w3af-users — User mailing list

Re: [W3af-users] I saw on the project page thoughts about moving to docker for deployment

[Andres R. <and...@gm...>]

Andrew,

    Please read inline,

On Mon, Aug 18, 2014 at 9:41 PM, Andrew King <aki...@gm...> wrote:
> Is everyone set on docker or is pure LXC okay too?
>
> Docker seems neat, but it's changing pretty rapidly.  LXC has been around
> for a while now, and it seems a little more stable for the time being.
>
> Both are options, but I was just wondering about the whys on the decision.

    First of all, it's important to note that w3af won't be
exclusively deployed/released via docker, users will still be able to
download and install it in their operating systems.

    Now that's clear, lets analyze why docker :) First of all, docker
is easy to use by defining a Dockerfile [0] and it provides a public
registry [1] where we can automatically build docker images on each
push to our repository. Also, docker has received a lot of attention
lately and some users do already know how to use it, etc. this is
different from lxc which is great but not as popular.

    There is also a pull request for w3af / vagrant, which will be
merged after I test it. This means that I'm not picking one solution
and sticking with it, we're mostly experimenting with the most popular
ones and maybe in a year decide which one is the best for w3af.

    If you would like to help with the docker and/or vagrant stuff,
we're more than glad to see pull-requests :)

[0] https://github.com/andresriancho/w3af/blob/develop/extras/Dockerfile
[1] https://registry.hub.docker.com/u/andresriancho/w3af/

> ------------------------------------------------------------------------------
>
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

[W3af-users] I saw on the project page thoughts about moving to docker for deployment

[Andrew K. <aki...@gm...>]

Is everyone set on docker or is pure LXC okay too?

Docker seems neat, but it's changing pretty rapidly.  LXC has been around
for a while now, and it seems a little more stable for the time being.

Both are options, but I was just wondering about the whys on the decision.

[W3af-users] BlackHat Arsenal

[Andres R. <and...@gm...>]

List,

    If you're going to be at blackhat this week, please visit my w3af
booth at the BlackHat Arsenal! Got T-shirts and stickers :)

Regards,
-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

Re: [W3af-users] w3af install on Ubuntu 14.04

[Aman T. <ama...@gm...>]

Thanks for sending me those package details sir. I have already tried those
but didn't worked. And got the problrm why it didn't worked and i would
like to share with all developers.

Basically when w3af tries to get the operating system platform information
from the python scripts it was some default name because the ubuntu.py
don't have any declarations for ubuntu 14.04. But it has the declaration
for ubuntu 12.04 lts with a variable ubuntu1204 which uses ubuntu.py.

So i installed ubuntu 12.04 and it worked like charm.

Thanks

With regards
Aman
On Aug 2, 2014 1:07 PM, "Zuhdi Najib" <nz...@ho...> wrote:

> Try and see if this works. I installed w3af on Debian 7. Should be pretty
> similar to Ubuntu variant.
>
> root@alpha:~# apt-get install build-essential git python-pip libssl-dev
> python2.7-dev libxml2-dev libxslt1-dev -y
>
> root@alpha:~# pip install clamd==1.0.1 PyGithub==1.21.0
> GitPython==0.3.2.RC1 pybloomfiltermmap==0.3.11 esmre==0.3.1 phply==0.9.1
> nltk==2.0.4 chardet==2.1.1 pdfminer==20110515 futures==2.1.5
> pyOpenSSL==0.13.1 lxml==2.3.2 scapy-real==2.2.0-dev guess-language==0.2
> cluster==1.1.1b3 msgpack-python==0.2.4 python-ntlm==1.0.1 halberd==0.2.4
> darts.util.lru==0
>
> Excerpt from: http://zuhdi.org/blog/archives/205
>
> ------------------------------
> Date: Wed, 23 Jul 2014 22:21:24 +0530
> From: ama...@gm...
> To: w3a...@li...
> Subject: [W3af-users] w3af install on Ubuntu 14.04
>
> Hello Guys,
> Good Day!!
>
> I was trying to install w3af on ubuntu 14.04 LTS but i am getting error
> while installing. Can anyone tell me any steps to follow while installing
> w3af and it's dependencies on ubuntu 14.04 LTS machine?
>
> Or if you could tell me which version of ubuntu should i use for w3af?
>
> Also, if w3af need any specific OS, i mean 32bit or 64 bit?
>
> Thanks
>
> With Regards
> Aman Thakur
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck Code
> Sight - the same software that powers the world's largest code search on
> Ohloh, the Black Duck Open Hub! Try it now. http://p.sf.net/sfu/bds
> _______________________________________________ W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>

Re: [W3af-users] w3af install on Ubuntu 14.04

[Zuhdi N. <nz...@ho...>]

Try and see if this works. I installed w3af on Debian 7. Should be pretty similar to Ubuntu variant.

root@alpha:~# apt-get install build-essential git python-pip libssl-dev python2.7-dev libxml2-dev libxslt1-dev -y

root@alpha:~# pip install clamd==1.0.1 PyGithub==1.21.0 GitPython==0.3.2.RC1 pybloomfiltermmap==0.3.11 esmre==0.3.1 phply==0.9.1 
nltk==2.0.4 chardet==2.1.1 pdfminer==20110515 futures==2.1.5 pyOpenSSL==0.13.1 lxml==2.3.2 scapy-real==2.2.0-dev guess-language==0.2 
cluster==1.1.1b3 msgpack-python==0.2.4 python-ntlm==1.0.1 halberd==0.2.4 darts.util.lru==0

Excerpt from: http://zuhdi.org/blog/archives/205

Date: Wed, 23 Jul 2014 22:21:24 +0530
From: ama...@gm...
To: w3a...@li...
Subject: [W3af-users] w3af install on Ubuntu 14.04

Hello Guys,Good Day!!
I was trying to install w3af on ubuntu 14.04 LTS but i am getting error while installing. Can anyone tell me any steps to follow while installing w3af and it's dependencies on ubuntu 14.04 LTS machine?

