دليل أدوات الهجوم على تطبيقات الويب W3af
Would you like me to proceed with translating the second text (the overview section) or wait for you to provide the full content?
Overview
W3af (Web Application Attack and Audit Framework) is a comprehensive open-source web application security scanner. It provides a complete framework for finding and exploiting web application vulnerabilities, featuring discovery, audit, and attack plugins for thorough security assessments.
⚠️ Warning: This tool is intended for authorized penetration testing and security assessments only. Ensure you have proper authorization before using against any target.
Installation
Ubuntu/Debian Installation
# Install dependencies
sudo apt update
sudo apt install python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools
# Install w3af
git clone https://github.com/andresriancho/w3af.git
cd w3af
# Install Python dependencies
pip3 install -r requirements.txt
# Run dependency check
python3 w3af_console
# Install missing dependencies if prompted
./w3af_dependency_install.shManual Installation
# Clone repository
git clone https://github.com/andresriancho/w3af.git
cd w3af
# Install dependencies manually
sudo apt install python3-pip python3-dev python3-setuptools
sudo apt install libxml2-dev libxslt1-dev zlib1g-dev
sudo apt install libyaml-dev libssl-dev libffi-dev
# Install Python packages
pip3 install --user -r requirements.txt
# Test installation
python3 w3af_consoleDocker Installation
# Pull Docker image
docker pull andresriancho/w3af
# Run with Docker
docker run -it andresriancho/w3af
# Run with volume mount
docker run -it -v $(pwd):/tmp/w3af andresriancho/w3afKali Linux
# W3af is pre-installed in Kali
w3af_console
# If not installed
sudo apt update
sudo apt install w3afBasic Usage
Console Interface
# Start w3af console
w3af_console
# GUI interface (if available)
w3af_gui
# Help commands
w3af>>> help
w3af>>> help plugins
w3af>>> help targetBasic Commands
# Set target
w3af>>> target
w3af/config:target>>> set target http://target.com/
w3af/config:target>>> back
# View current configuration
w3af>>> target view
# Start scan
w3af>>> start
# Exit
w3af>>> exitPlugin Categories
Discovery Plugins
| البرنامج المساعد | وصف |
|---|---|
web_spider | عنكبوت تطبيق الويب |
dir_file_bruter | كاسر الدلائل والملفات |
dns_wildcard | اكتشاف البدائل العامة DNS |
robots_txt | محلل Robots.txt |
sitemap_xml | محلل Sitemap.xml |
google_spider | عنكبوت بحث Google |
bing_spider | عنكبوت البحث Bing |
Audit Plugins
| البرنامج المساعد | وصف |
|---|---|
sqli | اكتشاف حقن SQL |
xss | اكتشاف التنفيذ النصي عبر المواقع |
csrf | تزوير طلب عبر المواقع |
lfi | التضمين المحلي للملفات |
rfi | التضمين عن بعد للملفات |
os_commanding | حقن أوامر نظام التشغيل |
xpath | حقن XPath |
ldapi | حقن LDAP |
Attack Plugins
| البرنامج المساعد | وصف |
|---|---|
sqlmap | استغلال حقن SQL |
shell_shock | استغلال Shellshock |
file_upload | استغلال رفع الملفات |
dav | استغلال WebDAV |
rfi | استغلال إدراج الملفات عن بعد |
Configuration and Setup
Basic Configuration
# Configure target
w3af>>> target
w3af/config:target>>> set target http://target.com/
w3af/config:target>>> set target_os unix
w3af/config:target>>> set target_framework php
w3af/config:target>>> back
# Configure HTTP settings
w3af>>> http-settings
w3af/config:http-settings>>> set timeout 30
w3af/config:http-settings>>> set user_agent "Mozilla/5.0 (Custom W3af Scanner)"
w3af/config:http-settings>>> set max_requests_per_second 10
w3af/config:http-settings>>> backAuthentication Configuration
