Re: [W3af-users] run profile without target

[Vojtěch P. <kr...@gm...>]

Greetings,
thanks for reply, i will try it out.
To be exact, I am running W3Af against Owasp Webgoat, which runs on Tomcat.
Best regards,
Vojta

Dne 30.11.2015 v 18:54 Andres Riancho napsal(a):
> Vojtěch,
>
>     Questions are welcome :)
>
>     I assume you wanted to say JavaScript instead of Java, if JS is
> heavily used, then yes the web_spider is "almost useless".
>
>     Well, the scan of the target URL can't be prevented, but if you
> set the URL to http://target.com/ and disable web_spider, then w3af
> won't have any parameters to find vulnerabilities in and the target is
> "ignored" (most likely, haven't tested it).
>
> Regards,
>
> On Mon, Nov 30, 2015 at 2:48 PM, Vojtěch Polášek <kr...@gm...> wrote:
>> Greetings,
>> my name is Vojtěch Polášek and I am a blind IT student from Czech Republic.
>> As a part of my bachelor thesis, I am researching some tools for
>> security analysis of web applications. One of those tools is W3AF, so
>> expect some questions in near time :-)
>> I need to perform analysis of Java application, where web_spider is
>> useless. Therefore I use spider_man plugin. My question is; would it be
>> possible to prevent initial scan of the URL set as target?
>> Because it does not make much sense, as all needed input is facilitated
>> through spider_man.
>> Thank you for your response and best regards,
>> Vojtěch Polášek
>>
>> ------------------------------------------------------------------------------
>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>> Give your users amazing mobile app experiences with Intel(R) XDK.
>> Use one codebase in this all-in-one HTML5 development environment.
>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
>> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
>> _______________________________________________
>> W3af-users mailing list
>> W3a...@li...
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>