[W3af-users] W3af performance issue

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hello all
I have a issue with w3af that needed some help. When i try to run w3af
against a instance of the site i'm developing i get a very slow audit, for
example i get the following after 8 hours of execution:

|----------------------------------------------------------------------------------------------------|
| Crawling http://seaamz.alice/index/newsletter/ | Method: POST |
Parameters:                        |
| (YII_CSRF_TOKEN="a275b6f26f...", NewsletterSignupForm[gender]="female",
                         |
| NewsletterSignupForm[gender]="male", NewsletterSignupForm[email]="")
using crawl.phpinfo           |
| Auditing http://seaamz.alice/index/newsletter/ | Method: POST |
Parameters:                        |
| (YII_CSRF_TOKEN="a275b6f26f...", NewsletterSignupForm[gender]="female",
                         |
| NewsletterSignupForm[gender]="male", NewsletterSignupForm[email]="")
using audit.eval              |
| Crawl phase: In (0.01 URLs/min) Out (0.01 URLs/min) Pending (0 URLs) ETA
(None)                    |
| Audit phase: In (0.01 URLs/min) Out (0.01 URLs/min) Pending (0 URLs) ETA
(None)                    |
| Requests per minute: 7
                          |
|----------------------------------------------------------------------------------------------------|

After some hours i even get to 0 request per minute. Anyone has even had
this behaviour in w3af.

----------- More info ------------
local machine running:
Ubuntu 12.04
Memory: 8Gb Ram
Processor : I5 4 core @ 2.5Ghz
net interface: using localhost interface
server type: nginx 1.1.19 with php-fpm

Profile used: custom one

[grep.get_emails]

[grep.meta_tags]

[grep.error_pages]

[grep.strange_reason]

[grep.strange_parameters]

[grep.strange_http_codes]

[grep.strange_headers]

[grep.credit_cards]

[grep.error_500]

[grep.csp]

[grep.code_disclosure]

[grep.analyze_cookies]

[crawl.robots_txt]

[crawl.web_spider]
only_forward = False
follow_regex = .*
ignore_regex =

[crawl.phpinfo]

[crawl.sitemap_xml]

[output.html_file]

[output.text_file]
verbose = True
output_file = ~/output.txt
http_output_file = ~/output-http.txt

[output.console]
verbose = True

[audit.xpath]

[audit.xss]
persistent_xss = True

[audit.generic]

[audit.un_ssl]

[audit.format_string]

[audit.preg_replace]

[audit.sqli]

[audit.eval]

[infrastructure.find_vhosts]

[infrastructure.dns_wildcard]

[infrastructure.server_status]

[infrastructure.hmap]

[infrastructure.fingerprint_os]

[target]
target =

[misc-settings]
fuzz_cookies = False
fuzz_form_files = True
fuzz_url_filenames = False
fuzz_url_parts = False
fuzzed_files_extension = gif
fuzzable_headers =
form_fuzzing_mode = tmb
stop_on_first_exception = False
max_discovery_time = 120
interface = eth0
local_ip_address = 192.168.32.94
non_targets =
msf_location = /opt/metasploit3/bin/

[http-settings]
timeout = 15
headers_file =
basic_auth_user =
basic_auth_passwd =
basic_auth_domain =
ntlm_auth_domain =
ntlm_auth_user =
ntlm_auth_passwd =
ntlm_auth_url =
cookie_jar_file =
ignore_session_cookies = False
proxy_port = 8080
proxy_address =
user_agent = w3af.org
max_file_size = 400000
max_http_retries = 2
always_404 =
never_404 =
string_match_404 =
url_parameter =