# Basic authentication
w3af>>> http-settings
w3af/config:http-settings>>> set basic_auth_user username
w3af/config:http-settings>>> set basic_auth_passwd password
w3af/config:http-settings>>> set basic_auth_domain target.com
w3af/config:http-settings>>> back
# Cookie authentication
w3af>>> http-settings
w3af/config:http-settings>>> set cookie "PHPSESSID=abc123; auth=token"
w3af/config:http-settings>>> back
# Custom headers
w3af>>> http-settings
w3af/config:http-settings>>> set headers "Authorization: Bearer token123"
w3af/config:http-settings>>> backProxy Configuration
# Configure proxy
w3af>>> http-settings
w3af/config:http-settings>>> set proxy_address 127.0.0.1
w3af/config:http-settings>>> set proxy_port 8080
w3af/config:http-settings>>> set proxy_username proxy_user
w3af/config:http-settings>>> set proxy_password proxy_pass
w3af/config:http-settings>>> backDiscovery Phase
Web Spider Configuration
# Configure web spider
w3af>>> plugins
w3af/plugins>>> discovery web_spider
w3af/plugins>>> discovery config web_spider
w3af/plugins/discovery/config:web_spider>>> set only_forward True
w3af/plugins/discovery/config:web_spider>>> set ignore_regex ".*\.(jpg|jpeg|png|gif|pdf|zip)$"
w3af/plugins/discovery/config:web_spider>>> set follow_regex ".*"
w3af/plugins/discovery/config:web_spider>>> back
w3af/plugins>>> backDirectory Brute Force
# Configure directory brute forcer
w3af>>> plugins
w3af/plugins>>> discovery dir_file_bruter
w3af/plugins>>> discovery config dir_file_bruter
w3af/plugins/discovery/config:dir_file_bruter>>> set wordlist /usr/share/wordlists/dirb/common.txt
w3af/plugins/discovery/config:dir_file_bruter>>> set file_extensions php,html,txt,js
w3af/plugins/discovery/config:dir_file_bruter>>> set be_recursive True
w3af/plugins/discovery/config:dir_file_bruter>>> back
w3af/plugins>>> backComprehensive Discovery Setup
# Enable multiple discovery plugins
w3af>>> plugins
w3af/plugins>>> discovery web_spider, dir_file_bruter, robots_txt, sitemap_xml
w3af/plugins>>> discovery config web_spider
w3af/plugins/discovery/config:web_spider>>> set only_forward False
w3af/plugins/discovery/config:web_spider>>> back
w3af/plugins>>> backAudit Phase
SQL Injection Detection
# Configure SQL injection plugin
w3af>>> plugins
w3af/plugins>>> audit sqli
w3af/plugins>>> audit config sqli
w3af/plugins/audit/config:sqli>>> set check_numeric True
w3af/plugins/audit/config:sqli>>> set check_string True
w3af/plugins/audit/config:sqli>>> back
w3af/plugins>>> backCross-Site Scripting (XSS)
# Configure XSS plugin
w3af>>> plugins
w3af/plugins>>> audit xss
w3af/plugins>>> audit config xss
w3af/plugins/audit/config:xss>>> set check_persistent_xss True
w3af/plugins/audit/config:xss>>> set check_reflected_xss True
w3af/plugins/audit/config:xss>>> back
w3af/plugins>>> backFile Inclusion Vulnerabilities
# Configure LFI/RFI plugins
w3af>>> plugins
w3af/plugins>>> audit lfi, rfi
w3af/plugins>>> audit config lfi
w3af/plugins/audit/config:lfi>>> set use_time_delay True
w3af/plugins/audit/config:lfi>>> set use_echo True
w3af/plugins/audit/config:lfi>>> back
w3af/plugins>>> backComprehensive Audit Setup
# Enable all major audit plugins
w3af>>> plugins
w3af/plugins>>> audit sqli, xss, csrf, lfi, rfi, os_commanding, xpath, ldapi
w3af/plugins>>> backAttack Phase
SQL Injection Exploitation
# Configure SQLMap integration
w3af>>> plugins
w3af/plugins>>> attack sqlmap
w3af/plugins>>> attack config sqlmap
w3af/plugins/attack/config:sqlmap>>> set sqlmap_path /usr/bin/sqlmap
w3af/plugins/attack/config:sqlmap>>> set exploit_all True
