Out of all security scanners, w3af easily offers the best user-friendly interface with maximum amount of powerful execution. w3af’s official website explains their tool as:
- The core, which coordinated the whole process and provides libraries for using in plugins.
- The user interfaces, which allow the user to configure and start scans
- The plugins, which find links and vulnerabilities
For Linux users:
- apt-get update
- apt-get install -y w3af – (continue below if latest version is not installed)
- cd ~
- apt-get update
- apt-get install -y python-pip w3af
- pip install –upgrade pip
- git clone https://github.com/andresriancho/w3af.git
- cd w3af
- ./w3af_console
- . /tmp/w3af_dependency_install.sh
- Under profiles, select “full_audit” (or whatever you prefer)
- Select “Yes”
- Insert your targeted address next to “Target:”
- Select “Scan” (and select any specific plugins)
- After the scan is complete, you will see a log of vulnerabilities
- Navigate to “Results” and then “KB browser” for more details
