W3af 웹 애플리케이션 공격 프레임워크 치트 시트
## 개요
W3af (웹 애플리케이션 공격 및 감사 프레임워크)는 포괄적인 오픈 소스 웹 애플리케이션 보안 스캐너입니다. 철저한 보안 평가를 위한 발견, 감사 및 공격 플러그인을 갖춘 웹 애플리케이션 취약점을 찾고 악용하기 위한 완전한 프레임워크를 제공합니다.
⚠️ 경고: 이 도구는 승인된 침투 테스트 및 보안 평가 목적으로만 사용됩니다. 대상에 대해 사용하기 전에 적절한 승인을 받았는지 확인하세요.
설치
Ubuntu/Debian 설치
수동 설치
Docker 설치
Kali Linux
기본 사용법
콘솔 인터페이스
기본 명령어
플러그인 카테고리
발견 플러그인
감사 플러그인
공격 플러그인
구성 및 설정
기본 구성
인증 구성
프록시 구성
발견 단계
웹 스파이더 구성
디렉토리 브루트 포스
포괄적인 발견 설정
감사 단계
SQL 삽입 탐지
크로스 사이트 스크립팅 (XSS)
파일 포함 취약점
포괄적인 감사 설정
Would you like me to fill in the remaining sections with specific details and translations?```bash
Install dependencies
sudo apt update sudo apt install python3-pip python3-dev build-essential libssl-dev libffi-dev python3-setuptools
Install w3af
git clone https://github.com/andresriancho/w3af.git cd w3af
Install Python dependencies
pip3 install -r requirements.txt
Run dependency check
python3 w3af_console
Install missing dependencies if prompted
./w3af_dependency_install.sh
### Manual Installation
```bash
# Clone repository
git clone https://github.com/andresriancho/w3af.git
cd w3af
# Install dependencies manually
sudo apt install python3-pip python3-dev python3-setuptools
sudo apt install libxml2-dev libxslt1-dev zlib1g-dev
sudo apt install libyaml-dev libssl-dev libffi-dev
# Install Python packages
pip3 install --user -r requirements.txt
# Test installation
python3 w3af_consoleDocker Installation
# Pull Docker image
docker pull andresriancho/w3af
# Run with Docker
docker run -it andresriancho/w3af
# Run with volume mount
docker run -it -v $(pwd):/tmp/w3af andresriancho/w3afKali Linux
# W3af is pre-installed in Kali
w3af_console
# If not installed
sudo apt update
sudo apt install w3afBasic Usage
Console Interface
# Start w3af console
w3af_console
# GUI interface (if available)
w3af_gui
# Help commands
w3af>>> help
w3af>>> help plugins
w3af>>> help targetBasic Commands
# Set target
w3af>>> target
w3af/config:target>>> set target http://target.com/
w3af/config:target>>> back
# View current configuration
w3af>>> target view
# Start scan
w3af>>> start
# Exit
w3af>>> exitPlugin Categories
Discovery Plugins
| 플러그인 | 설명 |
|---|---|
web_spider | 웹 애플리케이션 스파이더 |
dir_file_bruter | 디렉토리 및 파일 브루트 포서 |
dns_wildcard | DNS 와일드카드 탐지 |
robots_txt | Robots.txt 분석기 |
sitemap_xml | Sitemap.xml 파서 |
google_spider | Google 검색 스파이더 |
bing_spider | Bing 검색 스파이더 |
Audit Plugins
| 플러그인 | 설명 |
|---|---|
sqli | SQL 인젝션 탐지 |
xss | 크로스 사이트 스크립팅 탐지 |
csrf | 크로스 사이트 요청 위조 |
lfi | 로컬 파일 포함 |
rfi | 원격 파일 포함 |
os_commanding | OS 명령어 주입 |
xpath | XPath 삽입 |
ldapi | LDAP 인젝션 |
Attack Plugins
| 플러그인 | 설명 |
|---|---|
sqlmap | SQL 인젝션 익스플로이테이션 |
shell_shock | Shellshock 취약점 악용 |
file_upload | 파일 업로드 익스플로잇 |
dav | WebDAV 익스플로이트 |
rfi | 원격 파일 포함 취약점 악용 |
Configuration and Setup
Basic Configuration
# Configure target
w3af>>> target
w3af/config:target>>> set target http://target.com/
w3af/config:target>>> set target_os unix
w3af/config:target>>> set target_framework php
w3af/config:target>>> back
# Configure HTTP settings
w3af>>> http-settings
w3af/config:http-settings>>> set timeout 30
w3af/config:http-settings>>> set user_agent "Mozilla/5.0 (Custom W3af Scanner)"
w3af/config:http-settings>>> set max_requests_per_second 10
w3af/config:http-settings>>> backAuthentication Configuration
# Basic authentication
w3af>>> http-settings
w3af/config:http-settings>>> set basic_auth_user username
w3af/config:http-settings>>> set basic_auth_passwd password