w3af/plugins/attack/config:sqlmap>>> back
w3af/plugins>>> backFile Upload Exploitation
# Configure file upload attack
w3af>>> plugins
w3af/plugins>>> attack file_upload
w3af/plugins>>> attack config file_upload
w3af/plugins/attack/config:file_upload>>> set extensions php,asp,aspx,jsp
w3af/plugins/attack/config:file_upload>>> back
w3af/plugins>>> backShell Access
# Configure shell access
w3af>>> plugins
w3af/plugins>>> attack shell_shock
w3af/plugins>>> back
# After successful exploitation
w3af>>> exploit
w3af>>> shell
shell>>> whoami
shell>>> pwd
shell>>> exitOutput and Reporting
Output Configuration
# Configure output plugins
w3af>>> plugins
w3af/plugins>>> output console, text_file, html_file
w3af/plugins>>> output config text_file
w3af/plugins/output/config:text_file>>> set output_file /tmp/w3af_report.txt
w3af/plugins/output/config:text_file>>> set verbose True
w3af/plugins/output/config:text_file>>> back
w3af/plugins>>> backHTML Report Generation
# Configure HTML report
w3af>>> plugins
w3af/plugins>>> output html_file
w3af/plugins>>> output config html_file
w3af/plugins/output/config:html_file>>> set output_file /tmp/w3af_report.html
w3af/plugins/output/config:html_file>>> back
w3af/plugins>>> backXML Report Generation
# Configure XML report
w3af>>> plugins
w3af/plugins>>> output xml_file
w3af/plugins>>> output config xml_file
w3af/plugins/output/config:xml_file>>> set output_file /tmp/w3af_report.xml
w3af/plugins/output/config:xml_file>>> back
w3af/plugins>>> backAdvanced Configuration
Custom Payloads
# Create custom payload file
echo -e "' OR 1=1--\n\" OR 1=1--\n' UNION SELECT 1,2,3--" > custom_sqli.txt
# Configure custom payloads
w3af>>> plugins
w3af/plugins>>> audit config sqli
w3af/plugins/audit/config:sqli>>> set payloads_file /path/to/custom_sqli.txt
w3af/plugins/audit/config:sqli>>> back
w3af/plugins>>> backForm Authentication
# Configure form authentication
w3af>>> plugins
w3af/plugins>>> discovery form_auth
w3af/plugins>>> discovery config form_auth
w3af/plugins/discovery/config:form_auth>>> set username admin
w3af/plugins/discovery/config:form_auth>>> set password password123
w3af/plugins/discovery/config:form_auth>>> set username_field username
w3af/plugins/discovery/config:form_auth>>> set password_field password
w3af/plugins/discovery/config:form_auth>>> set login_form_url http://target.com/login.php
w3af/plugins/discovery/config:form_auth>>> back
w3af/plugins>>> backSession Management
# Configure session handling
w3af>>> http-settings
w3af/config:http-settings>>> set max_file_size 1000000
w3af/config:http-settings>>> set max_http_retries 3
w3af/config:http-settings>>> set timeout 30
w3af/config:http-settings>>> set headers_file /path/to/headers.txt
w3af/config:http-settings>>> backScripting and Automation
W3af Script Files
# Create w3af script file (scan_script.w3af)
target
set target http://target.com/
back
plugins
discovery web_spider, dir_file_bruter, robots_txt
audit sqli, xss, csrf, lfi, rfi
output console, text_file
output config text_file
set output_file /tmp/w3af_scan.txt
back
back
startRunning Scripts
# Run w3af script
w3af_console -s scan_script.w3af
# Run with profile
w3af_console -p OWASP_TOP10
# Run in batch mode
echo "target; set target http://target.com/; back; start"|w3af_consolePython API Usage
#!/usr/bin/env python3
import w3af.core.controllers.w3afCore as w3afCore
import w3af.core.data.kb.knowledgeBase as kb
# Initialize w3af core
w3af = w3afCore.w3afCore()
# Set target
target_url = "http://target.com/"
