The basic idea is simple, w3af crawls the target site and sends all HTTP response bodies to ClamAV (using the clam daemon) for analysis. If ClamAV finds something in that stream we’ll parse it and show it to you in the report.

Testing

Before this gets to the master branch I would like you to test it and report any bugs or improvements. Follow these steps to help us improve:

git clone git@github.com:andresriancho/w3af.git
cd w3af
git checkout feature/clam
git pull
./w3af_console # Install the new clamd dependency using pip

# Install clamd in your system (this is for ubuntu):
sudo apt-get install clamav-daemon clamav-freshclam clamav-unofficial-sigs
sudo freshclam
sudo service clamav-daemon start

Then, run a scan against your site using the new grep.clamav plugin. Remember that for the grep plugin to analyze your site, you need to activate a crawl plugin like web_spider.

If you want to test with something “real”, remember you can use the EICAR test binary. Happy testing!

Implementation

The implementation of this new plugin was fairly simple due to the excellent clamd python module and the pre-existing features available in the w3af framework.

After reading through the great documentation and examples at html5rocks, applying the knowledge while developing PoC applications and going through all the HTML5 security papers available it felt right to give a talk about it. This is my Prezi for “Understanding HTML5 Security”, enjoy!

• Understand how web application scanning works and how w3af is implemented
• Identify vulnerabilities
• Vulnerability exploitation
• Contributing to the project: Create new plugin and submit a pull request at Github

If you’re organizing a conference and would like to have this workshop, contact me and I’m sure we’ll come to an agreement.

The problem came one day when, because of a mistake on my side, a few hundred ec2 instances were left running and completely idle over the weekend. This translated into Amazon charges which I’ll sadly have to pay, and into Sentinela: an operating system watchdog that can take actions based on your specific rules.

From Sentinela’s site README.rst:

Sentinela is a highly configurable operating system watchdog which can take actions based on pre-configured rules.

The initial motivation was to create a daemon that would monitor a set of log files and if no activity was present shutdown the operating system. This was extremely useful for making sure my ec2 instances were shut down after a specified idle time.

Given Sentinela’s modular nature, you can also extend it to monitor network traffic, processes, disk usage, etc. and run any actions such as sending an email, send a SNMP alert, etc.

Sentinela has been uploaded to PyPi, so installing is as easy as running “sudo pip install sentinela”.

Remember to setup your custom rules in order to shutdown your instances and avoid those expensive charges

It’s time. The w3af project needs your help. I’ve been improving this software during the last months and now I need you to test it before the release. I’ve done my fair share of testing, but I’m also the developer and that’s never good.

We’re looking for bugs, crashes, false positives, false negatives, typos, etc. anything that can be improved is welcome.

Follow these steps for testing:

cd ~
git clone https://github.com/andresriancho/w3af.git
cd w3af
git checkout threading2

# Backup your old profiles
mv ~/.w3af/profiles/ ~/w3af-profiles.old/
rm -rf ~/.w3af/

# Install the dependencies - bugs in this step are also welcome
./w3af_console

# Load the full audit profile
./w3af_console -p full_audit
    target set target http://your-target-goes-here-com/
    start

Report any issues here , if possible please attach the output.txt logfile to the bug report. Please DO NOT test the w3af_gui , it’s still being developed.

Now I present you the new w3af.org website! Hopefully, this will solve all the issues with the old site and enhance the communication between all members of the w3af community.