Make sure you have the following software ready before starting the installation:
- Git client:
sudo apt-get install git- Python 2.7, which is installed by default in most systems
- Pip version 1.1:
sudo apt-get install python-pip
git clone https://github.com/andresriancho/w3af.git
cd w3af/
./w3af_console
. /tmp/w3af_dependency_install.shLet me explain what's going on there:
- First we use
gitto downloadw3af's source code- Then we try to run the
w3af_consolecommand, which will most likely fail because of missing dependencies. This command will generate a helper script at/tmp/w3af_dependency_install.shthat when run will install all the required dependencies.- Dependencies are installed by running
/tmp/w3af_dependency_install.sh
The framework dependencies don't change too often, but don't be alarmed if after
updating your installation w3af requires you to install new dependencies.
The framework should work on all Python supported platforms and has been tested in various Linux distributions, Mac OSX, FreeBSD and OpenBSD.
Note
The platform used for development is Ubuntu 14.04 and running our continuous integration tests is Ubuntu 12.04 LTS.
Warning
While in theory you can install w3af in Microsoft Windows, we don't recommend nor support that installation process.
One of the ugly details users can find is that w3af needs to detect the
Operating System / Linux distribution, and then have support for creating the
/tmp/w3af_dependency_install.sh for that specific combination. In other words,
for Ubuntu we use apt-get install and for Suse we use yum install.
The list of distributions w3af knows how to generate the installation script
for is extensive .
If we don't support your distribution, we'll default to Ubuntu.
The easiest way to install w3af in Kali is:
apt-get update
apt-get install -y w3afThis will install the latest packaged version, which might not be the latest available from our repositories. If the latest version is needed these steps are recommended:
cd ~
apt-get update
apt-get install -y python-pip w3af
pip install --upgrade pip
git clone https://github.com/andresriancho/w3af.git
cd w3af
./w3af_console
. /tmp/w3af_dependency_install.shThis will install the latest w3af at ~/w3af/w3af_console and leave the
packaged version un-touched.
Note
- There are two versions in your OS now:
cd ~/w3af/ ; ./w3af_consolewill run the latest versionw3af_consolewill run the one packaged in Kali
Docker is awesome, it allows users to run w3af
without installing any of it's dependencies. The only pre-requisite is to
install docker , which is widely
supported.
Once the docker installation is running these steps will yield a running
w3af console:
$ git clone https://github.com/andresriancho/w3af.git
$ cd w3af/extras/docker/scripts/
$ sudo ./w3af_console_docker
w3af>>>For advanced usage of w3af's docker container please read the documentation
at the docker registry hub
In order to start the process, you need XCode and MacPorts installed.
sudo xcode-select --install
sudo port selfupdate
sudo port upgrade outdated
sudo port install python27
sudo port select python python27
sudo port install py27-pip
sudo port install py27-libdnet git-core automake gcc48 py27-setuptools autoconf py27-pcapy
./w3af_console
. /tmp/w3af_dependency_install.shThose commands should allow you to run ./w3af_console again without any issues,
in order to run the GUI a new dependency set is required:
sudo port install py27-pygtk py27-pygtksourceview graphviz
sudo port install py27-webkitgtk
./w3af_gui
. /tmp/w3af_dependency_install.shAfter running the helper script w3af still says I have missing python dependencies, what should I do?
You will recognize this when this message appears: "Your python installation needs the following modules to run w3af".
First you'll want to check that all the dependencies are installed. To do that just follow these steps:
$ cd w3af
$ ./w3af_console
...
Your python installation needs the following modules to run w3af:
futures
...
$ pip freeze | grep futures
futures==2.1.5
$Replace futures with the library that is missing in your system. If the
pip freeze | grep futures command returns an empty result, you'll need to
install the dependency using the /tmp/w3af_dependency_install.sh command.
Pay special attention to the output of that command, if installation fails
you won't be able to run w3af.
It is important to notice that w3af requires specific versions of the
third-party libraries. The specific versions required at /tmp/w3af_dependency_install.sh
need to match the ones you see in the output of pip freeze. If the versions
don't match you can always install a specific version using
pip install --upgrade futures==2.1.5.
You will recognize this when this message appears: "please install the following operating system packages".
Most likely you're using a Linux distribution that w3af doesn't know how to
detect. This doesn't mean that w3af won't work with your distribution! It just
means that our helper tool doesn't know how to create the
/tmp/w3af_dependency_install.sh script for you.
What you need to do is:
- Find a match between the Ubuntu package name given in the list and the one
for your distribution * Install it * Run
./w3af_consoleagain. Repeat until fixed
Please create a ticket
explaining the packages you installed, your distribution, etc. and we'll add
the code necessary for others to be able to install w3af without going
through any manual steps.
You can create a ticket containing the following information:
- Your linux distribution (usually the contents of
/etc/lsb-releasewill be enough)- The contents of the
/tmp/w3af_dependency_install.shfile- The output of
pip freeze- The output of
python --version