the log bar. Note that these different types have different colors in the text itself. In the same bar you have a Search button, which enables the search functionality (explained in detail below).  Graphical representation of vulnerabilities.  Count information’s of vulnerabilities were displayed during scanning Results:
 Showing the what are the parameters passed in URL and displaying detail information  Request and Response information was displayed  Showing vulnerabilities in colors representation.  Exploitation ------------------------------------------ END--------------------------------------------------

Empfohlen

Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Abhishek Choksi
 
w3af
w3afw3af
w3afn|u - The Open Security Community
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
User account (Windows)
User account (Windows)User account (Windows)
User account (Windows)Dev Dorse
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancemaroti164
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery toolsuniversity of Gujrat, pakistan
 

Empfohlen

Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Web application attack and audit framework (w3af)
Web application attack and audit framework (w3af)Abhishek Choksi
 
w3af
w3afw3af
w3afn|u - The Open Security Community
 
System Security
System SecuritySystem Security
System SecurityReddhi Basu
 
Malware- Types, Detection and Future
Malware- Types, Detection and FutureMalware- Types, Detection and Future
Malware- Types, Detection and Futurekaranwayne
 
Security threats
Security threatsSecurity threats
Security threatsQamar Farooq
 
User account (Windows)
User account (Windows)User account (Windows)
User account (Windows)Dev Dorse
 
Reconnaissance
ReconnaissanceReconnaissance
Reconnaissancemaroti164
 
Data recovery tools
Data recovery toolsData recovery tools
Data recovery toolsuniversity of Gujrat, pakistan
 
Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Cryptolocker
Cryptolocker Cryptolocker
Cryptolocker Cysinfo Cyber Security Community
 
Hacking and Anti Hacking
Hacking and Anti HackingHacking and Anti Hacking
Hacking and Anti HackingInternational Islamic University
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
OPERATE DATABASE APPLICATION
OPERATE DATABASE APPLICATIONOPERATE DATABASE APPLICATION
OPERATE DATABASE APPLICATIONYoomiLaataBekele
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite StarterFadi Abdulwahab
 
Distributed DBMS - Unit 5 - Semantic Data Control
Distributed DBMS - Unit 5 - Semantic Data ControlDistributed DBMS - Unit 5 - Semantic Data Control
Distributed DBMS - Unit 5 - Semantic Data ControlGyanmanjari Institute Of Technology
 
Trojan horse
Trojan horseTrojan horse
Trojan horseGaurang Rathod
 
Burp suite
Burp suiteBurp suite
Burp suiteSOURABH DESHMUKH
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Security testing
Security testingSecurity testing
Security testingTabăra de Testare
 
Presentation about Lotus Notes 8 functionality
Presentation about Lotus Notes 8 functionalityPresentation about Lotus Notes 8 functionality
Presentation about Lotus Notes 8 functionalitydominion
 
System security
System securitySystem security
System securitysommerville-videos
 
maintain IT equipment full note.pdf
maintain IT equipment full note.pdfmaintain IT equipment full note.pdf
maintain IT equipment full note.pdfHailsh
 
Access and use internet
Access and use internetAccess and use internet
Access and use internetGera Paulos
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
directory structure and file system mounting
directory structure and file system mountingdirectory structure and file system mounting
directory structure and file system mountingrajshreemuthiah
 
BeEF
BeEFBeEF
BeEFAlexandraLacatus
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 
Backtrack Manual Part6
Backtrack Manual Part6Backtrack Manual Part6
Backtrack Manual Part6Nutan Kumar Panda
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 

Weitere ähnliche Inhalte

Was ist angesagt?

Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to MetasploitGTU
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measuresDnyaneshwar Beedkar
 
OPERATE DATABASE APPLICATION
OPERATE DATABASE APPLICATIONOPERATE DATABASE APPLICATION
OPERATE DATABASE APPLICATIONYoomiLaataBekele
 
Metasploit
MetasploitMetasploit
Metasploithenelpj
 
Presentation about Lotus Notes 8 functionality
Presentation about Lotus Notes 8 functionalityPresentation about Lotus Notes 8 functionality
Presentation about Lotus Notes 8 functionalitydominion
 
maintain IT equipment full note.pdf
maintain IT equipment full note.pdfmaintain IT equipment full note.pdf
maintain IT equipment full note.pdfHailsh
 
Access and use internet
Access and use internetAccess and use internet
Access and use internetGera Paulos
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE - ATT&CKcon
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)TzahiArabov
 
directory structure and file system mounting
directory structure and file system mountingdirectory structure and file system mounting
directory structure and file system mountingrajshreemuthiah
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attackAhmed Ghazey
 

Was ist angesagt? (20)

Introduction to Metasploit
Introduction to MetasploitIntroduction to Metasploit
Introduction to Metasploit
 
