List,
Could you guys please give me your opinion on this new feature
that I'm thinking about? Thanks!
"""
Today I described one of my w3af improvement ideas to Javier and after
really believing that it would be a good idea; I'm documenting it here
so we don't forget about it.
The basic idea is to have two different ways to run w3af from the GUI:
* Batch
* Interactive
In batch mode (which is the mode we have now) you simply choose all
the plugins you want to run, set the target, hit play, wait for 5
hours and see your results.
The problem with batch mode is that most users are actually doing this:
* Scan with plugins A, B, C enabled. Analyze results. Clear results.
* Start a new scan with plugins A, B, C, D, E enabled. Analyze
results. Clear results.
* Start a new scan with plugins A, B, C, D, E, X, Y, Z enabled.
Analyze results.
Each time they clear the results, they have to start all over, which
takes time. For example, in run #2, they are running A, B, C for the
second time, and in run #3 they are running A, B, C for the third time
and D and E for the second time.
The new interactive mode will look like Maltego. We'll basically ask
the user to create a new target; and then he'll be able to apply
plugins to that target. The workflow will look like this:
* Create a new target in the GUI
* Drag and drop a plugin to the target, in this example we'll use
the webspider plugin.
* When the plugin results are available, the user can choose an
audit plugin and apply it to:
o The target object: which will inject in all links
o A directory object: which will inject in all links below
that directory
o A link object: which will inject only in that link
* When a grep plugin is dropped, all the request/responses in the
DB are analyzed.
The view for this interactive mode would be fairly simple:
* Left: the plugin treeview
* Right: A canvas where all the information is drawn
The user can choose a group of plugins to run at the same time by
clicking "ctrl" over the plugin treeview.
"""
All the previous information is available in our Trac [0].
[0] https://sourceforge.net/apps/trac/w3af/ticket/160719
Regards,
--
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af
------------------------------------------------------------------------------
Lotusphere 2011
Register now for Lotusphere 2011 and learn how
to connect the dots, take your collaborative environment
to the next level, and enter the era of Social Business.
http://p.sf.net/sfu/lotusphere-d2d
_______________________________________________
W3af-develop mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/w3af-develop
