w3af: web application attack and audit framework, the open source web vulnerability scanner.
Python HTML Roff JavaScript Shell C Other


w3af - Web Application Attack and Audit Framework

w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

The scanner is able to identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection and OS commanding.


Pull requests are always welcome! If you're not sure where to start, please take a look at the First steps as a contributor document in our wiki. All contributions, no matter how small, are welcome.

Links and documentation