During the past days I’ve been working on creating a Python “w3af” module. What’s that many may ask! Well, the basic idea is that after the feature branch is done, users will be able to “import w3af” in their Python code and extend the framework more easily.
Feature impact
The ones which will benefit the most with this change are developers which extend w3af, want to include it in other Python tools, etc. It was very difficult to do that before, but it is going to be trivial now. My hope is to see more security tools that use the w3af module for running a plugin instead of re-writing it.
When this change is finally merged into master, it shouldn’t impact final users. The only thing that they may notice is that the paths in their profiles are not going to be valid anymore, since “plugins” was moved to “w3af/plugins”.
10 minutes
… of your time is all I need. If you’re going to be extending w3af, please help me test the module! All changes can be found in the feature/module branch, and after “git clone” you should be able to download the setup.py script.
git clone git://github.com/andresriancho/w3af.git
cd w3af
git checkout feature/module
wget https://gist.github.com/andresriancho/5768333/download
sudo python setup.py install
From the w3af directory you just cloned, it should be possible to run:
./w3af_console
And from a different directory, run a Python console, import w3af and play with the module for a while.
[email protected]:~$ python
Python 2.7.3 (default, Aug 1 2012, 05:14:39)
[GCC 4.6.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import w3af
>>> w3af.__file__
'/usr/local/lib/python2.7/dist-packages/w3af-1.5-py2.7.egg/w3af/__init__.pyc'
>>>
As usual, please report any issues to our issue tracker.
JUN
About the Author:
Web Application Security Innovator, Researcher and Entrepreneur. Python Hacker.