Or if you could tell me which version of ubuntu should i use for w3af?
Also, if w3af need any specific OS, i mean 32bit or 64 bit?
Thanks

With RegardsAman Thakur

------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
W3af-users mailing list
W3a...@li...
https://lists.sourceforge.net/lists/listinfo/w3af-users 		 	   		  

Re: [W3af-users] W3af clamav.py

[Aman T. <ama...@gm...>]

Ah ok so it means it is not scanning the full website.

Thanks andres
On Jul 30, 2014 2:26 AM, "Andres Riancho" <and...@gm...> wrote:

> Aman,
>
> On Tue, Jul 29, 2014 at 5:05 PM, Aman Thakur <ama...@gm...>
> wrote:
> > Hi Guys,
> > Good Day!!
> >
> > I am trying to scan a website for malware using the clamav.py grep
> plugin. I
> > wanted to confirm if i am doing it right or not.
> > What is did is this:
> >
> > $ w3af_console
> > w3af>> plugins
> > w3af/plugins>> grep clamav
> > w3af/plugins>> crawl web_spider
> > w3af/plugins>> output console
> > w3af/plugins>> back
> > w3af>> target
> > w3af/config:target>> set target mydomain.com
> > w3af/config:target>> back
> > w3af>> start
> >
> > Then it prints the output something like:
> > Using ClamAV 0.98.1/19240/Tue Jul 29 18:39:04 2014 for scanning HTTP
> > response bodies.
>
> This shows that your clamavd setup is correct
>
> > Found 1 URLs and 1 different injections points.
> > The URL list is:
> > - http://mydomain.com/
> > The list of fuzzable requests is:
> > - Method: GET | http://mydomain.com/
> > Scan finished in 26 seconds.
>
> And this shows that only the web root is being scanned. This might be
> because any number of reasons:
>  * The page redirects to https, w3af won't follow anything outside the
> defined target protocol+domain
>  * The page uses lots of Flash/JavaScript
>  * The web root HTML triggers some issue in w3af's crawler
>
> > Stopping the core...
> >
> >
> > I wanted to confirm that is it scanning the whole website? or it is only
> > scanning he home page??
> >
> > Thanks
> >
> > With Regards
> > Aman Thakur
> >
> >
> ------------------------------------------------------------------------------
> > Infragistics Professional
> > Build stunning WinForms apps today!
> > Reboot your WinForms applications with our WinForms controls.
> > Build a bridge from your legacy apps to the future.
> >
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> > _______________________________________________
> > W3af-users mailing list
> > W3a...@li...
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>

Re: [W3af-users] W3af clamav.py

[Andres R. <and...@gm...>]

Aman,

On Tue, Jul 29, 2014 at 5:05 PM, Aman Thakur <ama...@gm...> wrote:
> Hi Guys,
> Good Day!!
>
> I am trying to scan a website for malware using the clamav.py grep plugin. I
> wanted to confirm if i am doing it right or not.
> What is did is this:
>
> $ w3af_console
> w3af>> plugins
> w3af/plugins>> grep clamav
> w3af/plugins>> crawl web_spider
> w3af/plugins>> output console
> w3af/plugins>> back
> w3af>> target
> w3af/config:target>> set target mydomain.com
> w3af/config:target>> back
> w3af>> start
>
> Then it prints the output something like:
> Using ClamAV 0.98.1/19240/Tue Jul 29 18:39:04 2014 for scanning HTTP
> response bodies.

This shows that your clamavd setup is correct

> Found 1 URLs and 1 different injections points.
> The URL list is:
> - http://mydomain.com/
> The list of fuzzable requests is:
> - Method: GET | http://mydomain.com/
> Scan finished in 26 seconds.

And this shows that only the web root is being scanned. This might be
because any number of reasons:
 * The page redirects to https, w3af won't follow anything outside the
defined target protocol+domain
 * The page uses lots of Flash/JavaScript
 * The web root HTML triggers some issue in w3af's crawler

> Stopping the core...
>
>
> I wanted to confirm that is it scanning the whole website? or it is only
> scanning he home page??
>
> Thanks
>
> With Regards
> Aman Thakur
>
> ------------------------------------------------------------------------------
> Infragistics Professional
> Build stunning WinForms apps today!
> Reboot your WinForms applications with our WinForms controls.
> Build a bridge from your legacy apps to the future.
> http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

[W3af-users] W3af clamav.py

[Aman T. <ama...@gm...>]

Hi Guys,
Good Day!!

