Re: [W3af-users] CVE/CVSS-W3af compatibility
Status: Beta
Brought to you by:
andresriancho
Menu
▾
▴
Re: [W3af-users] CVE/CVSS-W3af compatibility
|
From: Andres R. <and...@gm...> - 2016-11-22 22:13:17
|
Waqas,
Some vulnerabilities, such as SQL injection should display vulndb
data [0] in the UI and some output reports. vulndb references owasp
top10, and cwe. The complete list of vulnerabilities which include
this description is here [1]. This is only available in the latest
w3af versions.
[0] https://github.com/vulndb/data/blob/master/db/45-sql-injection.json
[1] https://github.com/vulndb/data/tree/master/db
On Wed, Nov 16, 2016 at 7:57 AM, Waqas Aman <waq...@gm...> wrote:
> Hi,
> I just started using the tool. I was wondering whether the w3af scan results
> include the CVE/CVSS information of the vulnerabilities found, or
> information of other standard vuln.DBs/standards for the matter. I didn't
> see such info yet, may be I am missing it.
> IF not provided natively,, are there any external plugins that can be
> installed on the w3af to add such info to the vuln. found. And, if there
> isnt any such plugins available, are there any other opensource web vuln
> scanners whose scans reveal CVE/CVSS or related information?
>
> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
|
