[W3af-develop] JavaScript Crawling: Beta testers wanted!

List, Its been a long time, and the list is very inactive, but if you've been paying attention to the GitHub commit logs [0] you'll notice that the project is very much alive and improving every day! At this point I'm looking for beta-testers for the initial implementation of our

Re: [W3af-develop] import_results - csv or base64?

> well. I don't have a csv file, how do I get past that? > > > On Wednesday, 17 August 2016, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> import_results is often used with [0], there you can find a >> clarification on how data is expected. &g

Re: [W3af-develop] Fwd: Write single URL scans with w3af API

different. The requests and responses is > queued. I want to send HTTP request one at a time and have that scanned, as > it enters the queue. Your solution seems to be to scan a bunch of requests > loaded in a file. Correct me if I am wrong please. > > On Fri, May 27, 2016 at 9:02 PM, A

Re: [W3af-develop] Write single URL scans with w3af API

Yup, completely possible. Most likely following these steps: * Start the API * Write a file containing the HTTP request (base64 encoded) * Write a file containing a scan profile. The scan profile should use the import_results plugin [0] and point to the previously created file with the HTTP

Re: [W3af-develop] w3af API Authenticated Scan

Yes, just configure the credentials in the profile and use that profile for the scan On Tue, Dec 15, 2015 at 2:21 PM, Abhay Bhargav wrote: > Is it possible to do an authenticated scan with w3af's API? Can anyone point > me to some resources for this? > > Regards > Abhay >

Re: [W3af-develop] Fwd: for w3af

w3af plugins are here [0], but I believe you won't be able to run them without the rest of w3af. The plugins depend on the features provided by the core [1] and any attempt to run the plugins without it will fail. Of course it is possible for you to copy the plugins and modify them to remove all

Re: [W3af-develop] Fwd: for w3af

ASP top10 they are > 1. broken authentication and > 2. path traversal > > On 8 December 2015 at 19:06, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> w3af plugins are here [0], but I believe you won't be able to run them >> without the rest of w3af.

Re: [W3af-develop] Fwd: for w3af

st get those script from > w3af whole file. > > On 8 December 2015 at 18:40, Andres Riancho <andres.rian...@gmail.com> > wrote: >> >> Manish, >> >> Your question is too generic. Please explain in more detail so we can >> help. >> htt

Re: [W3af-develop] Fwd: Crawl plugin issue !!

. > > w3af>>> version > w3af - Web Application Attack and Audit Framework > Version: 1.6.46 > Distribution: Kali Linux > Author: Andres Riancho and the w3af team. > w3af>>> > > Is there somet

[W3af-develop] Cross-Site Scripting context detection engine rewrite

List, I'm glad to announce that w3af can now detect 100% of the XSS vulnerabilities in WAVSEP! As part of the "Improve w3af's score for WAVSEP XSS by at least 20%" [0] task, I completely rewrote (twice) the context detection engine originally developed by Taras. The new engine has the

Re: [W3af-develop] Inquiry about creating plugin depending on 3rd party package

Piotr, On Thu, Aug 6, 2015 at 5:38 AM, Piotr Lizończyk piotr.lizonc...@gmail.com wrote: Hi w3af developers community, I'm working on tool that discovers technologies used on websites. It's called WAD (https://github.com/CERN-CERT/WAD), it is based on Wappalyzer browser extension

[W3af-develop] w3af REST API feature requests

Lists, The REST API milestone for w3af is coming to an end, the only pending feature is Expose plugin and core (misc|http) configuration [0] and OwenTuz is already working on it. Before I move to other things... any feature requests for the REST API? [0]

Re: [W3af-develop] Authenticated scan support for x-access-token

Jay, Interesting subject, never came across JSON web tokens before. AFAIK nobody is working on adding this feature to the framework, but I would be happy if you give it a try. There seems to be a library we can use to handle all the encoding stuff [0] and some notes on the

Re: [W3af-develop] w3af scanning can use the static port or only can use on dynamical way?