I am trying to scan a website for malware using the clamav.py grep plugin.
I wanted to confirm if i am doing it right or not.
What is did is this:

$ w3af_console
w3af>> plugins
w3af/plugins>> grep clamav
w3af/plugins>> crawl web_spider
w3af/plugins>> output console
w3af/plugins>> back
w3af>> target
w3af/config:target>> set target mydomain.com
w3af/config:target>> back
w3af>> start

Then it prints the output something like:
Using ClamAV 0.98.1/19240/Tue Jul 29 18:39:04 2014 for scanning HTTP
response bodies.
Found 1 URLs and 1 different injections points.
The URL list is:
- http://mydomain.com/
The list of fuzzable requests is:
- Method: GET | http://mydomain.com/
Scan finished in 26 seconds.
Stopping the core...


I wanted to confirm that is it scanning the whole website? or it is only
scanning he home page??

Thanks

With Regards
Aman Thakur

Re: [W3af-users] w3af install on Ubuntu 14.04

[Ali K. <ali...@gm...>]

what's the error and how are you installing it?

On 07/23/2014 07:51 PM, Aman Thakur wrote:
> Hello Guys,
> Good Day!!
> 
> I was trying to install w3af on ubuntu 14.04 LTS but i am getting error
> while installing. Can anyone tell me any steps to follow while
> installing w3af and it's dependencies on ubuntu 14.04 LTS machine?
> 
> Or if you could tell me which version of ubuntu should i use for w3af?
> 
> Also, if w3af need any specific OS, i mean 32bit or 64 bit?
> 
> Thanks
> 
> With Regards
> Aman Thakur
> 
> 
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> 
> 
> 
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
> 

[W3af-users] w3af install on Ubuntu 14.04

[Aman T. <ama...@gm...>]

Hello Guys,
Good Day!!

I was trying to install w3af on ubuntu 14.04 LTS but i am getting error
while installing. Can anyone tell me any steps to follow while installing
w3af and it's dependencies on ubuntu 14.04 LTS machine?

Or if you could tell me which version of ubuntu should i use for w3af?

Also, if w3af need any specific OS, i mean 32bit or 64 bit?

Thanks

With Regards
Aman Thakur

Re: [W3af-users] w3af broken after kali update

[Ali K. <ali...@gm...>]

Works like a charm,  thanks 

On ٢١ يوليو، ٢٠١٤ ١:٥٧:٤٥ م GMT+03:00, Andres Riancho <and...@gm...> wrote:
>Your "nightmare" ends with:
>
>sudo pip install darts.util.lru
>
>On Sat, Jul 19, 2014 at 6:17 PM, Ali Khalfan <ali...@gm...>
>wrote:
>> ah , when will the nightmare end..
>>
>>
>https://forums.kali.org/showthread.php?22038-w3af-broken-after-update-on-Kali-1-0-7
>>
>>
>>
>------------------------------------------------------------------------------
>> Want fast and easy access to all the code in your enterprise? Index
>and
>> search up to 200,000 lines of code with a free copy of Black Duck
>> Code Sight - the same software that powers the world's largest code
>> search on Ohloh, the Black Duck Open Hub! Try it now.
>> http://p.sf.net/sfu/bds
>> _______________________________________________
>> W3af-users mailing list
>> W3a...@li...
>> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
>
>-- 
>Andrés Riancho
>Project Leader at w3af - http://w3af.org/
>Web Application Attack and Audit Framework
>Twitter: @w3af
>GPG: 0x93C344F3

-- 
Sent from my Android device with K-9 Mail. Please excuse my brevity.

Re: [W3af-users] w3af broken after kali update

[Andres R. <and...@gm...>]

Your "nightmare" ends with:

sudo pip install darts.util.lru

On Sat, Jul 19, 2014 at 6:17 PM, Ali Khalfan <ali...@gm...> wrote:
> ah , when will the nightmare end..
>
> https://forums.kali.org/showthread.php?22038-w3af-broken-after-update-on-Kali-1-0-7
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

[W3af-users] w3af broken after kali update

[Ali K. <ali...@gm...>]

ah , when will the nightmare end..

https://forums.kali.org/showthread.php?22038-w3af-broken-after-update-on-Kali-1-0-7

Re: [W3af-users] Session ID cookie

[Daniel P. <sud...@ym...>]

Hi Andres,

Thank you for replying. I ended up setting the entire cookie header using headers.txt and that worked. I will just curl for the cookies and store them into the headers.txt.

Thanks for the help and especially for making such a great tool!

Best,
Daniel


On Friday, July 18, 2014 2:22 PM, Andres Riancho <and...@gm...> wrote:
 


Daniel,

    Just guessing, but I believe that the problem is here:

        set data_format
username=admin&password=password&csrfmiddlewaretoken=blahblahblah

    Specifically in the csrfmiddlewaretoken value will change each
time w3af is run against your site; BUT will be kept static in the
configuration. The solution would be to set an HTTP headers file with
the same value. Haven't tested it, but it should look like this in
w3af:

http-settings
set headers_file /tmp/django-headers.txt
back

    And the file should contain:

Cookie: csrfmiddlewaretoken=blahblahblah

    The cookie name might be different (not sure). The "blahblahblah"
in both places should be replaced by a valid value in Django.

