List,
I'm glad to release the fifth beta of w3af. For those
that still
don't know, w3af is a fully automated auditing and
exploiting
framework for the web. More info can be found at
http://w3af.sourceforge.
net/ .
They are really *a lot* of changes from beta4 to make an
detailed
list, but a small summary will give you an idea of the new
features I
have been working on:
- Virtual daemon, a way to use Metasploit framework
payloads/shellcodes while exploiting web applications.
- w3afAgent, a reverse VPN that allows you to route
packets
through the compromised server
- Good samaritan, a module that allows you to exploit
blind sql
injections much faster
- 20+ new plugins
- A lot of bug fixes
- A much more stable core.
The users guide can be found here:
- http://w3af.sourceforge.net/documentation/user/
w3afUsersGuide.pdf
I also uploaded the presentation materials of my talk at
the T2
conference in Finland ( http://www.t2.fi/ ). The PDF
file is a nice
introduction to the interesting features implemented in the
framework
and can be found here:
- http://w3af.sourceforge.net/documentation/user/w3af-T2
.pdf
Cheers,
--
Andres Riancho
http://w3af.sourceforge.
net/
Web Application Attack and Audit Framework
------------------------------------------------------------
-------------
Sponsored by: Watchfire
Cross-Site Scripting (XSS) is one of the most common
application-level
attacks that hackers use to sneak into web applications
today. This
whitepaper will discuss how traditional XSS attacks are
performed, how to
secure your site against these attacks and check if your
site is protected.
Cross-Site Scripting Explained - Download this whitepaper
today!
https://www.watchfire.com/securearea/whi
tepapers.aspx?id=701700000009405
------------------------------------------------------------
-------------
|