Source ports are dynamic on all OS On Wed, Aug 5, 2015 at 10:18 PM, 冠庭 羅 btiffe...@yahoo.com.tw wrote: Hi, There is an another question. Is that possible for scanning be used on the static port? I used wireshark to catch packet. I found that the packet which send by w3af doesn't use the

Re: [W3af-develop] web service api post method

)); } Although it still has clientHandlerException now.. but is this a correct direction what you want to tell me? Thanks Tiff Andres Riancho andres.rian...@gmail.com 於 2015/7/28 (週二) 7:47 PM 寫道﹕ Tiff, Why do you create a new email thread for each email you send? On Tue, Jul 28

Re: [W3af-develop] web service api post method

Tiff, Why do you create a new email thread for each email you send? On Tue, Jul 28, 2015 at 12:13 AM, 冠庭 羅 btiffe...@yahoo.com.tw wrote: Hi Andrés Riancho, Sorry.. That is language gap... I thought that filename is like fast_scan.pw3af so that I keep trying on folder name But anyway, I

Re: [W3af-develop] web service api scans ( post method)

On Mon, Jul 27, 2015 at 5:38 AM, 冠庭 羅 btiffe...@yahoo.com.tw wrote: Hi, I have tried it a day, if I write like this --- @POST @SuppressWarnings(unchecked) @Path(/ScanTarget) @Consumes(MediaType.APPLICATION_JSON) @Produces(MediaType.APPLICATION_JSON) public int ScanIt() throws IOException

Re: [W3af-develop] W3af Rest Api

be only able to fetch http transaction data of vulnerable requests . But in twitter andres riancho stated that we can read all http requests sent from scanner . First of all i would like to know how i can i use rest api to fetch http data of scan started w3ag gui You can't do

Re: [W3af-develop] [SPAM] celery issues

Plugin method `kb_append` for example ? Regards. On 03 Apr 2015, at 19:08, Andres Riancho andres.rian...@gmail.com wrote: Well, yeah, that might be a problem. I recommend: * You should use different processes (prefork/processes should be ok) * Make sure ALL your w3af imports are done

Re: [W3af-develop] [SPAM] celery issues

-A scanner worker --concurrency 2 -l debug -P processes I have troubles with celery threads in my previous code example, because they use global Knowledge base object which is shared during the celery worker live. Regards. On 25 Mar 2015, at 21:55, Andres Riancho andres.rian...@gmail.com wrote

[W3af-develop] Changes in XML output

List, I'm working on extending w3af's features by providing long descriptions for vulnerabilities [1], which lead to a change in the XML output format [0]. All tools that parse w3af's output need to be updated to handle this new format. XSD file is here [2] These changes are, for now, in

Re: [W3af-develop] [SPAM] celery issues

Electric Mind, Please read inline, On Wed, Mar 25, 2015 at 3:49 PM, Electric Mind mai...@zensecurity.su wrote: Hello everyone! I’d like to start my w3af instances inside of the celery. Code example is below. What is the best practice for doing that ? First I would recommend you

Re: [W3af-develop] Continuous integration to debian packages

in Kali and, while it's related, is not focused on automating the whole process (which needs to be done at https://github.com/andresriancho/w3af/issues/3351) On Mon, Mar 2, 2015 at 1:11 PM, Andres Riancho andres.rian...@gmail.com wrote: Sergey, On Mon, Mar 2, 2015 at 9:42 AM, Sergey w

Re: [W3af-develop] w3af q

Electric Mind, On Tue, Mar 3, 2015 at 5:40 AM, Electric Mind mai...@zensecurity.su wrote: Hello everyone! Here is my code sample: #!/usr/bin/env python from w3af.core.controllers.w3afCore import w3afCore from w3af.plugins.tests.helper import create_target_option_list from

Re: [W3af-develop] Continuous integration to debian packages

and test the .deb file. On 27.02.2015 19:09, Andres Riancho wrote: Guys, Just found a github ticket you might find interesting. https://github.com/andresriancho/w3af/issues/3351 On Thu, Feb 26, 2015 at 10:37 AM, Nich Ramsey onicr...@gmail.com wrote: Hi Andres, I just started

Re: [W3af-develop] Continuous integration to debian packages

AM, Andres Riancho andres.rian...@gmail.com wrote: Sergey, On Thu, Feb 26, 2015 at 1:30 AM, Sergey w...@kovalev.com.ru wrote: Hi, Andres and everybody. Right now I see that we have working CI builds of w3af Docker images. We do! I've been working on the docker images last week and you can