    Let me know how that goes, I'm interested in knowing :)

Regards,

On Fri, Jul 18, 2014 at 6:12 PM, Daniel Park <sud...@ym...> wrote:
> Oh here is my w3af script for reference:
> dpaste: 19YPJWG
>
>
>
>
>
>
> dpaste: 19YPJWG
> 659 bytes, Plain text     Soft wrap Raw text Duplicate 1 2 3 4 5 6 7 8 9 10
> 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
> View on dpaste.com
> Preview by Yahoo
>
>
> Thanks,
> Daniel
>
>
> On Friday, July 18, 2014 2:10 PM, Daniel Park <sud...@ym...> wrote:
>
>
> Hello,
>
> I'm trying to login into a Django app using w3af_console. I'm able to see a
> sessionid cookie in the console output, but it seems like w3af is not saving
> it to the cookies.txt. So after I'm able to POST and get back a session id
> cookie, I can't seem access any secured URL's and get redirected back to the
> login page.
>
> How can I configure w3af to save the session cookies?
>
> Thanks,
> Daniel
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users

>
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

Re: [W3af-users] Session ID cookie

[Andres R. <and...@gm...>]

Daniel,

    Just guessing, but I believe that the problem is here:

        set data_format
username=admin&password=password&csrfmiddlewaretoken=blahblahblah

    Specifically in the csrfmiddlewaretoken value will change each
time w3af is run against your site; BUT will be kept static in the
configuration. The solution would be to set an HTTP headers file with
the same value. Haven't tested it, but it should look like this in
w3af:

http-settings
set headers_file /tmp/django-headers.txt
back

    And the file should contain:

Cookie: csrfmiddlewaretoken=blahblahblah

    The cookie name might be different (not sure). The "blahblahblah"
in both places should be replaced by a valid value in Django.

    Let me know how that goes, I'm interested in knowing :)

Regards,

On Fri, Jul 18, 2014 at 6:12 PM, Daniel Park <sud...@ym...> wrote:
> Oh here is my w3af script for reference:
> dpaste: 19YPJWG
>
>
>
>
>
>
> dpaste: 19YPJWG
> 659 bytes, Plain text     Soft wrap Raw text Duplicate 1 2 3 4 5 6 7 8 9 10
> 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35
> View on dpaste.com
> Preview by Yahoo
>
>
> Thanks,
> Daniel
>
>
> On Friday, July 18, 2014 2:10 PM, Daniel Park <sud...@ym...> wrote:
>
>
> Hello,
>
> I'm trying to login into a Django app using w3af_console. I'm able to see a
> sessionid cookie in the console output, but it seems like w3af is not saving
> it to the cookies.txt. So after I'm able to POST and get back a session id
> cookie, I can't seem access any secured URL's and get redirected back to the
> login page.
>
> How can I configure w3af to save the session cookies?
>
> Thanks,
> Daniel
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

Re: [W3af-users] Session ID cookie

[Daniel P. <sud...@ym...>]

Oh here is my w3af script for reference:
dpaste: 19YPJWG

  
          
dpaste: 19YPJWG
659 bytes, Plain text     Soft wrap Raw text Duplicate 1 2 3 4 5 6 7 8 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35   
View on dpaste.com Preview by Yahoo  
  

Thanks,
Daniel


On Friday, July 18, 2014 2:10 PM, Daniel Park <sud...@ym...> wrote:
 


Hello, 

I'm trying to login into a Django app using w3af_console. I'm able to see a sessionid cookie in the console output, but it seems like w3af is not saving it to the cookies.txt. So after I'm able to POST and get back a session id cookie, I can't seem access any secured URL's and get redirected back to the login page.

How can I configure w3af to save the session cookies?

Thanks,
Daniel
------------------------------------------------------------------------------
Want fast and easy access to all the code in your enterprise? Index and
search up to 200,000 lines of code with a free copy of Black Duck
Code Sight - the same software that powers the world's largest code
search on Ohloh, the Black Duck Open Hub! Try it now.
http://p.sf.net/sfu/bds
_______________________________________________
W3af-users mailing list
W3a...@li...
https://lists.sourceforge.net/lists/listinfo/w3af-users

[W3af-users] Session ID cookie

[Daniel P. <sud...@ym...>]

Hello, 

I'm trying to login into a Django app using w3af_console. I'm able to see a sessionid cookie in the console output, but it seems like w3af is not saving it to the cookies.txt. So after I'm able to POST and get back a session id cookie, I can't seem access any secured URL's and get redirected back to the login page.

How can I configure w3af to save the session cookies?

Thanks,
Daniel

Re: [W3af-users] w3af not Starting

[Andres R. <and...@gm...>]

You're a smart guy, why don't you read the pip manual and try
something extra from what I tell you?

