Video – Conducting A Website Vulnerability Scan Using w3af

5 minutes
Share the link to this page
You need to have access to the item to view this lesson.
One-time Fee
List Price:  $139.99
You save:  $40
List Price:  €128.67
You save:  €36.76
List Price:  £110.19
You save:  £31.48
List Price:  CA$190.60
You save:  CA$54.46
List Price:  A$208.90
You save:  A$59.69
List Price:  S$188.42
You save:  S$53.84
List Price:  HK$1,092.29
You save:  HK$312.10
CHF 90.89
List Price:  CHF 127.25
You save:  CHF 36.36
NOK kr1,073.95
List Price:  NOK kr1,503.58
You save:  NOK kr429.62
DKK kr686.39
List Price:  DKK kr960.97
You save:  DKK kr274.58
List Price:  NZ$228.20
You save:  NZ$65.20
List Price:  د.إ514.18
You save:  د.إ146.92
List Price:  ৳16,391.62
You save:  ৳4,683.65
List Price:  ₹11,661.24
You save:  ₹3,332.02
List Price:  RM656.20
You save:  RM187.50
List Price:  ₦205,785.30
You save:  ₦58,800
List Price:  ₨38,789.74
You save:  ₨11,083.57
List Price:  ฿5,074.35
You save:  ฿1,449.91
List Price:  ₺4,513.75
You save:  ₺1,289.73
List Price:  B$714.59
You save:  B$204.18
List Price:  R2,530.23
You save:  R722.97
List Price:  Лв251.81
You save:  Лв71.95
List Price:  ₩189,601.05
You save:  ₩54,175.60
List Price:  ₪518.60
You save:  ₪148.18
List Price:  ₱8,079.59
You save:  ₱2,308.62
List Price:  ¥21,792.94
You save:  ¥6,227
List Price:  MX$2,325.03
You save:  MX$664.34
List Price:  QR507.87
You save:  QR145.11
List Price:  P1,896.68
You save:  P541.94
List Price:  KSh18,338.69
You save:  KSh5,240
List Price:  E£6,566.93
You save:  E£1,876.40
List Price:  ብር8,018.62
You save:  ብር2,291.20
List Price:  Kz118,629.90
You save:  Kz33,896.68
List Price:  CLP$125,220.73
You save:  CLP$35,779.90
List Price:  CN¥1,011.17
You save:  CN¥288.92
List Price:  RD$8,157.46
You save:  RD$2,330.87
List Price:  DA18,810.98
You save:  DA5,374.95
List Price:  FJ$311.92
You save:  FJ$89.12
List Price:  Q1,087.56
You save:  Q310.75
List Price:  GY$29,285.87
You save:  GY$8,367.99
ISK kr13,827.61
List Price:  ISK kr19,359.21
You save:  ISK kr5,531.60
List Price:  DH1,386.51
You save:  DH396.17
List Price:  L2,464.07
You save:  L704.07
List Price:  ден7,916.55
You save:  ден2,262.03
List Price:  MOP$1,124.95
You save:  MOP$321.43
List Price:  N$2,547.77
You save:  N$727.98
List Price:  C$5,144.63
You save:  C$1,470
List Price:  रु18,661.67
You save:  रु5,332.28
List Price:  S/520.05
You save:  S/148.59
List Price:  K543.23
You save:  K155.22
List Price:  SAR524.96
You save:  SAR150
List Price:  ZK3,554.51
You save:  ZK1,015.64
List Price:  L640.62
You save:  L183.04
List Price:  Kč3,180.29
You save:  Kč908.72
List Price:  Ft49,855.26
You save:  Ft14,245.38
SEK kr1,071.59
List Price:  SEK kr1,500.27
You save:  SEK kr428.67
List Price:  ARS$124,136.13
You save:  ARS$35,470
List Price:  Bs967.19
You save:  Bs276.36
List Price:  COP$532,965.46
You save:  COP$152,286.72
List Price:  ₡71,639.71
You save:  ₡20,469.95
List Price:  L3,448
You save:  L985.21
List Price:  ₲1,048,812.96
You save:  ₲299,682.25
List Price:  $U5,395.05
You save:  $U1,541.55
List Price:  zł548.83
You save:  zł156.82
Already have an account? Log In