w3af/config:http-settings>>> set basic_auth_domain target.com
w3af/config:http-settings>>> back
# Cookie authentication
w3af>>> http-settings
w3af/config:http-settings>>> set cookie "PHPSESSID=abc123; auth=token"
w3af/config:http-settings>>> back
# Custom headers
w3af>>> http-settings
w3af/config:http-settings>>> set headers "Authorization: Bearer token123"
w3af/config:http-settings>>> backProxy Configuration
# Configure proxy
w3af>>> http-settings
w3af/config:http-settings>>> set proxy_address 127.0.0.1
w3af/config:http-settings>>> set proxy_port 8080
w3af/config:http-settings>>> set proxy_username proxy_user
w3af/config:http-settings>>> set proxy_password proxy_pass
w3af/config:http-settings>>> backDiscovery Phase
Web Spider Configuration
# Configure web spider
w3af>>> plugins
w3af/plugins>>> discovery web_spider
w3af/plugins>>> discovery config web_spider
w3af/plugins/discovery/config:web_spider>>> set only_forward True
w3af/plugins/discovery/config:web_spider>>> set ignore_regex ".*\.(jpg|jpeg|png|gif|pdf|zip)$"
w3af/plugins/discovery/config:web_spider>>> set follow_regex ".*"
w3af/plugins/discovery/config:web_spider>>> back
w3af/plugins>>> backDirectory Brute Force
# Configure directory brute forcer
w3af>>> plugins
w3af/plugins>>> discovery dir_file_bruter
w3af/plugins>>> discovery config dir_file_bruter
w3af/plugins/discovery/config:dir_file_bruter>>> set wordlist /usr/share/wordlists/dirb/common.txt
w3af/plugins/discovery/config:dir_file_bruter>>> set file_extensions php,html,txt,js
w3af/plugins/discovery/config:dir_file_bruter>>> set be_recursive True
w3af/plugins/discovery/config:dir_file_bruter>>> back
w3af/plugins>>> backComprehensive Discovery Setup
# Enable multiple discovery plugins
w3af>>> plugins
w3af/plugins>>> discovery web_spider, dir_file_bruter, robots_txt, sitemap_xml
w3af/plugins>>> discovery config web_spider
w3af/plugins/discovery/config:web_spider>>> set only_forward False
w3af/plugins/discovery/config:web_spider>>> back
w3af/plugins>>> backAudit Phase
SQL Injection Detection
# Configure SQL injection plugin
w3af>>> plugins
w3af/plugins>>> audit sqli
w3af/plugins>>> audit config sqli
w3af/plugins/audit/config:sqli>>> set check_numeric True
w3af/plugins/audit/config:sqli>>> set check_string True
w3af/plugins/audit/config:sqli>>> back
w3af/plugins>>> backCross-Site Scripting (XSS)
# Configure XSS plugin
w3af>>> plugins
w3af/plugins>>> audit xss
w3af/plugins>>> audit config xss
w3af/plugins/audit/config:xss>>> set check_persistent_xss True
w3af/plugins/audit/config:xss>>> set check_reflected_xss True
w3af/plugins/audit/config:xss>>> back
w3af/plugins>>> backFile Inclusion Vulnerabilities
# Configure LFI/RFI plugins
w3af>>> plugins
w3af/plugins>>> audit lfi, rfi
w3af/plugins>>> audit config lfi
w3af/plugins/audit/config:lfi>>> set use_time_delay True
w3af/plugins/audit/config:lfi>>> set use_echo True
w3af/plugins/audit/config:lfi>>> back
w3af/plugins>>> backComprehensive Audit Setup
# Enable all major audit plugins
w3af>>> plugins
w3af/plugins>>> audit sqli, xss, csrf, lfi, rfi, os_commanding, xpath, ldapi
w3af/plugins>>> backAttack Phase
SQL Injection Exploitation
# Configure SQLMap integration
w3af>>> plugins
w3af/plugins>>> attack sqlmap
w3af/plugins>>> attack config sqlmap
w3af/plugins/attack/config:sqlmap>>> set sqlmap_path /usr/bin/sqlmap
w3af/plugins/attack/config:sqlmap>>> set exploit_all True
w3af/plugins/attack/config:sqlmap>>> back