Re: [W3af-develop] Continuous integration to debian packages

Sergey, On Thu, Feb 26, 2015 at 1:30 AM, Sergey w...@kovalev.com.ru wrote: Hi, Andres and everybody. Right now I see that we have working CI builds of w3af Docker images. We do! I've been working on the docker images last week and you can see the latest in the develop branch :) I'd like to

Re: [W3af-develop] W3af - Database api

Gorantla, On Sun, Feb 22, 2015 at 3:05 PM, Gorantla sai ahik...@gmail.com wrote: Hello guys , I'm gorantla sai , presently Computer Science Undergraduate studying at IIT BHU and i'm working on a project which involves using data from W3af . After testing a web application

Re: [W3af-develop] Fwd: interes en aprender seguridad en apps web

wrote: -- Forwarded message -- From: ALEJANDRO CARBALLO nereo3...@gmail.com Date: 2015-02-03 10:54 GMT-03:00 Subject: Re: interes en aprender seguridad en apps web To: Andres Riancho andres.rian...@gmail.com Hice lo que me pediste y luego de instalar lo q me pedia para

Re: [W3af-develop] Updating Info and Vuln

. The right way to do that is copy.deepcopy(info_instance) * No need to modify the get_uniq_id implementation is needed [0] https://github.com/andresriancho/w3af/commit/72b3ea44bd78eedb180109a905cf084d74150971 On Thu, Jan 29, 2015 at 8:40 AM, Andres Riancho andres.rian...@gmail.com wrote: You

Re: [W3af-develop] New Guy Looking to Contribute!

- Justin On Wed, Sep 17, 2014 at 12:20 PM, Andres Riancho andres.rian...@gmail.com wrote: PS: Please subscribe to the mailing list so you receive emails others send to it On Wed, Sep 17, 2014 at 4:20 PM, Andres Riancho andres.rian...@gmail.com wrote: JB, Sorry for the delay

Re: [W3af-develop] New Guy Looking to Contribute!

PS: Please subscribe to the mailing list so you receive emails others send to it On Wed, Sep 17, 2014 at 4:20 PM, Andres Riancho andres.rian...@gmail.com wrote: JB, Sorry for the delay in the response, since you didn't subscribe to the mailing list your email was in the moderation queue

Re: [W3af-develop] New Guy Looking to Contribute!

JB, Sorry for the delay in the response, since you didn't subscribe to the mailing list your email was in the moderation queue (which I rarely check, just accepted it because I saw your IRC message). Please read inline: On Mon, Sep 15, 2014 at 1:34 PM, Chuck Finley cf1n...@gmail.com wrote:

[W3af-develop] Error handling strategies

List, I'm currently working on (the much needed) error handling feature for w3af [0], the user story says: I would like to have better handling for the case in which: * My network connection died for a couple of seconds * The server went offline for a couple of seconds Currently w3af

[W3af-develop] w3af CI builds are now easily accessible

List, CircleCI, the continuous integration SaaS we use for building w3af, is now providing a beta feature that allows open source projects to show their CI builds. I've enabled the feature and now you're able to see all the unit/functional tests run each time we change something in w3af:

Re: [W3af-develop] checking http CONNECT method

Sergio, On Tue, Aug 5, 2014 at 5:42 PM, Sergio A foobarm...@gmail.com wrote: Hi guys, Yesterday, while playing with w3af I saw something (detailed below) with the allowed methods plugin related to checking if the the http CONNECT method is available in a server or not and I'd like to know if

[W3af-develop] docker image for w3af

List, I've been working on a docker image for w3af [0], for those who've been experimenting with the technology, could you give it a try and let me know what you think? If you want to help improve this docker image, the Dockerfile is here [1] and pull requests are welcome. I'll wait

[W3af-develop] Obscure bugs in 1.6 release

List, 1.6 was released 24 days ago and I'm happy to say that during these days we've received many obscure / rare bug reports [0]. If someone wants to help fix, please let me know, since I'm planning the 1.6.1 release (bug fixes for 1.6) for next month and I really need the help! [0]

Re: [W3af-develop] Obscure bugs in 1.6 release

cleanup upwards. Cheers, Owen On Thu, Apr 24, 2014 at 8:47 PM, Andres Riancho andres.rian...@gmail.com wrote: List, 1.6 was released 24 days ago and I'm happy to say that during these days we've received many obscure / rare bug reports [0]. If someone wants to help fix, please let me

