好记性不如铅笔头

安全, 操作系统

某《魔鬼训练营》读书笔记:w3af的使用笔记

!!!笔记仅供学习交流使用,请勿进行其他用途!!!

官方提供的下载方式:

http://w3af.org/download 】

w3af_console的使用:

w3af_console的使用方式和metasploit类似,这里简单的列下可用的各级菜单:

root@kali:~# w3af_console  #启动w3af控制台
w3af>>> help    #显示w3af的命令,和metasploit的使用方式类似
|-------------------------------------------------------------------|
| start              | Start the scan.                   |
| plugins            | Enable and configure plugins.     |
| exploit            | Exploit the vulnerability.        |
| profiles           | List and use scan profiles.       |
| cleanup            | Cleanup before starting a new scan.    |
|---------------------------------------------------------------|
| help               | Display help. Issuing: help [command] , prints more specific help about "command"      |
| version            | Show w3af version information.              |
| keys               | Display key shortcuts.                                |
|----------------------------------------------------------|
| http-settings      | Configure the HTTP settings of the framework.         |
| misc-settings      | Configure w3af misc settings.               |
| target             | Configure the target URL.               |
|---------------------------------------|
| back               | Go to the previous menu.                      |
| exit               | Exit w3af.                    |
|---------------------------------------------------------|
| kb                 | Browse the vulnerabilities stored in the Knowledge Base      |
|-------------------------------------------------|
w3af>>> plugins #plugins菜单
w3af/plugins>>> help
|-------------------------------------------------|
| list                          | List available plugins.                           |
|-------------------------------------------------|
| back                          | Go to the previous menu.                          |
| exit                          | Exit w3af.                                        |
|-------------------------------------------------|
| infrastructure                | View, configure and enable infrastructure plugins |
| mangle                        | View, configure and enable mangle plugins         |
| crawl                         | View, configure and enable crawl plugins          |
| bruteforce                    | View, configure and enable bruteforce plugins     |
| grep                          | View, configure and enable grep plugins           |
| evasion                       | View, configure and enable evasion plugins        |
| audit                         | View, configure and enable audit plugins          |
| auth                          | View, configure and enable auth plugins           |
| output                        | View, configure and enable output plugins         |
|-------------------------------------------------|
w3af/plugins>>> list audit #查看audit模块
|------------------------------------------------|
| Plugin name        | Status | Conf | Description                                 |
|------------------------------------------------|
。。。。。
。。。。。
| xst                |        |      | Find Cross Site Tracing vulnerabilities.    |
|------------------------------------------------|

w3af>>> exploit  #exploit菜单
w3af/exploit>>> help
|-------------------------------------------------|
| list           | List available exploits.                                         |
| exploit        | Exploit a vulnerability found by audit plugins.                  |
| interact       | List and interact with shell objects generated by exploit plugins.                                                     |
|-------------------------------------------------|
| back           | Go to the previous menu.                                         |
| exit           | Exit w3af.                                                       |
|-------------------------------------------------|
w3af/exploit>>> list #显示可用的exploit工具
|-------------------------------------------------|
| Plugin                  | Description                                             |
|-------------------------------------------------|
| sqlmap                  | Exploit web servers that have sql injection vulnerabilities using sqlmap.                                     |
| file_upload             | Exploit applications that allow unrestricted file uploads inside the webroot.                                 |
| xpath                   | Exploit XPATH injections with the objective of retrieving the complete XML text.                              |
| local_file_reader       | Exploit local file inclusion bugs.                      |
| os_commanding           | Exploit OS Commanding vulnerabilities.                  |
| dav                     | Exploit web servers that have unauthenticated DAV access.                                                     |
| eval                    | Exploit eval() vulnerabilities.                         |
| rfi                     | Exploit remote file include vulnerabilities.            |
|-------------------------------------------------|

