这里写自定义目录标题
w3af_console
一、简介
- web扫描框架(开源、不断添加
- 集成exploit模块
1.plugin
audit(审计):该类插件会向Crawl插件爬取出的注入点发送特制的POC数据以确认漏洞是否存在。
infrastructure(基础):这类插件用来标识有关目标系统的信息,如安装的WAF,操作系统和HTTP守护进程等。
grep(检索):这类插件会分析其他插件发送的HTTP请求和相应并识别漏洞。
evasion(绕过):通过修改由其他插件生成的HTTP请求来绕过简单的入侵检测规则。
mangle:允许修改基于正则表达式的请求和响应
auth:
Mangle:允许修改基于正则表达式的请求和响应。
bruteforce:在爬取阶段进行暴力登陆
output(输出):这类插件会将插件的数据保存到文本,xml或者是html文件中。调试的信息也会发送到输出Output插件并可保存和分析。如果启用了text_file和xml_file这两个Output插件,则这两个都会记录有Audit插件发现的任何漏洞。
crawl(爬取):通过爬取网站站点来获得新的URL地址。如果用户启用了Crawl类型的多个插件,此时将产生一个循环: A插件在第一次运行时发现了一个新的url,w3af会将其发送到插件B。如果插件B发现一个新的url则会发送到插件A。这个过程持续进行直到所有插件都已运行且无法找到更多的新信息。
Attack(攻击):如果Audit插件发现了漏洞,Attack将会进行攻击和利用,通常会在远程服务器上返回一个shell或者比如SQL注入则会获取数据库的数据。
2. kali 安装w3af[问题解决]
安装w3af时遇到./w3af_console We recommend you install pip before continuing.http://www.pip-installer.org/en/latest/installing.html
# 切换到主目录,官方指定在主目录下安装
cd ~
# 换成了aliyun的源
vim /etc/apt/sources.list
deb http://mirrors.aliyun.com/kali kali-rolling main non-free contrib
deb-src http://mirrors.aliyun.com/kali kali-rolling main non-free
contrib
deb http://ftp.de.debian.org/debian buster main
apt-get update
# 安装NPM包管理工具
apt install npm libyaml-dev libsqlite3-dev
# 安装lxml,需要先安装此软件,官方文档未提示安装,但不安装便会报错
apt-get build-dep python-lxml
# 补全python库环境
apt install python-dev build-essential libssl-dev libffi-dev libxml2-dev libxslt1-dev zlib1g-dev
# 下载安装包
git clone https://github.com/andresriancho/w3af.git
cd w3af
apt-get install -y python-pip
# 报错,卸载pip重新安装
# 发现No module named ‘ConfigParser‘
# 使用python2安装pip
curl https://bootstrap.pypa.io/pip/2.7/get-pip.py -o get-pip2.py
python get-pip2.py
# 一直缺这个
apt install python-pip-whl=18.1-5
./w3af_console
# 如果报错,缺什么补什么!!
# 终于ok了
./w3af_dependency_install.sh
二、 操作
1. 启动帮助
help
2.plugins模块
开启三个插件模块
状态模块变为enabled
w3af/plugins>>> audit xss sqli lfi
w3af/plugins>>> list audit
|------------------------------------------------------------------------|
| Plugin name | Status | Conf | Description |
|------------------------------------------------------------------------|
| blind_sqli | | Yes | Identify blind SQL injection |
| | | | vulnerabilities. |
| buffer_overflow | | | Find buffer overflow |
| | | | vulnerabilities. |
| cors_origin | | Yes | Inspect if application checks |
| | | | that the value of the "Origin" |
| | | | HTTP header isconsistent with |
| | | | the value of the remote IP |
| | | | address/Host of the sender |
| | | | ofthe incoming HTTP request. |
| csrf | | | Identify Cross-Site Request |
| | | | Forgery vulnerabilities. |
| dav | | | Verify if the WebDAV module is |
| | | | properly configured. |
| deserialization | | | Identify deserialization |
| | | | vulnerabilities. |
| eval | | Yes | Find insecure eval() usage. |
| file_upload | | Yes | Uploads a file and then |
| | | | searches for the file inside |
| | | | all known directories. |
| format_string | | | Find format string |
| | | | vulnerabilities. |
| frontpage | | | Tries to upload a file using |
| | | | frontpage extensions |
| | | | (author.dll). |
| generic | | Yes | Find all kind of bugs without |
| | | | using a fixed error database. |
| global_redirect | | | Find scripts that redirect the |
| | | | browser to any site. |
| htaccess_methods | | | Find misconfigurations in |
| | | | Apache's "<LIMIT>" |
| | | | configuration. |
| ldapi | | | Find LDAP injection bugs. |
| lfi | Enabled | | Find local file inclusion |
| | | | vulnerabilities. |
| memcachei | | | No description available for |
| | | | this plugin. |
| mx_injection | | | Find MX injection |
| | | | vulnerabilities. |
| os_commanding | | | Find OS Commanding |
| | | | vulnerabilities. |
| phishing_vector | | | Find phishing vectors. |
| preg_replace | | | Find unsafe usage of PHPs |
| | | | preg_replace. |
| redos | | | Find ReDoS vulnerabilities. |
| response_splitting | |