w3af.target.set_target(target_url)
# Configure plugins
w3af.plugins.set_plugins(['web_spider'], 'discovery')
w3af.plugins.set_plugins(['sqli', 'xss'], 'audit')
# Start scan
w3af.start()
# Get vulnerabilities
vulns = kb.kb.get_all_vulns()
for vuln in vulns:
print(f"Vulnerability: \\\\{vuln.get_name()\\\\}")
print(f"URL: \\\\{vuln.get_url()\\\\}")
print(f"Severity: \\\\{vuln.get_severity()\\\\}")
print("---")Profiles and Templates
Built-in Profiles
# List available profiles
w3af>>> profiles
w3af>>> profiles use OWASP_TOP10
w3af>>> profiles use fast_scan
w3af>>> profiles use full_audit
# View profile configuration
w3af>>> profiles view OWASP_TOP10Creating Custom Profiles
# Save current configuration as profile
w3af>>> profiles
w3af/profiles>>> save_as custom_profile
# Load custom profile
w3af/profiles>>> use custom_profile
w3af/profiles>>> backProfile Configuration Files
# Create custom profile file (custom_scan.pw3af)
[target]
target = http://target.com/
[plugins]
discovery = web_spider, dir_file_bruter, robots_txt, sitemap_xml
audit = sqli, xss, csrf, lfi, rfi, os_commanding
attack = sqlmap, file_upload
[discovery.web_spider]
only_forward = False
ignore_regex = .*\.(jpg|jpeg|png|gif|pdf|zip)$
[audit.sqli]
check_numeric = True
check_string = True
[output]
output = console, text_file
text_file.output_file = /tmp/custom_scan.txtIntegration with Other Tools
Burp Suite Integration
# Configure w3af to use Burp as proxy
w3af>>> http-settings
w3af/config:http-settings>>> set proxy_address 127.0.0.1
w3af/config:http-settings>>> set proxy_port 8080
w3af/config:http-settings>>> back
# Export findings to Burp format
w3af>>> plugins
w3af/plugins>>> output burp_export
w3af/plugins>>> backMetasploit Integration
# Export vulnerabilities for Metasploit
w3af>>> plugins
w3af/plugins>>> output metasploit_export
w3af/plugins>>> output config metasploit_export
w3af/plugins/output/config:metasploit_export>>> set output_file /tmp/w3af_msf.rc
w3af/plugins/output/config:metasploit_export>>> back
w3af/plugins>>> back
# Use in Metasploit
msfconsole -r /tmp/w3af_msf.rcOWASP ZAP Integration
# Export to ZAP format
w3af>>> plugins
w3af/plugins>>> output zap_export
w3af/plugins>>> output config zap_export
w3af/plugins/output/config:zap_export>>> set output_file /tmp/w3af_zap.xml
w3af/plugins/output/config:zap_export>>> back
w3af/plugins>>> backPerformance Optimization
Threading Configuration
# Configure threading
w3af>>> misc-settings
w3af/config:misc-settings>>> set max_discovery_time 600
w3af/config:misc-settings>>> set max_scan_time 3600
w3af/config:misc-settings>>> set thread_number 10
w3af/config:misc-settings>>> backMemory Management
# Configure memory settings
w3af>>> misc-settings
w3af/config:misc-settings>>> set max_file_size 1000000
w3af/config:misc-settings>>> set max_requests_per_second 20
w3af/config:misc-settings>>> back
```### تحديد المعدل
```bash
# Configure rate limiting
w3af>>> http-settings
w3af/config:http-settings>>> set max_requests_per_second 5
w3af/config:http-settings>>> set timeout 30
w3af/config:http-settings>>> back
```## استكشاف المشكلات وحلها
### المشكلات الشائعة
```bash
# SSL certificate issues
w3af>>> http-settings
w3af/config:http-settings>>> set ignore_session_cookies True
w3af/config:http-settings>>> set cookie_jar_file /tmp/cookies.txt
w3af/config:http-settings>>> back
# Memory issues
w3af>>> misc-settings
w3af/config:misc-settings>>> set max_file_size 500000
w3af/config:misc-settings>>> set thread_number 5
w3af/config:misc-settings>>> back
