w3af : Web Application Attack and Audit Framework
w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner and exploitation tool. It identifies almost all web vulnerabilities.
w3af architecture
w3af is consist of into two main parts:
- Core
- It coordinates the process and provides features to plugins
- Plugins
- Plugins find vulnerabilities and exploit them.
- They communicate with each other.
In w3af, there are different types of plugins.
- Discovery
- Audit
- Grep
- Attack
- Output
- Mangle
- Evasion
- Brute force