Web security auditing with owasp w3af
I never liked owasp w3af for website security auditing. In the past few years ago i have seen w3af can’t detect vulnerability that well, also often keep crashing. So i stopped using that tool. Today I tried to test it again and all step i posted here , if it is helpful for someone else. The testing was against owasp broken web application wordpress. Here is my all steps i was interested to test:
- I tried to configure a empty profile and selected some well known vulnerability from audit .
- Then i selected bruteforce the form . I know the password is admin:admin.
- I selected some test from crawl tab as follows:
Then i clicked start button. And got this result:
Is this mean i did something wrong or w3af does not scan specified directory?