On Tue, Jul 15, 2014 at 9:33 AM, Aman Thakur <ama...@gm...> wrote:
> i got this:
>
> ~# sudo pip install --upgrade phply==0.9.1
> Downloading/unpacking phply==0.9.1
>   Running setup.py egg_info for package phply
>
> Requirement already up-to-date: ply in
> /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
> Installing collected packages: phply
>   Found existing installation: phply dev
>     Can't uninstall 'phply'. No files were found to uninstall.
>   Running setup.py install for phply
>
>     Skipping installation of
> /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace package)
>     Installing /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
> Successfully installed phply
> Cleaning up...
>
>
>
> On Tue, Jul 15, 2014 at 5:35 PM, Andres Riancho <and...@gm...>
> wrote:
>>
>> That's strange, what if you use:
>>
>> sudo pip install --upgrade phply==0.9.1
>>
>> Also try reading pip's man, and finding a --force (or similar)
>>
>> On Tue, Jul 15, 2014 at 9:01 AM, Aman Thakur <ama...@gm...>
>> wrote:
>> > Hi Andres,
>> >
>> > Thanks for replying.
>> >
>> > i got this:
>> > ~# sudo pip install phply==0.9.1
>> > Downloading/unpacking phply==0.9.1
>> >   Running setup.py egg_info for package phply
>> >
>> > Requirement already satisfied (use --upgrade to upgrade): ply in
>> > /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
>> > Installing collected packages: phply
>> >   Found existing installation: phply dev
>> >     Can't uninstall 'phply'. No files were found to uninstall.
>> >   Running setup.py install for phply
>> >
>> >     Skipping installation of
>> > /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
>> > package)
>> >     Installing
>> > /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
>> > Successfully installed phply
>> > Cleaning up...
>> >
>> > But still the w3af_console doesn't starts up and gives the same error.
>> >
>> > Thanks
>> >
>> > Regards
>> > Aman Thakur
>> >
>> >
>> > On Tue, Jul 15, 2014 at 5:25 PM, Andres Riancho
>> > <and...@gm...>
>> > wrote:
>> >>
>> >> What happens if you just run "sudo pip install phply==0.9.1" ?
>> >>
>> >> On Tue, Jul 15, 2014 at 5:19 AM, Aman Thakur
>> >> <ama...@gm...>
>> >> wrote:
>> >> > Hello Everyone,
>> >> >
>> >> > I have updated my w3af directory contents using the "git pull"
>> >> > command.
>> >> > But
>> >> > the w3af is not working after the update. I am getting these error as
>> >> > below:
>> >> >
>> >> > when is did ./w3af_console to start w3af, i got this message below:
>> >> >
>> >> > (Your python installation needs the following modules to run w3af:
>> >> >     phply
>> >> >
>> >> >
>> >> > After installing any missing operating system packages, use pip to
>> >> > install
>> >> > the remaining modules:
>> >> >     sudo pip install phply==0.9.1
>> >> >
>> >> > A script with these commands has been created for you at
>> >> > /tmp/w3af_dependency_install.sh)
>> >> >
>> >> > and when i tried to execute the script it created,
>> >> > ./w3af_dependency_install.sh it gave me another error again as below:
>> >> >
>> >> > Downloading/unpacking phply==0.9.1
>> >> >   Running setup.py egg_info for package phply
>> >> >
>> >> > Requirement already satisfied (use --upgrade to upgrade): ply in
>> >> > /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
>> >> > Installing collected packages: phply
>> >> >   Found existing installation: phply dev
>> >> >     Can't uninstall 'phply'. No files were found to uninstall.
>> >> >   Running setup.py install for phply
>> >> >
>> >> >     Skipping installation of
>> >> > /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
>> >> > package)
>> >> >     Installing
>> >> > /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
>> >> > Successfully installed phply
>> >> > Cleaning up...
>> >> >
>> >> > any ideas what could be the problem? and how to fix that??
>> >> >
>> >> > Thanks
>> >> >
>> >> > Regards
>> >> > Aman
>> >> >
>> >> >
>> >> >
>> >> > ------------------------------------------------------------------------------
>> >> > Want fast and easy access to all the code in your enterprise? Index
>> >> > and
>> >> > search up to 200,000 lines of code with a free copy of Black Duck
>> >> > Code Sight - the same software that powers the world's largest code
>> >> > search on Ohloh, the Black Duck Open Hub! Try it now.
>> >> > http://p.sf.net/sfu/bds
>> >> > _______________________________________________
>> >> > W3af-users mailing list
>> >> > W3a...@li...
>> >> > https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >> >
>> >>
>> >>
>> >>
>> >> --
>> >> Andrés Riancho
>> >> Project Leader at w3af - http://w3af.org/
>> >> Web Application Attack and Audit Framework
>> >> Twitter: @w3af
>> >> GPG: 0x93C344F3
>> >
>> >
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

Re: [W3af-users] w3af not Starting

[Aman T. <ama...@gm...>]

i got this:

*~# sudo pip install --upgrade phply==0.9.1*
*Downloading/unpacking phply==0.9.1*
*  Running setup.py egg_info for package phply*

*Requirement already up-to-date: ply in
/usr/local/lib/python2.7/dist-packages (from phply==0.9.1)*
*Installing collected packages: phply*
*  Found existing installation: phply dev*
*    Can't uninstall 'phply'. No files were found to uninstall.*
*  Running setup.py install for phply*

*    Skipping installation of
/usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
package)*
*    Installing
/usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth*
*Successfully installed phply*
*Cleaning up...*



On Tue, Jul 15, 2014 at 5:35 PM, Andres Riancho <and...@gm...>
wrote:

> That's strange, what if you use:
>
> sudo pip install --upgrade phply==0.9.1
>
> Also try reading pip's man, and finding a --force (or similar)
>
> On Tue, Jul 15, 2014 at 9:01 AM, Aman Thakur <ama...@gm...>
> wrote:
> > Hi Andres,
> >
> > Thanks for replying.
> >
> > i got this:
> > ~# sudo pip install phply==0.9.1
> > Downloading/unpacking phply==0.9.1
> >   Running setup.py egg_info for package phply
> >
> > Requirement already satisfied (use --upgrade to upgrade): ply in
> > /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
> > Installing collected packages: phply
> >   Found existing installation: phply dev
> >     Can't uninstall 'phply'. No files were found to uninstall.
> >   Running setup.py install for phply
> >
> >     Skipping installation of
> > /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
> package)
> >     Installing
> /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
> > Successfully installed phply
> > Cleaning up...
> >
> > But still the w3af_console doesn't starts up and gives the same error.
> >
> > Thanks
> >
> > Regards
> > Aman Thakur
> >
> >
> > On Tue, Jul 15, 2014 at 5:25 PM, Andres Riancho <
> and...@gm...>
> > wrote:
> >>
> >> What happens if you just run "sudo pip install phply==0.9.1" ?
> >>
> >> On Tue, Jul 15, 2014 at 5:19 AM, Aman Thakur <
> ama...@gm...>
> >> wrote:
> >> > Hello Everyone,
> >> >
> >> > I have updated my w3af directory contents using the "git pull"
> command.
> >> > But
> >> > the w3af is not working after the update. I am getting these error as
> >> > below:
> >> >
> >> > when is did ./w3af_console to start w3af, i got this message below:
> >> >
> >> > (Your python installation needs the following modules to run w3af:
> >> >     phply
> >> >
> >> >
> >> > After installing any missing operating system packages, use pip to
> >> > install
> >> > the remaining modules:
> >> >     sudo pip install phply==0.9.1
> >> >
> >> > A script with these commands has been created for you at
> >> > /tmp/w3af_dependency_install.sh)
> >> >
> >> > and when i tried to execute the script it created,
> >> > ./w3af_dependency_install.sh it gave me another error again as below:
> >> >
> >> > Downloading/unpacking phply==0.9.1
> >> >   Running setup.py egg_info for package phply
> >> >
> >> > Requirement already satisfied (use --upgrade to upgrade): ply in
> >> > /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
> >> > Installing collected packages: phply
> >> >   Found existing installation: phply dev
> >> >     Can't uninstall 'phply'. No files were found to uninstall.
> >> >   Running setup.py install for phply
> >> >
> >> >     Skipping installation of
> >> > /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
> >> > package)
> >> >     Installing
> >> > /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
> >> > Successfully installed phply
> >> > Cleaning up...
> >> >
> >> > any ideas what could be the problem? and how to fix that??
> >> >
> >> > Thanks
> >> >
> >> > Regards
> >> > Aman
> >> >
> >> >
> >> >
> ------------------------------------------------------------------------------
> >> > Want fast and easy access to all the code in your enterprise? Index
> and
> >> > search up to 200,000 lines of code with a free copy of Black Duck
> >> > Code Sight - the same software that powers the world's largest code
> >> > search on Ohloh, the Black Duck Open Hub! Try it now.
> >> > http://p.sf.net/sfu/bds
> >> > _______________________________________________
> >> > W3af-users mailing list
> >> > W3a...@li...
> >> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >> >
> >>
> >>
> >>
> >> --
> >> Andrés Riancho
> >> Project Leader at w3af - http://w3af.org/
> >> Web Application Attack and Audit Framework
> >> Twitter: @w3af
> >> GPG: 0x93C344F3
> >
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>

[W3af-users] w3af in Debian

[Andres R. <and...@gm...>]

List,

    We're looking for a new maintainer for Debian's w3af package [0].
If you're interested let me know :)

[0] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=754472

Regards,
-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

Re: [W3af-users] w3af not Starting

[Andres R. <and...@gm...>]

That's strange, what if you use:

sudo pip install --upgrade phply==0.9.1

Also try reading pip's man, and finding a --force (or similar)

On Tue, Jul 15, 2014 at 9:01 AM, Aman Thakur <ama...@gm...> wrote:
> Hi Andres,
>
> Thanks for replying.
>
> i got this:
> ~# sudo pip install phply==0.9.1
> Downloading/unpacking phply==0.9.1
>   Running setup.py egg_info for package phply
>
> Requirement already satisfied (use --upgrade to upgrade): ply in
> /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
> Installing collected packages: phply
>   Found existing installation: phply dev
>     Can't uninstall 'phply'. No files were found to uninstall.
>   Running setup.py install for phply
>
>     Skipping installation of
> /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace package)
>     Installing /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
> Successfully installed phply
> Cleaning up...
>
> But still the w3af_console doesn't starts up and gives the same error.
>
> Thanks
>
> Regards
> Aman Thakur
>
>
> On Tue, Jul 15, 2014 at 5:25 PM, Andres Riancho <and...@gm...>
> wrote:
>>
>> What happens if you just run "sudo pip install phply==0.9.1" ?
>>
>> On Tue, Jul 15, 2014 at 5:19 AM, Aman Thakur <ama...@gm...>
>> wrote:
>> > Hello Everyone,
>> >
>> > I have updated my w3af directory contents using the "git pull" command.
>> > But
>> > the w3af is not working after the update. I am getting these error as
>> > below:
>> >
>> > when is did ./w3af_console to start w3af, i got this message below:
>> >
>> > (Your python installation needs the following modules to run w3af:
>> >     phply
>> >
>> >
>> > After installing any missing operating system packages, use pip to
>> > install
>> > the remaining modules:
>> >     sudo pip install phply==0.9.1
>> >
>> > A script with these commands has been created for you at
>> > /tmp/w3af_dependency_install.sh)
>> >
>> > and when i tried to execute the script it created,
>> > ./w3af_dependency_install.sh it gave me another error again as below:
>> >
>> > Downloading/unpacking phply==0.9.1
>> >   Running setup.py egg_info for package phply
>> >
>> > Requirement already satisfied (use --upgrade to upgrade): ply in
>> > /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
>> > Installing collected packages: phply
>> >   Found existing installation: phply dev
>> >     Can't uninstall 'phply'. No files were found to uninstall.
>> >   Running setup.py install for phply
>> >
>> >     Skipping installation of
>> > /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
>> > package)
>> >     Installing
>> > /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
>> > Successfully installed phply
>> > Cleaning up...
>> >
>> > any ideas what could be the problem? and how to fix that??
>> >
>> > Thanks
>> >
>> > Regards
>> > Aman
>> >
>> >
>> > ------------------------------------------------------------------------------
>> > Want fast and easy access to all the code in your enterprise? Index and
>> > search up to 200,000 lines of code with a free copy of Black Duck
>> > Code Sight - the same software that powers the world's largest code
>> > search on Ohloh, the Black Duck Open Hub! Try it now.
>> > http://p.sf.net/sfu/bds
>> > _______________________________________________
>> > W3af-users mailing list
>> > W3a...@li...
>> > https://lists.sourceforge.net/lists/listinfo/w3af-users
>> >
>>
>>
>>
>> --
>> Andrés Riancho
>> Project Leader at w3af - http://w3af.org/
>> Web Application Attack and Audit Framework
>> Twitter: @w3af
>> GPG: 0x93C344F3
>
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

