Skip to content
  • No due date Last updated over 5 years ago

    • Create a REST API wrapper around w3afCore
    • Expose the API with w3af_api command line tool which will start a daemon

  • No due date Last updated over 6 years ago

    We want to be able to crawl JavaScript in an automated manner

    36% complete
  • No due date Last updated almost 7 years ago

    The goal is to allow w3af to scan REST APIs by providing the scanne…

    The goal is to allow w3af to scan REST APIs by providing the scanner with a link to http://swagger.io/ documentation which it can parse and then inject into the URLs.

    50% complete
  • No due date Last updated almost 7 years ago

    • Improve WAVSEP coverage
    • Improve sqlmap testenv coverage
    • Add Inquisition coverage tests
    • Add hackazon coverage tests

  • No due date Last updated almost 8 years ago

    Complex sites usually use more than one domain name to serve conten…

    Complex sites usually use more than one domain name to serve content, data, images, etc. Today the framework only accepts one domain name as the target, and won't be able to find some vulnerabilities due to this limitation.

    Many framework parts depend on the fact that we're only scanning one domain (google spider for example). What needs to be done is:

    • Identify all parts of the framework which have this limitation and create individual tasks
    • Remove any specific validations

    25% complete
  • No due date Last updated over 9 years ago

    Scanning sites with anti-CSRF tokens enabled is a really hard task …

    Scanning sites with anti-CSRF tokens enabled is a really hard task to achieve, since the CSRF token implementation can be really strict and make the whole scan useless.

    I want to perform these tasks:

    • Identify the top 3 methods for CSRF (hidden form param, cookie? special header?)
    • Identify the top 3 implementations (maybe: Django, Ruby, Zend-PHP) and create test applications
    • Write tests that scan these three test applications
    • Modify the framework to PASS these tests

    16% complete
  • No due date Last updated over 9 years ago

    The idea is to add a feature to the framework that will support hav…

    The idea is to add a feature to the framework that will support having plugins that are NOT GENERIC and only detect vulnerabilities in wordpress, joomla, etc.