Greetings and initial video presentation we're going to see how we go about conducting a website vulnerability scan using the web application attack an audit framework, or w three a. Now for this lab I'll be using one virtual install of Kali Linux with the W three a freshly installed. I'll also be using a installation of menace portable two as my victim. And we'll also be going up to the internet and we'll be using a website called Accu art that is left intentionally vulnerable for pentesting purposes. To begin the lab I've opened up a terminal and I've typed in cd space w three AF because I need to get over to the directory where the executable to launch the program is located. I'm going to go ahead and hit enter.

Notice that my prompt changes to let me know that I'm in the correct directory. I'm now going to go ahead and type in Period four slash w three AF underscore console. This is the executable that launches the application. So when I hit Enter, notice that my prompt is going to change, let me know that we are now inside of that application, there's only been a few commands we have to remember to use this application effectively. So we start off with by using the target command, so we'll type in target, hit enter. Notice that my prompt changes.

Now I can type in the command. Using the set command, I can now set the path to the target. In this case, I'm going to use my Mathilde a website that is part of my mess portable to installation. So if I was to open up a browser, and I was just typing the address bar, the address of my minister portable to forward slash with the address of the web server, it would be the same thing. So I'm saying set the target to my meta Squirtle machine forward slash my web server. I'm going to go ahead Hit Enter, and the target has been set.

Now I'm going to use the back command, this is going to take me back. And notice that my configuration has been saved, I now need to assign a plugin or plugins to this target. So I've typed in the command plugins that can take me to the plugins container. And here I'm going to select a plug in. So I'm going to type in audit, that's going to be my plugin. And if I hit Enter, I get all of the options to use with this particular plugin.

So now if I type in audit space, Paul, I get all of these options. So I'm going to go ahead and hit Enter. And this time, I'm going to hit back one more time. And now I'm ready to launch to launch all I have to do is type in the word start, and in just a moment, the results for our scan over to my meta splittable web server Matilda will come back to us and there are the results. You'll notice that the results are actually in blue. These are the vulnerabilities that it found and this is How you can tell what vulnerabilities are present on whatever web server you decide to scan.

Now the next website we're going to go after is called Accu art. And we're going to see how we scan an actual website on the internet. So again, I'm going to type in the word target, select the target prompt, I just typed in the name of the website, set space target name of the website. Now I'm going to go ahead and hit Enter. And again, we're going to do a back notice that the information was also saved again this time. And now I'm going to type in plugins.

And now we're going to choose the plugins we want. Again, I'm going to use audit. And if I type in, or if I hit Enter, you'll notice that I get all those options against I'm going to type in audit space, all hit enter. Now I'm going to type in back and just as before, if I type in the word start, the scan begins. And in just a moment, we'll have the results. Now this website that we're using is a testing website for pentesters are hackers.

And so it's actually legal to go ahead and scan it. If you use this utility to conduct an unauthorized scan, you do so at your own risk. So let's go ahead and let this thing roll on here just for a second. So we have a number of dab methods that we can actually exploit on this server. But this is just an example of how powerful this web scanner actually is. And we've only touched the surface on it, it actually does a lot more, but this is enough to get you started.

In this short video presentation, we demonstrated how to conduct a website vulnerability scan using the web application attack and audit framework. W three AF you also saw how easy it was to conduct a testing of this tool using meta splittable and using a national website on the internet. If you have any questions or you have any concerns about what was shown to you in this video, please don't hesitate to reach out and contact your instructor And I'll see you in my next video.

Sign Up


Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.