w3af/plugins>>> backFile Upload Exploitation
# Configure file upload attack
w3af>>> plugins
w3af/plugins>>> attack file_upload
w3af/plugins>>> attack config file_upload
w3af/plugins/attack/config:file_upload>>> set extensions php,asp,aspx,jsp
w3af/plugins/attack/config:file_upload>>> back
w3af/plugins>>> backShell Access
# Configure shell access
w3af>>> plugins
w3af/plugins>>> attack shell_shock
w3af/plugins>>> back
# After successful exploitation
w3af>>> exploit
w3af>>> shell
shell>>> whoami
shell>>> pwd
shell>>> exitOutput and Reporting
Output Configuration
# Configure output plugins
w3af>>> plugins
w3af/plugins>>> output console, text_file, html_file
w3af/plugins>>> output config text_file
w3af/plugins/output/config:text_file>>> set output_file /tmp/w3af_report.txt
w3af/plugins/output/config:text_file>>> set verbose True
w3af/plugins/output/config:text_file>>> back
w3af/plugins>>> backHTML Report Generation
# Configure HTML report
w3af>>> plugins
w3af/plugins>>> output html_file
w3af/plugins>>> output config html_file
w3af/plugins/output/config:html_file>>> set output_file /tmp/w3af_report.html
w3af/plugins/output/config:html_file>>> back
w3af/plugins>>> backXML Report Generation
# Configure XML report
w3af>>> plugins
w3af/plugins>>> output xml_file
w3af/plugins>>> output config xml_file
w3af/plugins/output/config:xml_file>>> set output_file /tmp/w3af_report.xml
w3af/plugins/output/config:xml_file>>> back
w3af/plugins>>> backAdvanced Configuration
Custom Payloads
# Create custom payload file
echo -e "' OR 1=1--\n\" OR 1=1--\n' UNION SELECT 1,2,3--" > custom_sqli.txt
# Configure custom payloads
w3af>>> plugins
w3af/plugins>>> audit config sqli
w3af/plugins/audit/config:sqli>>> set payloads_file /path/to/custom_sqli.txt
w3af/plugins/audit/config:sqli>>> back
w3af/plugins>>> backForm Authentication
# Configure form authentication
w3af>>> plugins
w3af/plugins>>> discovery form_auth
w3af/plugins>>> discovery config form_auth
w3af/plugins/discovery/config:form_auth>>> set username admin
w3af/plugins/discovery/config:form_auth>>> set password password123
w3af/plugins/discovery/config:form_auth>>> set username_field username
w3af/plugins/discovery/config:form_auth>>> set password_field password
w3af/plugins/discovery/config:form_auth>>> set login_form_url http://target.com/login.php
w3af/plugins/discovery/config:form_auth>>> back
w3af/plugins>>> backSession Management
# Configure session handling
w3af>>> http-settings
w3af/config:http-settings>>> set max_file_size 1000000
w3af/config:http-settings>>> set max_http_retries 3
w3af/config:http-settings>>> set timeout 30
w3af/config:http-settings>>> set headers_file /path/to/headers.txt
w3af/config:http-settings>>> backScripting and Automation
W3af Script Files
# Create w3af script file (scan_script.w3af)
target
set target http://target.com/
back
plugins
discovery web_spider, dir_file_bruter, robots_txt
audit sqli, xss, csrf, lfi, rfi
output console, text_file
output config text_file
set output_file /tmp/w3af_scan.txt
back
back
startRunning Scripts
# Run w3af script
w3af_console -s scan_script.w3af
# Run with profile
w3af_console -p OWASP_TOP10
# Run in batch mode
echo "target; set target http://target.com/; back; start"|w3af_consolePython API Usage
#!/usr/bin/env python3
import w3af.core.controllers.w3afCore as w3afCore
import w3af.core.data.kb.knowledgeBase as kb
# Initialize w3af core
w3af = w3afCore.w3afCore()
# Set target
target_url = "http://target.com/"
