Open w3af console
#w3af_console
for help type >> "help"
for check shortcut type >>"keys"
to insert target URL type >>"target"
to view typr >>"view"
###################
Start
###################
>>>set targetOS "insert"
>>>set targetFramework "insert"
>>>set target http://www.sample.com/
>>>back | back to main menu
In main menu chose "misc-settings"
>>>view
>>>set maxThreads 3
>>>set fuzzCookie True
>>>back
>>>http_settings
>>>view
Open web broser insert link
Ex:
http://www.useragentstring.com/pages/useragentstring.php
Chose web browser to scanning
And than copy in "User Agent String explained :"
Ex:>>> set userAgent Mozilla/5.0 (Windows; U; Windows NT 6.1; rv:2.2) Gecko/20110201
type "back"
chose "plugins"
>>>plugins
check help
>>>help
Create all output
>>>output all,!xmlFile,!emailReport,!gtkOutput
grep to view
After that insert this command:
grep codeDisclosure, directoryIndexing domXss errorPages error500 fileUpload httpAuthDetect oracle pathDisclosure
w3af/plugins>>> discovery allowedMethods content_negotiation phpinfo pykto robotsReader webSpider
w3af/plugins>>> audit dav eval fileUpload htaccessMethods localFileInclude osCommanding preg_replace remoteFileInclude responseSplitting sqli ssi xpath xsrf
w3af/plugins>>> audit config eval
w3af/plugins/audit/config:eval>>> view
w3af/plugins/audit/config:eval>>> set useTimeDelay False
w3af/plugins/audit/config:eval>>> back
w3af/plugins>>> audit config remoteFileInclude
w3af/plugins/audit/config:remoteFileInclude>>> view
w3af/plugins/audit/config:remoteFileInclude>>> set listenPort 5151
Back until w3af>>>
And the last type "start"
w3af>>> start
Wait until get the link ^_^
0 komentar:
Post a Comment