Web security auditing with owasp w3af


I never liked owasp w3af for website security auditing. In the past few years ago i have seen w3af can’t detect vulnerability that well, also often keep crashing. So i stopped using that tool. Today I tried to test it again and all step i posted here , if it is helpful for someone else. The testing was against owasp broken web application wordpress. Here is my all steps i was interested to test:


  1. I tried to configure a empty profile and selected some well known vulnerability from audit .w3af pusheax
  2. Then i selected bruteforce the form . I know the password is admin:admin.
  3. I selected some test from crawl tab as follows:

Then i clicked start button. And got this result:

Is this mean i did something wrong or w3af does not scan specified directory?