[W3af-develop] DOM XSS detection

List, If you're interested in the subject of automated detection of DOM XSS vulnerabilities, I recommend you start following what's going on on the tpjs [0] project. I've been creating several issues with questions, feature requests, etc. and most notably an idea about a REST API for

Re: [W3af-develop] REST API for w3af

the list at w3af-develop-ow...@lists.sourceforge.net When replying, please edit your Subject line so it is more specific than Re: Contents of W3af-develop digest... Today's Topics: 1. Bug fixing sprint (Andres Riancho) 2. REST API for w3af (Andres Riancho) 3. Re: REST API

Re: [W3af-develop] [W3af-users] Kali packaging for w3af - Automated and unittested

with screenshots together and publish it on GitHub. It was clear, thanks. No need for that wiki with screenshots. Were you able to test the latest w3af in Kali? We packaged 1.6.0.1 Regards, On Fri, Apr 4, 2014 at 10:34 PM, Andres Riancho andres.rian...@gmail.com wrote: Christian, Did you

Re: [W3af-develop] [W3af-users] Kali packaging for w3af - Automated and unittested

Integration (CI) for Kali Linux however CI should be possible with Tox and Jenkins. You have also raised Tox in the past within https://github.com/andresriancho/w3af/issues/1048 On Fri, Apr 4, 2014 at 1:33 AM, Andres Riancho andres.rian...@gmail.com wrote: How do you believe we can improve

Re: [W3af-develop] [W3af-users] Kali packaging for w3af - Automated and unittested

Regards, On Wed, Apr 2, 2014 at 12:30 AM, Christian Heinrich christian.heinr...@cmlh.id.au wrote: Andres, I can assist and have maintained a package for Kali Linux since December 2012. On Wed, Apr 2, 2014 at 2:47 AM, Andres Riancho andres.rian...@gmail.com wrote: List, Anyone

Re: [W3af-develop] Test the develop branch before Monday's release

) print gtk.pygtk_version = (2, 12) 28.03.2014 01:18, Andres Riancho пишет: List, Every now and then I ask for a favor, nd... well... now I'm asking for one! The next release will be on Monday, and I need you to test w3af to make sure it doesn't have any critical bugs before I merge

Re: [W3af-develop] Test the develop branch before Monday's release

ImportError: No module named gtk Outside: $ python -c 'import gtk;print gtk.pygtk_version' (2, 24, 0) pygtk is installed as system package $ dpkg -l | grep python-gtk ii python-gtk2 2.24.0-3ubuntu1 28.03.2014 01:18, Andres Riancho пишет: List

Re: [W3af-develop] Test the develop branch before Monday's release

. /tmp/w3af_dependency_install.sh Note the added --system-site-packages On Sun, Mar 30, 2014 at 10:57 AM, Andres Riancho andres.rian...@gmail.com wrote: You might be hitting something like this [0], where your virtualenv doesn't have access to the package installed using apt-get [0] http

Re: [W3af-develop] Test the develop branch before Monday's release

with --system-site-packages has helped, thanks. P.S. I also had to delete some installed system packages like pdfminer because of version conflicts. 30.03.2014 18:00, Andres Riancho пишет: This might help: cd ~ apt-get install -y python-pip # This step might change in your OS pip install

Re: [W3af-develop] Test the develop branch before Monday's release

That would be awesome. If you send me a pull request I'll hapily merge it. El 30/03/2014 12:44, Achim Hoffmann webse...@sic-sec.org escribió: Andrés, Taras, it would be nice to get a w3af which runs on plain old unpatched systems I.e. not everyone has, or can, or would like to install a bunch

Re: [W3af-develop] Test the develop branch before Monday's release

/issues/485 [1] http://pythonwheels.com/ [2] https://www.docker.io/ Regards, On Sun, Mar 30, 2014 at 12:59 PM, Andres Riancho andres.rian...@gmail.com wrote: That would be awesome. If you send me a pull request I'll hapily merge it. El 30/03/2014 12:44, Achim Hoffmann webse...@sic-sec.org