Re: [W3af-users] w3af not Starting

[Aman T. <ama...@gm...>]

Hi Andres,

Thanks for replying.

i got this:
*~# sudo pip install phply==0.9.1*
*Downloading/unpacking phply==0.9.1*
*  Running setup.py egg_info for package phply*

*Requirement already satisfied (use --upgrade to upgrade): ply in
/usr/local/lib/python2.7/dist-packages (from phply==0.9.1)*
*Installing collected packages: phply*
*  Found existing installation: phply dev*
*    Can't uninstall 'phply'. No files were found to uninstall.*
*  Running setup.py install for phply*

*    Skipping installation of
/usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
package)*
*    Installing
/usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth*
*Successfully installed phply*
*Cleaning up...*

But still the w3af_console doesn't starts up and gives the same error.

Thanks

Regards
Aman Thakur


On Tue, Jul 15, 2014 at 5:25 PM, Andres Riancho <and...@gm...>
wrote:

> What happens if you just run "sudo pip install phply==0.9.1" ?
>
> On Tue, Jul 15, 2014 at 5:19 AM, Aman Thakur <ama...@gm...>
> wrote:
> > Hello Everyone,
> >
> > I have updated my w3af directory contents using the "git pull" command.
> But
> > the w3af is not working after the update. I am getting these error as
> below:
> >
> > when is did ./w3af_console to start w3af, i got this message below:
> >
> > (Your python installation needs the following modules to run w3af:
> >     phply
> >
> >
> > After installing any missing operating system packages, use pip to
> install
> > the remaining modules:
> >     sudo pip install phply==0.9.1
> >
> > A script with these commands has been created for you at
> > /tmp/w3af_dependency_install.sh)
> >
> > and when i tried to execute the script it created,
> > ./w3af_dependency_install.sh it gave me another error again as below:
> >
> > Downloading/unpacking phply==0.9.1
> >   Running setup.py egg_info for package phply
> >
> > Requirement already satisfied (use --upgrade to upgrade): ply in
> > /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
> > Installing collected packages: phply
> >   Found existing installation: phply dev
> >     Can't uninstall 'phply'. No files were found to uninstall.
> >   Running setup.py install for phply
> >
> >     Skipping installation of
> > /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
> package)
> >     Installing
> /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
> > Successfully installed phply
> > Cleaning up...
> >
> > any ideas what could be the problem? and how to fix that??
> >
> > Thanks
> >
> > Regards
> > Aman
> >
> >
> ------------------------------------------------------------------------------
> > Want fast and easy access to all the code in your enterprise? Index and
> > search up to 200,000 lines of code with a free copy of Black Duck
> > Code Sight - the same software that powers the world's largest code
> > search on Ohloh, the Black Duck Open Hub! Try it now.
> > http://p.sf.net/sfu/bds
> > _______________________________________________
> > W3af-users mailing list
> > W3a...@li...
> > https://lists.sourceforge.net/lists/listinfo/w3af-users
> >
>
>
>
> --
> Andrés Riancho
> Project Leader at w3af - http://w3af.org/
> Web Application Attack and Audit Framework
> Twitter: @w3af
> GPG: 0x93C344F3
>

Re: [W3af-users] w3af not Starting

[Andres R. <and...@gm...>]

What happens if you just run "sudo pip install phply==0.9.1" ?

