Instalasi w3af

w3af (Web Application Attack and Audit Framework) adalah software yang bisa Anda gunakan untuk memeriksa keamanan aplikasi / website Anda.

Cara instalasi & penggunaannya sangat mudah, silakan ikuti panduan ini :


sudo apt-get update ; sudo apt-get -y install python-pip git

git clone https://github.com/andresriancho/w3af.git
cd w3af/
./w3af_console
# install semua paket yang diminta, lalu

./tmp/w3af_dependency_install.sh

Maka kini w3af & semua paket software yang dibutuhkannya telah terpasang.

Lalu buat file bernama MyScript.w3af, dengan isi sbb :

(CATATAN : jangan gunakan dulu plugin “redos” – terakhir saya gunakan, plugin redos ini berjalan selama 2 hari dan menghabiskan disk space di server saya. Hati-hati)


# -----------------------------------------------------------------------------------------------------------
# W3AF AUDIT SCRIPT FOR WEB APPLICATION
# -----------------------------------------------------------------------------------------------------------
#Configure HTTP settings
http-settings
set timeout 30
back
#Configure scanner global behaviors
http-settings
set timeout 20
set max_requests_per_second 100
back
misc-settings
set max_discovery_time 20
set fuzz_cookies True
set fuzz_form_files True
set fuzz_url_parts True
set fuzz_url_filenames True
back
plugins
#Configure entry point (CRAWLING) scanner
crawl web_spider
crawl config web_spider
set only_forward False
set ignore_regex (?i)(logout|disconnect|signout|exit)+
back
#Configure vulnerability scanners
##Specify list of AUDIT plugins type to use
audit blind_sqli, buffer_overflow, cors_origin, csrf, eval, file_upload, ldapi, lfi, os_commanding, phishing_vector, response_splitting, sqli, xpath, xss, xst
##Customize behavior of each audit plugin when needed
audit config file_upload
set extensions jsp,php,php2,php3,php4,php5,asp,aspx,pl,cfm,rb,py,sh,ksh,csh,bat,ps,exe
back
##Specify list of GREP plugins type to use (grep plugin is a type of plugin that can find also vulnerabilities or informations disclosure)
grep analyze_cookies, click_jacking, code_disclosure, cross_domain_js, csp, directory_indexing, dom_xss, error_500, error_pages,
html_comments, objects, path_disclosure, private_ip, strange_headers, strange_http_codes, strange_parameters, strange_reason, url_session, xss_protection_header
##Specify list of INFRASTRUCTURE plugins type to use (infrastructure plugin is a type of plugin that can find informations disclosure)
infrastructure server_header, server_status, domain_dot, dot_net_errors
#Configure target authentication
#Configure reporting in order to generate an HTML report
output console, html_file
output config html_file
set output_file /tmp/W3afReport.html
set verbose False
back
output config console
set verbose False
back
back
#Set target informations, do a cleanup and run the scan
target
###### GANTI DENGAN SITUS YANG INGIN ANDA TES ###############
set target https://google.com
set target_os unix
set target_framework php
back
cleanup
start

Simpan file tersebut, lalu jalankan perintah sbb :


./w3af_console ­-s MyScript.w3af

Kini tinggal Anda tunggu sampai selesai, dan setelah itu laporannya bisa dilihat di /tmp/W3afReport.html

Enjoy !

78 thoughts on “Instalasi w3af

  1. bilgileriniz özgünlügünüz ile beni fazlasıyla memnun etti
    başarılarınd devamını dilerim

  2. I was really enjoyed to read this topic and I Got some good idea by reading this topic. Thank you for your positive post.- dentist in hartford ct

  3. Wonderful site. Plenty of helpful info here. I am sending it to some pals ans additionally sharing in delicious. And obviously, thank you for your effort!

  4. Great ?V I should certainly pronounce, impressed with your website. I had no trouble navigating through all tabs as well as related info ended up being truly simple to do to access. I recently found what I hoped for before you know it in the least. Reasonably unusual. Is likely to appreciate it for those who add forums or anything, web site theme . a tones way for your customer to communicate. Nice task.

  5. Nice info. This is a very impressive post, Very useful information, it clarified things a lot for us. Thanks for sharing valuable tips. – Chennai to Shirdi Tour Package

  6. Printers are the source of creating the file and we attach more importance to it. We provide high-quality printers such as Canon Printer setup services. For more information you can check our official website.

  7. Here is introduced MetaMask Support Number as regards to the rise in usage of METAMASK it is important for the METAMASK users to have the MetaMask Support Number USA/CA: +1(808)800-9965 because no matter if you are newbie or experienced it is normal to have issues while using METAMASK like issues in sending, receiving or swapping which can be resolved by the help of MetaMask Support Number as the customer service of MetaMask Support Number is there to help METAMASK users to take get rid of the all the errors in using features of the METAMASK so for that all you need to do is contact MetaMask Support Number for resolving any errors in METAMASK you can always speak to MetaMask Support Number and explain the problem to MetaMask Support Number representative to help you in a sorted way.

  8. Kindle Support Number covers all the issues related to any model of kindle. It covers kindle Keyboard, Kindle Touch, Kindle Fire and kindle Paper white. So call on Kindle Technical Support Number +1-877-855-0855 and get Help for more.

  9. If you face any Metamask issue, just call on +1 808-800-9965 MetaMask Support Number. Our professional technician solve your problem in few minutes. Feel free to call anytime.

Leave a Reply

Your email address will not be published. Required fields are marked *