w3af.target.set_target(target_url)
# Configure plugins
w3af.plugins.set_plugins(['web_spider'], 'discovery')
w3af.plugins.set_plugins(['sqli', 'xss'], 'audit')
# Start scan
w3af.start()
# Get vulnerabilities
vulns = kb.kb.get_all_vulns()
for vuln in vulns:
print(f"Vulnerability: \\\\{vuln.get_name()\\\\}")
print(f"URL: \\\\{vuln.get_url()\\\\}")
print(f"Severity: \\\\{vuln.get_severity()\\\\}")
print("---")Profiles and Templates
Built-in Profiles
# List available profiles
w3af>>> profiles
w3af>>> profiles use OWASP_TOP10
w3af>>> profiles use fast_scan
w3af>>> profiles use full_audit
# View profile configuration
w3af>>> profiles view OWASP_TOP10Creating Custom Profiles
# Save current configuration as profile
w3af>>> profiles
w3af/profiles>>> save_as custom_profile
# Load custom profile
w3af/profiles>>> use custom_profile
w3af/profiles>>> backProfile Configuration Files
# Create custom profile file (custom_scan.pw3af)
[target]
target = http://target.com/
[plugins]
discovery = web_spider, dir_file_bruter, robots_txt, sitemap_xml
audit = sqli, xss, csrf, lfi, rfi, os_commanding
attack = sqlmap, file_upload
[discovery.web_spider]
only_forward = False
ignore_regex = .*\.(jpg|jpeg|png|gif|pdf|zip)$
[audit.sqli]
check_numeric = True
check_string = True
[output]
output = console, text_file
text_file.output_file = /tmp/custom_scan.txtIntegration with Other Tools
Burp Suite Integration
# Configure w3af to use Burp as proxy
w3af>>> http-settings
w3af/config:http-settings>>> set proxy_address 127.0.0.1
w3af/config:http-settings>>> set proxy_port 8080
w3af/config:http-settings>>> back
# Export findings to Burp format
w3af>>> plugins
w3af/plugins>>> output burp_export
w3af/plugins>>> backMetasploit Integration
# Export vulnerabilities for Metasploit
w3af>>> plugins
w3af/plugins>>> output metasploit_export
w3af/plugins>>> output config metasploit_export
w3af/plugins/output/config:metasploit_export>>> set output_file /tmp/w3af_msf.rc
w3af/plugins/output/config:metasploit_export>>> back
w3af/plugins>>> back
# Use in Metasploit
msfconsole -r /tmp/w3af_msf.rcOWASP ZAP Integration
# Export to ZAP format
w3af>>> plugins
w3af/plugins>>> output zap_export
w3af/plugins>>> output config zap_export
w3af/plugins/output/config:zap_export>>> set output_file /tmp/w3af_zap.xml
w3af/plugins/output/config:zap_export>>> back
w3af/plugins>>> backPerformance Optimization
Threading Configuration
# Configure threading
w3af>>> misc-settings
w3af/config:misc-settings>>> set max_discovery_time 600
w3af/config:misc-settings>>> set max_scan_time 3600
w3af/config:misc-settings>>> set thread_number 10
w3af/config:misc-settings>>> backMemory Management
# Configure memory settings
w3af>>> misc-settings
w3af/config:misc-settings>>> set max_file_size 1000000
w3af/config:misc-settings>>> set max_requests_per_second 20
w3af/config:misc-settings>>> back
```### 속도 제한
```bash
# Configure rate limiting
w3af>>> http-settings
w3af/config:http-settings>>> set max_requests_per_second 5
w3af/config:http-settings>>> set timeout 30
w3af/config:http-settings>>> back
```## 문제 해결
### 일반적인 문제들
```bash
# SSL certificate issues
w3af>>> http-settings
w3af/config:http-settings>>> set ignore_session_cookies True
w3af/config:http-settings>>> set cookie_jar_file /tmp/cookies.txt
w3af/config:http-settings>>> back
# Memory issues
w3af>>> misc-settings
w3af/config:misc-settings>>> set max_file_size 500000
w3af/config:misc-settings>>> set thread_number 5