# Timeout issues
w3af>>> http-settings
w3af/config:http-settings>>> set timeout 60
w3af/config:http-settings>>> set max_http_retries 5
w3af/config:http-settings>>> back
```### وضع التصحيح
```bash
# Enable debug output
w3af>>> misc-settings
w3af/config:misc-settings>>> set debug True
w3af/config:misc-settings>>> back
# View debug information
w3af>>> kb
w3af/kb>>> list vulns
w3af/kb>>> list info
w3af/kb>>> back
```### تحليل السجلات
```bash
# View w3af logs
tail -f ~/.w3af/w3af.log
# Enable verbose logging
w3af>>> misc-settings
w3af/config:misc-settings>>> set verbose True
w3af/config:misc-settings>>> back
```## أفضل الممارسات
### استراتيجية المسح```bash
# Optimized configuration for large applications
w3af>>> misc-settings
w3af/config:misc-settings>>> set thread_number 15
w3af/config:misc-settings>>> set max_discovery_time 1800
w3af/config:misc-settings>>> set max_scan_time 7200
w3af/config:misc-settings>>> back
w3af>>> http-settings
w3af/config:http-settings>>> set max_requests_per_second 10
w3af/config:http-settings>>> set timeout 30
w3af/config:http-settings>>> back
```**ابدأ بالاكتشاف**: استخدم أولاً إضافات اكتشاف شاملة```bash
# Stealth configuration
w3af>>> http-settings
w3af/config:http-settings>>> set user_agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
w3af/config:http-settings>>> set max_requests_per_second 2
w3af/config:http-settings>>> set timeout 45
w3af/config:http-settings>>> back
w3af>>> misc-settings
w3af/config:misc-settings>>> set thread_number 3
w3af/config:misc-settings>>> back
```**التدقيق المستهدف**: ركز إضافات التدقيق على سطح الهجوم المكتشف```bash
#!/bin/bash
TARGET=$1
OUTPUT_DIR="w3af_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET" ]; then
echo "Usage: $0 <target_url>"
exit 1
fi
mkdir -p $OUTPUT_DIR
# Create w3af script
cat > "$OUTPUT_DIR/scan.w3af" << EOF
target
set target $TARGET
back
plugins
discovery web_spider, dir_file_bruter, robots_txt, sitemap_xml
audit sqli, xss, csrf, lfi, rfi, os_commanding, xpath
output console, text_file, html_file
output config text_file
set output_file $OUTPUT_DIR/w3af_report.txt
back
output config html_file
set output_file $OUTPUT_DIR/w3af_report.html
back
back
start
EOF
# Run scan
echo "[+] Starting w3af scan for $TARGET"
w3af_console -s "$OUTPUT_DIR/scan.w3af"
echo "[+] Scan complete. Results saved in $OUTPUT_DIR/"
```**التصعيد التدريجي**: ابدأ بإضافات آمنة، ثم انتقل إلى الإضافات المقتحمة```bash
#!/bin/bash
TARGETS_FILE=$1
OUTPUT_BASE="w3af_batch_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGETS_FILE" ]; then
echo "Usage: $0 <targets_file>"
exit 1
fi
mkdir -p $OUTPUT_BASE
while read target; do
if [ ! -z "$target" ]; then
echo "[+] Scanning $target"
target_dir="$OUTPUT_BASE/$(echo $target|sed 's|https\?://||'|sed 's|/|_|g')"
mkdir -p "$target_dir"
cat > "$target_dir/scan.w3af" << EOF
target
set target $target
back
plugins
discovery web_spider, dir_file_bruter
audit sqli, xss, csrf
output text_file
output config text_file
set output_file $target_dir/report.txt
back
back
start
EOF
w3af_console -s "$target_dir/scan.w3af"
fi
done < $TARGETS_FILE
echo "[+] Batch scanning complete. Results in $OUTPUT_BASE/"
```**التحديثات المنتظمة**: حافظ على تحديث w3af وإضافاتهhttps://github.com/andresriancho/w3af **الحمولات المخصصة**: أنشئ حمولات مخصصة للتطبيقات المحددة
### اعتبارات الأداء
http://docs.w3af.org/
### المسح التحوطي
https://owasp.org/www-project-web-security-testing-guide/
## نصوص الأتمتة
### نص المسح الشامل
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/
### نص المسح الدفعي