Web Application Vulnerability Scanners – W3AF – 12.10 xUbuntu Installation

I have been interested in the Web Application Attack and Audit Framework (W3AF) since I first heard about it last summer, 2012. It was unfortunately not the most straight forward installation, it contains a number of dependencies and not something I was willing to invest into. I was also a bit more novice than I am today and didn’t completely understand what I was doing or needed to do. Today things are a bit different and this evening I decided to take another stab at it.

Note: If you run BackTrack 3.0 you’ll find it prepackaged, not sure about earlier versions, so just skip this entire post.

My biggest challenge was that I was trying to install it on a xUbuntu NIX distribution. If you’re not familiar with it, it’s a child of the Ubuntu family as implied by the name, but it’s light weight. By light weight I mean that it comes with the bare necessities only, if you want something on the box you have to install it and that includes all its dependencies. That’s perhaps where I ran into the most issues. Most of the documentation you find, to include what w3af says once installed, states that python 2.6 is required. That, fortunately is not the case. You can definitely get it running with 2.7 and that’s what I’ll provide here.

You can try running it on python 2.6 but you’re likely going to run into an issue installingpybloomfiltermmap, well at least getting the app to recognize it, so best of luck. After messing with it for hours, python 2.7 worked flawlessly and it’s what I would recommend.

So, if you’re running a clean box with minimal components then this will be the post for you. If you run into issues on a more complete install, like Ubuntu, you can always reference this post as it’ll likely help.

Installation and Configuration

If you visit the download page of w3af you’ll see something like this:

If you’re a Linux, BSD or Mac user we recommend you download the source 
from out GitHub repository:

git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_gui

That unfortunately is a highly simplistic explanation of the process.  There will be a few more things you need to do.

Make sure you install git


# sudo apt-get install git


You’re also going to want to install the Python installer, pip


$ sudo apt-get install python-pip python-dev build-essential
$ sudo pip install --upgrade pip
$ sudo pip install --upgrade virtualenv


You will now need to install all the following:


$ sudo apt-get install python2.7
$ sudo pip install fpconst
$ sudo pip install nltk
$ sudo pip install SOAPpy
$ sudo pip install pyPdf
$ sudo apt-get install libxml2-dev
$ sudo apt-get install libxslt-dev
$ sudo pip install lxml
$ sudo pip install pyopenssl


Download scapy-latest.tar.gz from here http://www.secdev.org/projects/scapy/ and use pip to install it:

$ sudo pip install scapy-latest.tar.gz << this threw a few errors but it seemed to do the trick regardless


You can then proceed with the rest of dependencies:


$ sudo apt-get install python-svn
$ sudo pip install pybloomfiltermmap
$ sudo apt-get install graphviz
$ sudo apt-get install libgraphviz-dev
$ sudo apt-get install libgraphviz
$ sudo apt-get install python-gtk2
$ sudo apt-get install python-gtksourceview2
$ sudo apt-get install python-scapy


If you have gotten this far then you’re doing pretty good. The next steps should be easy enough:


$ git clone https://github.com/andresriancho/w3af.git
$ cd w3af
$ ./w3af_gui


If it works you’ll see something like this:

        再写点自己的东西了，按照上面的做法，我遇到了几个问题。

       1.自己下的w3af安装包好老，支持python2.6。这个一定要到官网去下载最新版本的。

       2.在运行命令：

     sudo pip install -e git+git://github.com/ramen/phply.git#egg=phply

     由于国内的网上不了github，可以先到网站github.com/ramen/phply.git下载phply.zip文件包，再运行命令

     sudo pip intsall phply.zip