Re: [W3af-develop] Test the develop branch before Monday's release

, workaround with --system-site-packages has helped, thanks. P.S. I also had to delete some installed system packages like pdfminer because of version conflicts. 30.03.2014 18:00, Andres Riancho пишет: This might help: cd ~ apt-get install -y python-pip # This step might change in your OS

Re: [W3af-develop] Test the develop branch before Monday's release

No no, my first answer was the rude one! El 30/03/2014 15:34, Achim Hoffmann webse...@sic-sec.org escribió: Am 30.03.2014 18:23, schrieb Andres Riancho: That came out a little bit rude... let me rephrase that oops, sorry. It just happend while I tried to run w3af on a second older (than

[W3af-develop] Test the develop branch before Monday's release

List, Every now and then I ask for a favor, and... well... now I'm asking for one! The next release will be on Monday, and I need you to test w3af to make sure it doesn't have any critical bugs before I merge into develop into master. I've been working hard on fixing a ton of bugs,

[W3af-develop] Need help from Mac users!

List, I'm trying to fix an ugly bug that only affects Mac users [0] and because I don't have any installations of that OS it is really hard to make any progress. Could someone give me a hand? All you need is some time, minimal python knowledge and the will to help. Find me at 2pm GMT-3

Re: [W3af-develop] Need help from Mac users!

Andres On Mar 21, 2014 12:53 PM, Andres Riancho andres.rian...@gmail.com wrote: List, I'm trying to fix an ugly bug that only affects Mac users [0] and because I don't have any installations of that OS it is really hard to make any progress. Could someone give me a hand? All you need

Re: [W3af-develop] Need help from Mac users!

You chickened out ;) ;) On Fri, Mar 21, 2014 at 1:31 PM, Robin Wood ro...@digininja.org wrote: On 21 March 2014 16:26, Andres Riancho andres.rian...@gmail.com wrote: Robin, Leandro, Thanks for volunteering, to help please join the IRC [0] so we can chat. I'm __apr__ at the #w3af channel

Re: [W3af-develop] Need help from Mac users!

But... you do have osx to run some tests, right? On Fri, Mar 21, 2014 at 1:58 PM, Leandro Reox leandro.r...@gmail.com wrote: I have a mac ... but it runs Debias as main os :) On Mar 21, 2014 1:38 PM, Robin Wood ro...@digininja.org wrote: On 21 March 2014 16:35, Andres Riancho andres.rian

Re: [W3af-develop] Help needed - SAML-based auth plugin

Andre, On Fri, Mar 21, 2014 at 3:59 PM, Andre Daniels andre...@ucsc.edu wrote: Andres, Thanks for the insanely quick reply. Hopefully I'll keep it this way :D Sorry, I haven't yet figured out how to post to the actual thread...checking docs... Just reply to all to the email and it should

[W3af-develop] REST API for w3af

Lists, Talking with different users off-list, I've noticed that the advanced users want to integrate w3af with other tools, and while this is possible today (w3af console script + XML output) it is not the best approach. The world is moving towards REST APIs, and we're going there too. A

Re: [W3af-develop] REST API for w3af

/ On Thu, Mar 20, 2014 at 3:47 PM, Andres Riancho andres.rian...@gmail.com wrote: Lists, Talking with different users off-list, I've noticed that the advanced users want to integrate w3af with other tools, and while this is possible today (w3af console script + XML output

[W3af-develop] Bug fixing sprint

List, I've been fixing a lot of the bugs I prioritized last week, these are the bugs blocking the next release: * nosetests w3af/plugins/tests/audit/test_os_commanding.py is unstable * Broken youtube links and url links * AssertionError: Can NOT join a stopped consumer * An exception was

Re: [W3af-develop] [W3af-users] Moving documentation to readthedocs - Deprecating translations

/HTML/PDF 06.03.2014 22:08, Andres Riancho пишет: List, After some analysis of the tools I was using to build the documentation, the poor update frequency, low visibility (nobody reads it?), and some other factors I've decided that: * w3af's documentation will be moved from

Re: [W3af-develop] Moving documentation to readthedocs - Deprecating translations

Will continue working on this tomorrow, hopefully finishing during the morning. Please report any bugs, typos, missing sections, etc. Thanks! Regards, On Thu, Mar 6, 2014 at 3:08 PM, Andres Riancho andres.rian...@gmail.com wrote: List, After some analysis of the tools I was using to build

