[W3af-develop] REST API for w3af
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
[W3af-develop] REST API for w3af
|
From: Andres R. <and...@gm...> - 2014-03-20 14:47:29
|
Lists,
Talking with different users off-list, I've noticed that the
advanced users want to integrate w3af with other tools, and while this
is possible today (w3af console script + XML output) it is not the
best approach.
The world is moving towards REST APIs, and we're going there too.
A REST API allows users to spawn a w3af server in their datacenter and
have it run scans of all their web applications, calling it remotely
from continuous integration / delivery systems, etc.
w3afRemote [1] was an innovative project built by Deb some time
ago, which had the main goals but a different technology stack:
xmlrpc. Together with Deb we've decided to code a REST API wrapper
around w3afCore/kb and make that part of the project. When this is
done you'll be able to run ./w3af_api and have a fully functioning
HTTP daemon exposing the REST API listening on localhost.
This part of the project is just starting [0]: we have the idea
and some time to dedicate to it. If you want to join us speak now!;
your input is very valuable.
[0] https://github.com/andresriancho/w3af/issues?milestone=8&state=open
[1] http://sourceforge.net/projects/w3afremote/
Regards,
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
|
