import w3af

Posted by:

During the past days I’ve been working on creating a Python “w3af” module. What’s that many may ask! Well, the basic idea is that after the feature branch is done, users will be able to “import w3af” in their Python code and extend the framework more easily.

Feature impact

The ones which will benefit the most with this change are developers which extend w3af, want to include it in other Python tools, etc. It was very difficult to do that before, but it is going to be trivial now. My hope is to see more security tools that use the w3af module for running a plugin instead of re-writing it.

When this change is finally merged into master, it shouldn’t impact final users. The only thing that they may notice is that the paths in their profiles are not going to be valid anymore, since “plugins” was moved to “w3af/plugins”.

10 minutes

… of your time is all I need. If you’re going to be extending w3af, please help me test the module! All changes can be found in the feature/module branch, and after “git clone” you should be able to download the¬†script.

git clone git://
cd w3af
git checkout feature/module
sudo python install

From the w3af directory you just cloned, it should be possible to run:


And from a different directory, run a Python console, import w3af and play with the module for a while.

andres@box:~$ python
Python 2.7.3 (default, Aug 1 2012, 05:14:39)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import w3af
>>> w3af.__file__

As usual, please report any issues to our issue tracker.


About the Author:

Web Application Security Innovator, Researcher and Entrepreneur. Python Hacker.