w3af - Open Source Web Application Security Scanner

SQL injection, Cross-Site scripting and much more

Use w3af to identify more than 200 vulnerabilities and reduce your site’s overall risk exposure. Identify vulnerabilities like SQL Injection, Cross-Site Scripting, Guessable credentials, Unhandled application errors and PHP misconfigurations.

For a complete reference for all plugins and vulnerabilities read through the plugin documentation.
Easy to use and extend

The w3af framework has both a graphical and console user interface, in less than 5 clicks and using the predefined profiles it is possible to audit the security of your web application.

w3af is fully written in Python, and very well documented. Use your development skills to fork our GitHub repository, modify our code and identify new vulnerabilities.
Complete rewrite

Used previous w3af releases and run into nasty bugs? Don’t worry, we noticed. Give the new version a try and find out why we’ve proud of the new and completely rewritten w3af.

Test Driven Development, unittests, integration tests and continuous integration are terms that we’ve learned to love during the major rewrite that was recently completed.
Download now!

If you’re a Linux user we recommend you download the source from out GitHub repository:
```
 git clone https://github.com/andresriancho/w3af.git
 cd w3af
 ./w3af_gui
```

w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0.

Our project has an interesting history which has defined our long and short term objectives and told us many important lessons. Don’t forget to follow our blog and twitter account for news, releases and feedback.

[54 years ago]

The easiest way to learn about what w3af is and how you can use it to secure your web applications is to take our project tour and read our FAQ.

SQL injection, Cross-Site scripting and much more

Easy to use and extend

Complete rewrite

Download now!