Re: [W3af-users] run profile without target
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-users] run profile without target
|
From: Andres R. <and...@gm...> - 2015-12-01 13:19:49
|
webgoat is not usually a good target for testing scanners. I would
recommend other applications such as:
* http://testphp.acunetix.com/
* https://github.com/andresriancho/django-moth
On Mon, Nov 30, 2015 at 3:41 PM, Vojtěch Polášek <kr...@gm...> wrote:
> Greetings,
> thanks for reply, i will try it out.
> To be exact, I am running W3Af against Owasp Webgoat, which runs on Tomcat.
> Best regards,
> Vojta
>
> Dne 30.11.2015 v 18:54 Andres Riancho napsal(a):
>> Vojtěch,
>>
>> Questions are welcome :)
>>
>> I assume you wanted to say JavaScript instead of Java, if JS is
>> heavily used, then yes the web_spider is "almost useless".
>>
>> Well, the scan of the target URL can't be prevented, but if you
>> set the URL to http://target.com/ and disable web_spider, then w3af
>> won't have any parameters to find vulnerabilities in and the target is
>> "ignored" (most likely, haven't tested it).
>>
>> Regards,
>>
>> On Mon, Nov 30, 2015 at 2:48 PM, Vojtěch Polášek <kr...@gm...> wrote:
>>> Greetings,
>>> my name is Vojtěch Polášek and I am a blind IT student from Czech Republic.
>>> As a part of my bachelor thesis, I am researching some tools for
>>> security analysis of web applications. One of those tools is W3AF, so
>>> expect some questions in near time :-)
>>> I need to perform analysis of Java application, where web_spider is
>>> useless. Therefore I use spider_man plugin. My question is; would it be
>>> possible to prevent initial scan of the URL set as target?
>>> Because it does not make much sense, as all needed input is facilitated
>>> through spider_man.
>>> Thank you for your response and best regards,
>>> Vojtěch Polášek
>>>
>>> ------------------------------------------------------------------------------
>>> Go from Idea to Many App Stores Faster with Intel(R) XDK
>>> Give your users amazing mobile app experiences with Intel(R) XDK.
>>> Use one codebase in this all-in-one HTML5 development environment.
>>> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
>>> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
>>> _______________________________________________
>>> W3af-users mailing list
>>> W3a...@li...
>>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Go from Idea to Many App Stores Faster with Intel(R) XDK
> Give your users amazing mobile app experiences with Intel(R) XDK.
> Use one codebase in this all-in-one HTML5 development environment.
> Design, debug & build mobile apps & 2D/3D high-impact games for multiple OSs.
> http://pubads.g.doubleclick.net/gampad/clk?id=254741911&iu=/4140
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
|