On Tue, Jul 15, 2014 at 5:19 AM, Aman Thakur <ama...@gm...> wrote:
> Hello Everyone,
>
> I have updated my w3af directory contents using the "git pull" command. But
> the w3af is not working after the update. I am getting these error as below:
>
> when is did ./w3af_console to start w3af, i got this message below:
>
> (Your python installation needs the following modules to run w3af:
>     phply
>
>
> After installing any missing operating system packages, use pip to install
> the remaining modules:
>     sudo pip install phply==0.9.1
>
> A script with these commands has been created for you at
> /tmp/w3af_dependency_install.sh)
>
> and when i tried to execute the script it created,
> ./w3af_dependency_install.sh it gave me another error again as below:
>
> Downloading/unpacking phply==0.9.1
>   Running setup.py egg_info for package phply
>
> Requirement already satisfied (use --upgrade to upgrade): ply in
> /usr/local/lib/python2.7/dist-packages (from phply==0.9.1)
> Installing collected packages: phply
>   Found existing installation: phply dev
>     Can't uninstall 'phply'. No files were found to uninstall.
>   Running setup.py install for phply
>
>     Skipping installation of
> /usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace package)
>     Installing /usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth
> Successfully installed phply
> Cleaning up...
>
> any ideas what could be the problem? and how to fix that??
>
> Thanks
>
> Regards
> Aman
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck
> Code Sight - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3

[W3af-users] w3af not Starting

[Aman T. <ama...@gm...>]

Hello Everyone,

I have updated my w3af directory contents using the "git pull" command. But
the w3af is not working after the update. I am getting these error as below:

when is did ./w3af_console to start w3af, i got this message below:

*(Your python installation needs the following modules to run w3af:*
*    phply*


*After installing any missing operating system packages, use pip to install
the remaining modules:*
*    sudo pip install phply==0.9.1*

*A script with these commands has been created for you at
/tmp/w3af_dependency_install.sh)*

and when i tried to execute the script it created,
./w3af_dependency_install.sh it gave me another error again as below:

*Downloading/unpacking phply==0.9.1*
*  Running setup.py egg_info for package phply*

*Requirement already satisfied (use --upgrade to upgrade): ply in
/usr/local/lib/python2.7/dist-packages (from phply==0.9.1)*
*Installing collected packages: phply*
*  Found existing installation: phply dev*
*    Can't uninstall 'phply'. No files were found to uninstall.*
*  Running setup.py install for phply*

*    Skipping installation of
/usr/local/lib/python2.7/dist-packages/phply/__init__.py (namespace
package)*
*    Installing
/usr/local/lib/python2.7/dist-packages/phply-0.9.1-nspkg.pth*
*Successfully installed phply*
*Cleaning up...*

any ideas what could be the problem? and how to fix that??

Thanks

Regards
Aman

Re: [W3af-users] w3af API

[Andres R. <and...@gm...>]

Guillermo,

On Mon, Jul 14, 2014 at 9:34 AM, Guillermo D.A.G <ge...@gm...> wrote:
>
> Dear Andres,
>
> First of all, congratulations for w3af, you are doing a great job. Now, im working on the testing of several tools for private use, with an a commercial approach, with acunetix, appscan, etc. and an open source approach, with w3af, wapiti...

Thanks for your email, and mostly for your patience in sending it
again to the mailing list.


> The first gap that i found is the API documentation (Restful or not).

Yes, there is no documentation on how w3af works internally, that's correct.

On the other side, I'm always here and on IRC to answer any questions
you (or anyone else might have). I would love to see more
contributors, and that's why I help each new person that approaches
the project with all my time.

> I saw some parallel project like w3afRemote, but i dont know the maturity level of this project.

-1

It was a GREAT idea, but since it was an external project and w3af
evolved fast since w3afRemote creation, it is now obsolete. The w3af
version wrapped/exposed by w3afRemote is too old and buggy.

> Do you have in mind publish (soon) an API Rest Documentation? I saw that https://github.com/andresriancho/w3af/wiki/REST-API-v1.0 and this http://comments.gmane.org/gmane.comp.security.w3af.user/1783 but if you have a roadmap in mind would be nice!


The roadmap is here [0], to sum up:
 * 1.6.1 - Bug fixing after 1.6 <---- we're here
 * 1.7.0 - Increase WAVSEP Coverage and add long vulnerability descriptions
 * 1.7.2 - Multiple domain names as target
 * 1.7.5 Scanning sites with anti-CSRF tokens
 * 1.8.0 - JavaScript crawler
 * 1.9 - Specific vendor support release
 * 2.0 - REST API

So... it seems that you're out of luck. A lot of works needs to be
done before we even start thinking about a due date for the REST API.

There are several options at this point:
 * Your (big banking) company supports w3af, codes the REST API and
releases it GPLv2.0
 * Your (big banking) company supports w3af by hiring me as a
freelance developer to work on the REST API and the code gets released
as GPLv2.0
 * You choose any other scanner and pay more ;)

[0] https://github.com/andresriancho/w3af/issues/milestones

>
>
> Thanks in advance.
>
> Best regards,
>
> --
>
> Guillermo de Ángel García / Senior Security Consultant
> +34 630 340 920 / ge...@gm...
>
>
>
>  Cuidemos del medio ambiente. Por favor no imprimas este e-mail si no es necesario.
>
>
> ------------------------------------------------------------------------------
> Want fast and easy access to all the code in your enterprise? Index and
> search up to 200,000 lines of code with a free copy of Black Duck&#174;
> Code Sight&#153; - the same software that powers the world's largest code
> search on Ohloh, the Black Duck Open Hub! Try it now.
> http://p.sf.net/sfu/bds
> _______________________________________________
> W3af-users mailing list
> W3a...@li...
> https://lists.sourceforge.net/lists/listinfo/w3af-users
>



-- 
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3