w3af - Web Application Attack and Audit Framework

w3af is an open source web application security scanner which helps developers and penetration testers identify and exploit vulnerabilities in their web applications.

The scanner is able to identify 200+ vulnerabilities, including Cross-Site Scripting, SQL injection and OS commanding.


Pull requests are always welcome! If you're not sure where to start, please take a look at the First steps as a contributor document in our wiki. All contributions, no matter how small, are welcome.

Links and documentation


Holm Security sponsors the project and uses w3af as part of their amazing automated and continuous vulnerability assessment platform.

Found this project useful? Donations are accepted via ethereum at 0xb1B56F04E6cc5F4ACcB19678959800824DA8DE82


Leave a Reply