What Is w3af ?
w3af is a free open source web application security scanner widely used by hackers and penetration testers. w3af is a web application attack and audit framework. Using this hacking tool, information about security vulnerabilities can be obtained that can be exploited in penetration testing.
w3af claims to identify over 200 vulnerabilities, including cross-site scripting, SQL injection, PHP misconfiguration, assumed credentials, and unhandled application errors, and makes the web application and website more secure.
w3af comes with a command-line and graphical user interface to suit the hacker’s needs. In less than 5 clicks and using a pre-defined newbie profile, you can check the security of your web application. Since it is well documented, new users can easily find their way.
Since it is an open-source hacking tool, an experienced developer can play with the code, add new features, and create something new.
w3af is available for Linux, BSD, and OS X. Older versions are supported on Windows.