w3af>>> profiles #配置菜单
w3af/profiles>>> help
|-------------------------------------------------|
| use                | Use a profile.                                               |
| list               | List available profiles.                                     |
| save_as            | Save the current configuration to a profile.                 |
|-------------------------------------------------|
| back               | Go to the previous menu.                                     |
| exit               | Exit w3af.                                                   |
|-------------------------------------------------|
w3af/profiles>>> list #显示可用的攻击配置
|-------------------------------------------------|
| Profile                | Description                                              |
|-------------------------------------------------|
| bruteforce             | Bruteforce form or basic authentication access controls using default credentials. To run this profile, set    |
|                        | the target URL to the resource where the access control is, and then click on Start.                           |
| audit_high_risk        | Perform a scan to only identify the vulnerabilities with higher risk, like SQL Injection, OS Commanding,       |
|                        | Insecure File Uploads, etc.                              |
| full_audit_manual_disc | Perform a manual discovery using the spiderMan plugin, and afterwards scan the site for any known              |
|                        | vulnerabilities.                                         |
| full_audit             | This profile performs a full audit of the target website, using only the webSpider plugin for discovery.       |
| OWASP_TOP10            | The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving  |
|                        | the security of application software. OWASP searched for and published the ten most common security flaws.     |
|                        | This profile search for this top 10 security flaws. For more information about the security flaws:             |
|                        | http://www.owasp.org/index.php/OWASP_Top_Ten_Project .   |
| fast_scan              | Perform a fast scan of the target site, using only a few discovery plugins and the fastest audit plugins.      |
| empty_profile          | This is an empty profile that you can use to start a new configuration from.                                   |
| web_infrastructure     | Use all the available techniques in w3af to fingerprint the remote Web infrastructure.                         |
| sitemap                | Use different online techniques to create a fast sitemap of the target web application. This plugin will only  |
|                        | work if you've got Internet access and the target web application is being spidered by Yahoo!                  |
|-------------------------------------------------|
w3af>>> keys #各种快捷键
|-------------------------------------------------|
| Ctrl-A / Ctrl-E                   | Move cursor to the beginning/end of the line. |
| Ctrl-H                            | Erase the character before the cursor.        |
| Ctrl-W                            | Erase the word before the cursor.             |
| Ctrl-L                            | Clear screen.                                 |
| Ctrl-D, Ctrl-C                    | Return to the previous menu or exit w3af.     |
|-------------------------------------------------|
w3af>>> target  #目标菜单
w3af/config:target>>> help
|-------------------------------------------------|
| view        | List the available options and their values.                        |
| set         | Set a parameter value.                                              |
| save        | Save the configured settings.                                       |
|-------------------------------------------------|
| back        | Go to the previous menu.                                            |
| exit        | Exit w3af.    |
|-------------------------------------------------|
w3af/config:target>>> view #显示目标信息
|------------------------------------------------|
| Setting            | Value    | Modified  | Description                          |
|------------------------------------------------|
| target_framework   | unknown  |           | Target programming framework (unknown/php/asp/asp.net/java/jsp/cfm/ruby/perl)              |
| target             |          |           | A comma separated list of URLs       |
| target_os          | unknown  |           | Target operating system (unknown/unix/windows)                                             |
|------------------------------------------------|
w3af>>> http-settings  #http设定
w3af/config:http-settings>>> help
|-------------------------------------------------|
| view        | List the available options and their values.                        |
| set         | Set a parameter value.                                              |
| save        | Save the configured settings.                                       |
|-------------------------------------------------|
| back        | Go to the previous menu.                                            |
| exit        | Exit w3af.    |
|-------------------------------------------------|
w3af/config:http-settings>>> view
|-------------------------------------------------|
| Setting                | Value    | Modified | Description                        |
|-------------------------------------------------|
| url_parameter          |          |          | Append the given URL parameter to every accessed URL. Example:                           |
。。。。。。
。。。。。。
| basic_auth_domain      |          |          | Set the basic authentication domain for HTTP requests                                    |
|-------------------------------------------------|
w3af>>> misc-settings  #软件设定
w3af/config:misc-settings>>> help
|-------------------------------------------------|
| view        | List the available options and their values.                        |
| set         | Set a parameter value.                                              |
| save        | Save the configured settings.                                       |
|-------------------------------------------------|
| back        | Go to the previous menu.                                            |
| exit        | Exit w3af.    |
|-------------------------------------------------|
w3af/config:misc-settings>>> view
|-----------------------------------------------|
| Setting                 | Value                 | Modified | Description        |
|-----------------------------------------------|
| msf_location            | /opt/metasploit3/bin/ |          | Full path of Metasploit framework binary directory                       |
。。。。。。
。。。。。。
| fuzz_cookies            | False                 |          | Indicates if w3af plugins will use cookies as a fuzzable parameter       |
|-----------------------------------------------|
w3af>>> exit #退出

w3af_gui:

如下图,和上面的命令基本对应:

Leave a Reply

7 − 6 =

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据