Re: [W3af-develop] W3af Ubuntu 13.10

, Feb 18, 2014 at 2:15 PM, Taras ox...@oxdef.info wrote: Andres, Ok, I've got your opinion. Let's close this discussion. 17.02.2014 00:04, Andres Riancho пишет: Taras, On Sun, Feb 16, 2014 at 4:28 PM, Taras ox...@oxdef.info wrote: Andres, I think it is my last attempt to change your

[W3af-develop] Using a real ORM inside w3af

List, One of my enhancements for future versions of w3af is to start using a real ORM inside w3af [0] and while I'm thinking about it I would like your inputs. For those who don't know exactly where the ORM would be used, here is a summary: * HTTP requests and responses (at least the

Re: [W3af-develop] W3af Ubuntu 13.10

:03:23 пользователь Andres Riancho написал: Taras, Added that because it is the best thing to do. Search the mailing list for the issue we had with pdfminer, what happen there was: * w3af had a requirement for pdfminer, any version * w3af worked without issues

Re: [W3af-develop] W3af Ubuntu 13.10

Israel, Haven't tried with that specific version, but what's wrong with: git clone g...@github.com:andresriancho/w3af.git cd w3af git checkout feature/module ./w3af_console On Wed, Jan 22, 2014 at 6:00 PM, Israel Duvdavan israelzero...@gmail.com wrote: Hi, does anyone have a working way

[W3af-develop] New blog post: How w3af uses Continuous Integration

How w3af uses Continuous Integration [0] http://w3af.org/how-w3af-uses-continuous-integration-to-improve Regards, -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3

Re: [W3af-develop] execution failures [w3af_console]

Diana, On Fri, Nov 8, 2013 at 4:46 PM, Diana Carolina Echeverria Rojas minima...@gmail.com wrote: Good afternoon engineers, I do not know if this is the appropriate email account to ask the following in yesterday w3af install the application on redhat 5.0 and I could not use the

Re: [W3af-develop] Snort rules to detect malware

on which ruleset is the best one to use. Sent an email to the snort and suricata mailing lists to ask some questions Regards Andri On 6 Okt 2013, at 18.58, Andres Riancho andres.rian...@gmail.com wrote: Maybe the focus should be moved away from the detection engines (snort, suricata

Re: [W3af-develop] Snort rules to detect malware

vynx_1...@yahoo.com wrote: Hi Andres, how if use Suricata than Snort ? here is the comparison : http://wiki.aanval.com/wiki/Snort_vs_Suricata Regards, Andri From: Andres Riancho andres.rian...@gmail.com To: w3af-us...@lists.sourceforge.net w3af-us

[W3af-develop] Snort rules to detect malware

Guys, We already have a clamav plugin that will identify if an http response body (usually a PE, DLL, ELF, PDF, DOC etc.) contains a virus or not. The other day I was thinking about how to improve this and came up with the idea of using snort rules to detect malware [0] The idea is

Re: [W3af-develop] Dependencies handling

Guillaume, On Thu, Aug 22, 2013 at 8:04 AM, Guillaume Rousse guillomovi...@gmail.com wrote: Hello. I've troubles packaging w3af for mageia (more exactly, updating the current package from 1.1 to 1.5), because of dependencies management. Here is the list of dependencies given in

Re: [W3af-develop] Avoid to commit and push __init__.py file -- Trick

I don't understand, why do you want to ignore __init__.py files? They are actually used for stuff and required to be there. Also, they don't change unless you do something to them. On Sat, Aug 17, 2013 at 6:23 AM, Dominique RIGHETTO dominique.righe...@gmail.com wrote: Hi, I have just found a

Re: [W3af-develop] Integer overflow detection plugin

. Maybe you and I can work on this further to get a better idea of how it will work? On Mon, Jul 29, 2013 at 8:24 AM, Andres Riancho andres.rian...@gmail.com wrote: Dom, On Fri, Jul 26, 2013 at 4:41 PM, Dominique Righetto dominique.righe...@gmail.com wrote: Hi, I have spend the 2 last

Re: [W3af-develop] Regarding the w3af permission problem

??? On Wednesday 26 June 2013 09:01 PM, Andres Riancho wrote: I would disable the XML output plugin, enable the text plugin with debug, run the scan and analyze the output On Wed, Jun 26, 2013 at 12:13 PM, Laurent Guyon laurent.gu...@algosecure.fr wrote: Hi, I've got the same error, with the same

