w3af : Web Application Attack and Audit Framework

w3af logo

w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner and exploitation tool. It identifies almost all web vulnerabilities.

w3af architecture

w3af is consist of into two main parts:

  1. Core
    • It coordinates the process and provides features to plugins
  2. Plugins
    • Plugins find vulnerabilities and exploit them.
    • They communicate with each other.

In w3af, there are different types of plugins.

  • Discovery
  • Audit
  • Grep
  • Attack
  • Output
  • Mangle
  • Evasion
  • Brute force