W3af – Web Application Attack and Audit Framework

 w3af is a Web Application Attack and Audit Framework. The project's goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. To read our short and long term objectives, please click over the Project Objectives item in the main menu. This project is currently hosted at SourceForge , for further information, you may also want to visit w3af SourceForge project page .  

 If you are here just to "take a look" please watch the w3af video demos!


A nice tool to check web applications and a good frame work to carry out your tests. It is what Metasploit is for Network Penetration Testing.

 w3af is a Web Application Attack and Audit Framework. The project’s goal is to create a framework to find and exploit web application vulnerabilities that is easy to use and extend. The w3af core and it’s plugins are fully written in python. The project has more than 130 plugins, which check for SQL injection, cross site scripting (xss), local and remote file inclusion and much more

 This tools lags a bit for windows but as its open source you cant complain :P Although runs smoothly on linux


You can download W3AF here