Re: [W3af-develop] Integer overflow detection plugin

The xss [0] plugin is a good example for what you're trying to achieve. The interesting parts are: fake_mutants = create_mutants(freq, ['',]) Where you create mutants (modified http requests) based on a fuzzable request (which is the result of the crawling phase) with a fake value of an

Re: [W3af-develop] Integer overflow detection plugin

On Sun, Jul 14, 2013 at 4:49 AM, Dominique RIGHETTO dominique.righe...@gmail.com wrote: Hi Tomas, Thanks you very much. I try to understand the objective of each of the value in [-012345, -2147483649, -2147483648, 012345, 2147483647, 2147483648, 4294967295, 4294967296, 023456].

Re: [W3af-develop] Integer overflow detection plugin

regards, Dominique Righetto dominique.righe...@gmail.com dominique.righe...@owasp.org Twitter: @righettod GPG: 0x323D19BA http://www.righettod.eu No trees were killed to send this message, but a large number of electrons were terribly inconvenienced. On Mon, Jul 15, 2013 at 1:54 PM, Andres

Re: [W3af-develop] Regarding the w3af permission problem

have seen a error like --- An internal error occurred while searching for id 36, even after commit/retry Liked it what is the possibility of getting this error ?? On Tuesday 25 June 2013 05:30 PM, Andres Riancho wrote: Nothing special. The directory /var/www/scanreports/ needs

Re: [W3af-develop] Regarding the w3af permission problem

, i am using mozilla browser . The browser has nothing to do with all this. In any case it's PHP and the way you call w3af from it. On Monday 24 June 2013 06:04 PM, Andres Riancho wrote: Saleem, On Mon, Jun 24, 2013 at 9:14 AM, saleem asaleemud...@cdac.in wrote: Thanku so much

Re: [W3af-develop] Regarding the w3af permission problem

and if same i run as www-data user i am unable to get the output xml file . please guide me in setting right permissions so that i can get XML as output file . On Tuesday 25 June 2013 05:07 PM, Andres Riancho wrote: On Tue, Jun 25, 2013 at 7:06 AM, saleem asaleemud...@cdac.in wrote

Re: [W3af-develop] [W3af-users] Regarding the w3af permission problem

asaleemud...@cdac.in i have given all permissions to that folder , still i am not able to generate the file . On Tuesday 25 June 2013 05:30 PM, Andres Riancho wrote: Nothing special. The directory /var/www/scanreports/ needs to be writable by the www-data user. On Tue, Jun 25, 2013 at 8:56 AM

Re: [W3af-develop] Regarding the w3af permission problem

, Andres Riancho wrote: Saleem, On Fri, Jun 21, 2013 at 12:31 PM, saleem asaleemud...@cdac.in wrote: Hi all , I have written a script which uses w3af script in the background, and trying to execute that script through browser , but i am not getting any output if i do the same

Re: [W3af-develop] Regarding the w3af permission problem

not getting the file generated if i run the code from the browser or by normal user. root user is able to generate the files using the same code . please help me out ! On Monday 24 June 2013 04:14 PM, Andres Riancho wrote: Saleem, On Mon, Jun 24, 2013 at 1:11 AM, saleem asaleemud

Re: [W3af-develop] Regarding the w3af permission problem

:58 PM, Andres Riancho wrote: On Mon, Jun 24, 2013 at 8:08 AM, saleem asaleemud...@cdac.in wrote: thanks for the response andrews. Why do you suspect of permissions issue? I suspect permission issue because when i run the code as root user in the terminal it is generating the output file

Re: [W3af-develop] Regarding the w3af permission problem

Saleem, On Fri, Jun 21, 2013 at 12:31 PM, saleem asaleemud...@cdac.in wrote: Hi all , I have written a script which uses w3af script in the background, and trying to execute that script through browser , but i am not getting any output if i do the same in the terminal i am getting the output

[W3af-develop] import w3af

Lists, I've been working hard on making w3af a python module, the information, and of course a request for all here [0].- [0] http://w3af.org/import-w3af Regards, -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG:

