|
  |
|
|
w3af profile howto
This HOWTO will explain the process for creating your own scan profiles which can be used so you won't have to manually select all the options for every scan of the same type. The easiest way to create a profile is to select your scan options and save as a new profile. In the GtkUI, select your scan options and set a target.
Once you have your plug-in and other options set the way you want, click "Profiles" then "Save As" in the top menus.
Enter a name and description for your new profile and hit Save As.
Your new profile will then show up under the left Profiles menu. This new profile will show up the next time you start w3af, giving you instant access to the same configuration. You might want to run the scan at least once to ensure that your configuration is valid. Manual profile creation is very useful if you are creating multiple profiles from a single template.
Scan profile ini files are stored in the w3af/profiles directory. These ini files are plain text and may be edited with a basic text editor. Take a look at full_audit_manual_disc.ini for a good example of the profiles layout.
This is a section: ...
[audit.generic]
diffRatio = 0.35 [audit.frontpage]
stopOnFirst = True [audit.formatString] [grep.fileUpload] [audit.unSSL] [grep.strangeParameters] [grep.motw]
withoutMOTW = False [grep.ajax]
...
[profile]
description = This profile performs a full audit of the target website, using only the webSpider plugin for discovery.
name = full_audit You can see that enabled plug-ins are formatted as such: [phase.plugin]
Option = Value You may notice some have options formatted as:
Option: Value It seems that either method will work. When creating profile templates you may comment out the target (or any other variable options): #[target]
#target = http://example Once you have your profiles the way you want, save them in the profile directory: /w3af/profiles/profilename.ini My custom profiles: http://nukeit.org//w3af/profiles/common_webdiff.ini
http://nukeit.org//w3af/profiles/common_filelist.ini
http://nukeit.org//w3af/profiles/common_searchengine.ini
http://nukeit.org//w3af/profiles/common_sitemap.ini To get a list of files: cd /var/www/
find . -name '*.php' > www.txt Use sed to replace "./filename.php" with "http://127.0.0.1/filename.php": sed -i 's/\\.\\//http:\\/\\/127.0.0.1\\//g' www.txt |
w3af home
PLEASE VISIT THE CONTRIBUTOR'S WEBSITE
No reactions yet.
Please login or sign up to rate this intel.
Please login or sign up to add a comment.
The copyright for this content entitled "w3af profile howto" has been specified by the contributor as:
Creative Commons Attribution-Share Alike 3.0
Details 
This content may be copied, distributed, and modified, as long as a) the original author is acknowledged with a link back to the content page, and b) if the work is modified, the result is distributed with this same license.
If you use this content according to the license specified, you must link to the following URL:
http://fuzion.qondio.com/
|
 |
|
This intel was contributed by fuzion
|
May, 2012
2008
January, February, March, April, May, June, July, August, September, October, November, December
2009
January, February, March, April, May, June, July, August, September, October, November, December
2010
January, February, March, April, May, June, July, August, September, October, November, December
2011
January, February, March, April, May, June, July, August, September, October, November, December
2012
January, February, March, April, May
|
|
Not a member yet?
Qondio is a powerful network for making it online. If you have a website to
promote, we can help.
Sign up and get in on the action.
|
|
Welcome to Qondio! Discover the awesome power this network can deliver by going to our About page. Or you could skip straight to the Sign Up form.
|
|
