Welcome to w3af’s documentation¶
This document is the user’s guide for the Web Application Attack and Audit Framework (w3af), its goal is to provide a basic overview of what the framework is, how it works and what you can do with it.
w3af is a complete environment for auditing and exploiting Web applications. This environment provides a solid platform for web vulnerability assessments and penetration tests.
| Github repository |  |
| w3af homepage |  |
| IRC channel |  |
| Users mailing list |  |
| Developers mailing list | |
| Twitter feed |  |
Contents¶
- Installation
- Advanced installation
- Updating to the latest version
- Basic steps and phases
- Scan configuration
- Other plugins
- Running w3af
- Running w3af with GTK user interface
- Plugin configuration
- Starting a scan
- Automation using scripts
- Authentication
- Common use cases
- Complex web applications
- Exploiting Web application vulnerabilities
- Web Application Payloads
- Bug reporting
- Contribute