w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to help you secure your web applications by finding and exploiting all web application vulnerabilities.

Our framework is proudly developed using Python to be easy to use and extend, and licensed under GPLv2.0.






Our project has an interesting history which has defined our long and short term objectives and told us many important lessons. Don’t forget to follow our blog and twitter account for news, releases and feedback.

  • RT @fwdcloudsec: Today is the big day! The start of fwd:cloudsec is in a few hours. 🎉
    Live stream links and schedule are at: https://t.co/…

    [2 weeks ago]
  • RT @AndresRiancho: CVE-2020-17513: SSRF on Airflow.

    Anyone knows how to exploit this vulnerability? I was unable to find the vulnerable pa…
    [2 months ago]

  • RT @AndresRiancho: My google calendar needs a defrag. https://t.co/q8wnYQWSvX
    [3 months ago]
  • RT @AndresRiancho: If you would have 100k / year to spend on one or two security products, what would you buy?
    [7 months ago]

Film strip

The easiest way to learn about what w3af is and how you can use it to secure your web applications is to take our project tour and read our FAQ.