Re: [W3af-develop] multiple encoding plugin

Am 15.05.2013 15:41, schrieb Andres Riancho: Achim, On Wed, May 15, 2013 at 9:53 AM, Achim Hoffmann webse...@sic-sec.org wrote: Hi all, I'm searching for a plugin which can multiple encode a payload. Does such a thing exist in w3af? No, it doesn't. w3af doesn't play with encoding

Re: [W3af-develop] multiple encoding plugin

Achim, On Wed, May 15, 2013 at 9:53 AM, Achim Hoffmann webse...@sic-sec.org wrote: Hi all, I'm searching for a plugin which can multiple encode a payload. Does such a thing exist in w3af? No, it doesn't. w3af doesn't play with encoding as much as it should. As a side note, I think I

[W3af-develop] ClamAV plugin - testers please!

List, I've developed a new plugin which uses ClamAV to find malware on your site. The basic idea is that w3af will send all http response bodies to clamd, and then report any findings it returns. I need your help for testing! Follow these steps if you've got some minutes to spare: git

Re: [W3af-develop] Practical HTTP Host header attacks - Contributor wanted

vints...@gmail.com wrote: Well I'd love to take this on with some help from you, Andres! Many thanks -Daniel — Sent from Mailbox for iPhone On Fri, May 10, 2013 at 9:11 AM, Andres Riancho andres.rian...@gmail.com wrote: Lists, After reading Practical HTTP Host header attacks [0] I

Re: [W3af-develop] VIM syntax file for W3AF script

Dom, Thanks for this :) There was an old version here [0], hidden in our repository. What do you think we should do? Remove the one in our repo and keep the one in vim.org? Keep both updated seems dumb... maybe our w3af.vim should point users to the one in vim.org? [0]

Re: [W3af-develop] Practical HTTP Host header attacks - Contributor wanted

10.05.2013 15:23, schrieb Andres Riancho: Great :) So lets start right away. Please read the article, and try to identify the different vulnerabilities which are present there. Once you've got that, think about which ones could be automated with w3af and send an email to this thread. At this point

Re: [W3af-develop] W3af pass file to anti malware

://github.com/andresriancho/w3af/blob/master/plugins/grep/xss_protection_header.py If you create this plugin, please use a backend malware scanner which is open source, freely available, well supported and GPLv2 license compatible. Regards, Regards Andri On 5 Mei 2013, at 09:53, Andres Riancho

Re: [W3af-develop] W3af pass file to anti malware

Andri, On Sat, May 4, 2013 at 10:47 AM, Andri Herumurti vynx_1...@yahoo.com wrote: Dear all, It is possible to pass file that currently scanning by w3af to anti malware/anti virus to scan ? Since currently there is some file like java that content malware/infected. 100% possible, but

Re: [W3af-develop] W3af pass file to anti malware

2013, at 00:26, Andres Riancho andres.rian...@gmail.com wrote: Andri, On Sat, May 4, 2013 at 10:47 AM, Andri Herumurti vynx_1...@yahoo.com wrote: Dear all, It is possible to pass file that currently scanning by w3af to anti malware/anti virus to scan ? Since currently there is some file

Re: [W3af-develop] Packaging w3af

Johannes, On Tue, Apr 30, 2013 at 8:36 AM, Johannes Weberhofer jweberho...@weberhofer.at wrote: Yes, it's the same bug as the one you're finding in the console, created [0] for this. Will try to fix it today, [0] https://github.com/andresriancho/w3af/issues/294 I think it's fixed now.

Re: [W3af-develop] Packaging w3af

that setup.py compiles py to pyc when you install a module in site-packages. This is an interesting question to solve :) Am 28.04.2013 21:48, Andres Riancho wrote: Johannes, On Sun, Apr 28, 2013 at 8:33 AM, jweberho...@weberhofer.at wrote: Dear all! After some pause, I'm working on RPM packages

Re: [W3af-develop] Packaging w3af

Johanes, On Mon, Apr 29, 2013 at 12:05 PM, Johannes Weberhofer jweberho...@weberhofer.at wrote: Am 29.04.2013 16:00, schrieb Andres Riancho: On Mon, Apr 29, 2013 at 6:37 AM, Johannes Weberhofer jweberho...@weberhofer.at wrote: Andres, thank you for your notes. Unfortunately I'm my

  1   2   3   4   5   6   7   >