andresriancho / w3af

w3af: web application attack and audit framework, the open source web vulnerability scanner.
http://w3af.org/
4.59k stars 1.22k forks source link

Add inquisition testbed to w3af #6252

Open andresriancho opened 10 years ago

andresriancho commented 10 years ago

Tasks

https://github.com/google/firing-range

References

http://googleonlinesecurity.blogspot.com.ar/2014/11/ready-aim-fire-open-source-tool-to-test.html

nestoru commented 10 years ago

Here is the log result for w3af version: 1.6.0.5, configuration: default top owasp 10 running against https://gist.github.com/nestoru/a667afdbdfb01e0d2911

Thanks!

andresriancho commented 10 years ago

Where?

nestoru commented 10 years ago

Comment updated. Sorry for the copy and paste issue ;-)

paradoxengine commented 9 years ago

Hey, here is how to run the server locally on ubuntu - I've not looked at how to export the WAR to Tomcat (assuming it can be done painlessly)

1- apt-get install git ant 2- download the appengine Java SDK from cloud.google.com/appengine/downloads and unzip it in a directory. 3- git clone https://github.com/google/firing-range.git 4- modify build.xml so that the appengine.sdk property points to the directory where you unpacked the appengine SDK (you could also unpack it on ../../, which is the default) 5- ant runserver

The server is now running locally. Will do proper docs once I'm back at work but this worked on my laptop.

andresriancho commented 9 years ago

Awesome, will test in a docker image next week (busy with pentest stuff at the moment). Thanks @paradoxengine