w3af/config:misc-settings>>> back
# Timeout issues
w3af>>> http-settings
w3af/config:http-settings>>> set timeout 60
w3af/config:http-settings>>> set max_http_retries 5
w3af/config:http-settings>>> back
```### 디버그 모드
```bash
# Enable debug output
w3af>>> misc-settings
w3af/config:misc-settings>>> set debug True
w3af/config:misc-settings>>> back
# View debug information
w3af>>> kb
w3af/kb>>> list vulns
w3af/kb>>> list info
w3af/kb>>> back
```### 로그 분석
```bash
# View w3af logs
tail -f ~/.w3af/w3af.log
# Enable verbose logging
w3af>>> misc-settings
w3af/config:misc-settings>>> set verbose True
w3af/config:misc-settings>>> back
```## 모범 사례
### 스캐닝 전략```bash
# Optimized configuration for large applications
w3af>>> misc-settings
w3af/config:misc-settings>>> set thread_number 15
w3af/config:misc-settings>>> set max_discovery_time 1800
w3af/config:misc-settings>>> set max_scan_time 7200
w3af/config:misc-settings>>> back
w3af>>> http-settings
w3af/config:http-settings>>> set max_requests_per_second 10
w3af/config:http-settings>>> set timeout 30
w3af/config:http-settings>>> back
```**탐색부터 시작**: 포괄적인 탐색 플러그인을 먼저 사용```bash
# Stealth configuration
w3af>>> http-settings
w3af/config:http-settings>>> set user_agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36"
w3af/config:http-settings>>> set max_requests_per_second 2
w3af/config:http-settings>>> set timeout 45
w3af/config:http-settings>>> back
w3af>>> misc-settings
w3af/config:misc-settings>>> set thread_number 3
w3af/config:misc-settings>>> back
```**대상 감사**: 발견된 공격 표면에 대해 감사 플러그인에 집중```bash
#!/bin/bash
TARGET=$1
OUTPUT_DIR="w3af_results_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGET" ]; then
echo "Usage: $0 <target_url>"
exit 1
fi
mkdir -p $OUTPUT_DIR
# Create w3af script
cat > "$OUTPUT_DIR/scan.w3af" << EOF
target
set target $TARGET
back
plugins
discovery web_spider, dir_file_bruter, robots_txt, sitemap_xml
audit sqli, xss, csrf, lfi, rfi, os_commanding, xpath
output console, text_file, html_file
output config text_file
set output_file $OUTPUT_DIR/w3af_report.txt
back
output config html_file
set output_file $OUTPUT_DIR/w3af_report.html
back
back
start
EOF
# Run scan
echo "[+] Starting w3af scan for $TARGET"
w3af_console -s "$OUTPUT_DIR/scan.w3af"
echo "[+] Scan complete. Results saved in $OUTPUT_DIR/"
```**점진적 확대**: 안전한 플러그인부터 시작하여 침입적인 플러그인으로 이동```bash
#!/bin/bash
TARGETS_FILE=$1
OUTPUT_BASE="w3af_batch_$(date +%Y%m%d_%H%M%S)"
if [ -z "$TARGETS_FILE" ]; then
echo "Usage: $0 <targets_file>"
exit 1
fi
mkdir -p $OUTPUT_BASE
while read target; do
if [ ! -z "$target" ]; then
echo "[+] Scanning $target"
target_dir="$OUTPUT_BASE/$(echo $target|sed 's|https\?://||'|sed 's|/|_|g')"
mkdir -p "$target_dir"
cat > "$target_dir/scan.w3af" << EOF
target
set target $target
back
plugins
discovery web_spider, dir_file_bruter
audit sqli, xss, csrf
output text_file
output config text_file
set output_file $target_dir/report.txt
back
back
start
EOF
w3af_console -s "$target_dir/scan.w3af"
fi
done < $TARGETS_FILE
echo "[+] Batch scanning complete. Results in $OUTPUT_BASE/"
```**정기적인 업데이트**: w3af와 해당 플러그인을 최신 상태로 유지https://github.com/andresriancho/w3af **맞춤형 페이로드**: 특정 애플리케이션에 대한 맞춤형 페이로드 생성
### 성능 고려사항
http://docs.w3af.org/##
# 은밀한 스캐닝
https://owasp.org/www-project-web-security-testing-guide/#
# 자동화 스크립트
### 포괄적인 스캔 스크립트
https://owasp.org/www-project-web-security-testing-guide/latest/4-Web_Application_Security_Testing/##
# 배치 스캐닝 스크립트