Update Pentesting tools News 28-May-2011

W3af 1.0-Stable released!

W3af is a free Open Sourcer GUI tool written in Python for Web Application Attack and Audit Framework.

This web vulnerability scanner is easy to use and extend, allowing the execution of more than 130 plug-in, check for SQL injection, cross site scripting (XSS) inclusion of local/remote files, and more.

W3af 1.0-Stable adds significant improvements of the framework, including:

• New Windows installer.

• Stable code base.

• Web application payloads:

Various layers for exploited vulnerability in order to be able to write payloads and execute files on the compromised web server.

• PHP static code analyzer:

Javier Andalia created a PHP static code analyzer in order to identify SQL injections and introducevery interesting feature as a web application payload.

After exploiting a vulnerability is possible try --> "payload php_sca" and will download the remote PHP code in your box to analyze it to find vulnerabilities.

• Auto-Update:

Auto-Update, allow you to keep your w3af installation updated easily and without any effort.

• Refactoring of HTTP cache and GTK user interface code to store HTTP requests only once on disk.

• Performance improvement in sqlite database by using indexes.

• Huge w3af code-base refactoring on how URLs are handled.

More details about this release and latest version download can be found on the w3af Official WebSite.