After all the wait, expectations, and hard work I present you the 1.6 release:

• Improved performance: your scans will run faster
• Improved quality: 1300+ unittests are run after each change to make sure we don’t add any regressions
• Now you’ll be able to easily integrate w3af into other projects with a simple import w3af
• Better documentation

Getting 1.6

New users should follow the usual installation procedure:

git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_gui

Updating from older versions

If you already have a w3af installation the migration should be fairly easy, just:

cd w3af
git pull
git checkout master
./w3af_console

The requirements for the latest version have changed, follow the steps to install the latest required packages and then run ./w3af_console again.

Scripts and profiles

Scripts and profiles don’t have back-compatibility, in other words: The scripts and profiles you were using for versions prior to the 1.6 release will not work with this release version. This is mostly because plugin names and configuration parameters have changed drastically.

One of the symptoms will be shown when starting the w3af_gui where you’ll get many errors regarding missing plugins and configuration settings.

If you don’t have any important w3af profiles, I simply recommend you remove all the old data using: rm -rf ~/.w3af/profiles/  The next time w3af is run, all new profiles will be copied to that directory and the broken profile warning should disappear. For the users that have complex profiles, the only possible action at this point is to manually migrate them the recommended steps are:

• Use your favorite text editor to read the profile file at ~/.w3af/profiles/profile-name.pw3af
• Open the latest version of ./w3af_gui
• Create a new profile
• Read the profile information from the text editor and manually re-configure in w3af_gui
• Save your new profile

Bugs? No problem!

Report any tracebacks, false positives and false negatives. I’ve blocked all this week to improve any issues that might be found right after the release.

Hopefully no bugs are reported (yeah, right!) and I’ll be able to rest all week!

Join us

The w3af project is looking for contributors, and we’re not picky: anyone who’s interested in learning together with us about Python development, application security and designing algorithms to detect vulnerabilities is welcome. Just send a “Hello world” email to our developers mailing list and we’ll get you started.