Cryptolocker
Cryptolocker Cryptolocker
Cryptolocker
 
Hacking and Anti Hacking
Hacking and Anti HackingHacking and Anti Hacking
Hacking and Anti Hacking
 
Security threats and safety measures
Security threats and safety measuresSecurity threats and safety measures
Security threats and safety measures
 
OPERATE DATABASE APPLICATION
OPERATE DATABASE APPLICATIONOPERATE DATABASE APPLICATION
OPERATE DATABASE APPLICATION
 
Burp Suite Starter
Burp Suite StarterBurp Suite Starter
Burp Suite Starter
 
Distributed DBMS - Unit 5 - Semantic Data Control
Distributed DBMS - Unit 5 - Semantic Data ControlDistributed DBMS - Unit 5 - Semantic Data Control
Distributed DBMS - Unit 5 - Semantic Data Control
 
Trojan horse
Trojan horseTrojan horse
Trojan horse
 
Burp suite
Burp suiteBurp suite
Burp suite
 
Metasploit
MetasploitMetasploit
Metasploit
 
Security testing
Security testingSecurity testing
Security testing
 
Presentation about Lotus Notes 8 functionality
Presentation about Lotus Notes 8 functionalityPresentation about Lotus Notes 8 functionality
Presentation about Lotus Notes 8 functionality
 
System security
System securitySystem security
System security
 
maintain IT equipment full note.pdf
maintain IT equipment full note.pdfmaintain IT equipment full note.pdf
maintain IT equipment full note.pdf
 
Access and use internet
Access and use internetAccess and use internet
Access and use internet
 
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
MITRE ATT&CKcon 2018: Helping Your Non-Security Executives Understand ATT&CK ...
 
OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)OWASP Top 10 2021 Presentation (Jul 2022)
OWASP Top 10 2021 Presentation (Jul 2022)
 
directory structure and file system mounting
directory structure and file system mountingdirectory structure and file system mounting
directory structure and file system mounting
 
BeEF
BeEFBeEF
BeEF
 
Denial of service attack
Denial of service attackDenial of service attack
Denial of service attack
 

Ähnlich wie W3af

Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWallwebhostingguy
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008ClubHack
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CDamiable_indian
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008ClubHack
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxAjayKumar73315
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxDARSHANBHAVSAR14
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019Alexander Master
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)Alejandro Hernández
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxsaad504633
 
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
Monitoring in Big Data Platform - Albert Lewandowski, GetInDataMonitoring in Big Data Platform - Albert Lewandowski, GetInData
Monitoring in Big Data Platform - Albert Lewandowski, GetInDataGetInData
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesEran Goldstein
 
Reverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentalsReverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentalsEran Goldstein
 
Webappcontrol for Information Technology
Webappcontrol for Information TechnologyWebappcontrol for Information Technology
Webappcontrol for Information Technologytiwariparivaar24
 

Ähnlich wie W3af (20)

Backtrack Manual Part6
Backtrack Manual Part6Backtrack Manual Part6
Backtrack Manual Part6
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
Unix Web servers and FireWall
Unix Web servers and FireWallUnix Web servers and FireWall
Unix Web servers and FireWall
 
Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008Kunal - Introduction to backtrack - ClubHack2008
Kunal - Introduction to backtrack - ClubHack2008
 
Workshop on BackTrack live CD
Workshop on BackTrack live CDWorkshop on BackTrack live CD
Workshop on BackTrack live CD
 
Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008Kunal - Introduction to BackTrack - ClubHack2008
Kunal - Introduction to BackTrack - ClubHack2008
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
Chapter 3-Processes.ppt
Chapter 3-Processes.pptChapter 3-Processes.ppt
Chapter 3-Processes.ppt
 
Overview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptxOverview of Vulnerability Scanning.pptx
Overview of Vulnerability Scanning.pptx
 
VAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptxVAPT PRESENTATION full.pptx
VAPT PRESENTATION full.pptx
 
Chapter 3-Processes2.pptx
Chapter 3-Processes2.pptxChapter 3-Processes2.pptx
Chapter 3-Processes2.pptx
 
ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019ENPM808 Independent Study Final Report - amaster 2019
ENPM808 Independent Study Final Report - amaster 2019
 
Backtrack Manual Part7
Backtrack Manual Part7Backtrack Manual Part7
Backtrack Manual Part7
 
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
DotDotPwn Fuzzer - Black Hat 2011 (Arsenal)
 
Banv
BanvBanv
Banv
 
CN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptxCN. Presentation for submitting project term pptx
CN. Presentation for submitting project term pptx
 
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
Monitoring in Big Data Platform - Albert Lewandowski, GetInDataMonitoring in Big Data Platform - Albert Lewandowski, GetInData
Monitoring in Big Data Platform - Albert Lewandowski, GetInData
 
Reverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniquesReverse engineering - Shellcodes techniques
Reverse engineering - Shellcodes techniques
 
Reverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentalsReverse engineering – debugging fundamentals
Reverse engineering – debugging fundamentals
 
Webappcontrol for Information Technology
Webappcontrol for Information TechnologyWebappcontrol for Information Technology
Webappcontrol for Information Technology
 

W3af

  • 1. W3af –Web application attack and audit framework W3af is a complete environment for auditing and attacking web applications. This environment provides a solid platform for auditing and penetration-testing. It is working on python application. Compatibility for sites use embedded objects, like Macromedia Flash and Java applets, The framework has three types of plugins: discovery, audit and attack. Discovery plugins have only one responsibility, finding new URLs, forms, and other “injection points”. Audit plugins take the injection points found by discovery plugins and send specially crafted data to all of them in order to find vulnerabilities. Attack plugins objective is to exploit vulnerabilities found by audit plugins. They usually return a shell on the remote server, or a dump of remote tables in the case of SQL injections exploits. W3af has two user interfaces, the console user interface (consoleUI) and the graphical user interface (gtkUi). This user guide will focus on the consoleUI, which ismore fully tested and complete than the gtkUi. To fire up the consoleUI you just have to execute w3af without parameters and you will get a prompt like this one: $ ./w3af_console w3af>>> Graphical user interface (gtkUi) is a framework also has a graphical user interface that you can start by executing. The graphical user interface allows you to perform all the actions that the framework offers and features a much easier
  • 2. and faster way to start a scan and analyze the results. Here the screen shot-1 Three core types of plugins are discovery, audit and exploit. The complete list of plugins types is:  Discovery: Find new points of injection  Audit: To find vulnerabilities  Grep: It analyze all page content and find vulnerabilities on pages that are requested by other plugins  Exploit: Use the vulnerabilities found in the audit phase and return something useful to the user (remote shell, SQL table dump, a proxy, etc).
  • 3.  Output: The way the framework and the plugins communicate with the user. Output plugins save the data to a text or html file. Debugging information is also sent to the output plugins and can be saved for analysis.  Mangle: It allows modification of requests and responses based on regular expressions, think “sed (stream editor) for the web”.  Bruteforce: This plugins will bruteforce logins. These plugins are part of the discovery phase.  Evasion: Evasion plugins try to evade simple intrusion detection rules Key features: This following feature allows you to create a reverse tunnel that will route TCP connections through the compromised server. Unlike virtual daemon, this feature is ready to use and doesn't require any other software. Before going through an example to see how to use this feature, we will make a summary of the steps that will happen during exploitation.  w3af finds a vulnerability that allows remote command execution  The user exploits the vulnerability and starts the w3afAgent  W3af performs an extrusion scan by sending a small executable to the remote server. This executable connects back to w3af and allows the framework to identify outgoing firewall rules on the remote network.  W3afAgent Manager will send a w3afAgentClient to the remote server. The process of uploading the file to the remote server depends on the remote operating system, the privileges of the user running w3af and the local operating system; but in most cases the following happens: o W3af reuses the information from the first extrusion scan, which was performed in step 3 in order to know which port it can use to listen for connections from the compromised server. o If a TCP port is found to be allowed in the remote firewall, w3af will try to run a server on that port and make a reverse connection from the
  • 4. compromised in order to download the PE/ELF generated file. If no TCP ports are enabled, w3af will send the ELF/PE file to the remote server using several calls to the “echo” command, which is rather slow, but should always work because it's an in-band transfer method.  W3afAgent Manager starts the w3afAgentServer that will bind on localhost: 1080 (which will be used by the w3af user) and on the interface configured in w3af (misc-settings->interface) on the port discovered during step 3.  The w3afAgentClient connects back to the w3afAgentServer, successfully creating the tunnel  The user configures the proxy listening on localhost:1080 on his preferred software  When the program connects to the socks proxy, all outgoing connections are routed through the compromised server  Authentication  Authorization  User management and fuzzy request for manual penetration testing.  Session management and compare .  Data validation, including all common attack • such as SQL Injection, Cross Site Scripting, Command Injection, Client Side Validation  Error handling and exception management  Auditing and logging Log: Log is normally a large quantity of text; you can enable and disable the different type of messages, using the checkboxes in the log bar. Note that these different types have different colors in the text itself. In the same bar you have a Search button, which enables the search functionality (explained in detail below).  Graphical representation of vulnerabilities.  Count information’s of vulnerabilities were displayed during scanning Results:
  • 5. Showing the what are the parameters passed in URL and displaying detail information  Request and Response information was displayed  Showing vulnerabilities in colors representation.  Exploitation ------------------------------------------ END--------------------------------------------------