same origin

[kfr-ma]

Hi I have a target https://a.domain.com which contain scripts from other virtual hosts b.domain.com,c.domain.com , when i run spider man, w3af scan only target defined . How can make w3af scan all the subdomains ? is there any set target *.domain.com ?

Thank you in advance.

[andresriancho]

That is one of w3af most annoying limitations. Only a few users find it, but it is annoying because it can't be easily fixed.

W3af was designed to scan one target domain. Changing that would require considerable effort and testing. That initial design flaw was what makes this so annoying.

El mié., 15 ago. 2018 10:29 a. m., Fakhir Karim Reda < notifications@github.com> escribió:

Hi I have a target https://a.domain.com which contain scripts from other virtual hosts b.domain.com,c.domain.com , when i run spider man, w3af scan only target defined . How can make w3af scan all the subdomains ? is there any set target *. domain.com ?

Thank you in advance.

— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/andresriancho/w3af/issues/17180, or mute the thread https://github.com/notifications/unsubscribe-auth/AA0zsJEWHS70W7OlPYSLUg9gkh_tel9sks5uRCJEgaJpZM4V-G2a .

[kfr-ma]

HI andresriancho,

I understand now , thx ;:) , I bypass it by running multiple scan on multiple target by : surfing on the primary target (spiderman) defining the target as the other vhost.

W3AF is awesome , i use it all the times , and i thank you for your work and your effort . I

Regards.

Regards.