.

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
[user@host w3af]$ ./w3af_console -s script.txt 
w3af>>> target
w3af/config:target>>> set target https://target.com/target/Login.aspx
w3af/config:target>>> back
w3af>>> plugins
w3af/plugins>>> discovery spiderMan
w3af/plugins>>> discovery config spiderMan
w3af/plugins/discovery/config:spiderMan>>> set listenAddress 10.8.0.1
w3af/plugins/discovery/config:spiderMan>>> back
w3af/plugins>>> output config console
w3af/plugins/output/config:console>>> set verbose true
w3af/plugins/output/config:console>>> back
w3af/plugins>>> output textFile,htmlFile
w3af/plugins>>> output config textFile
w3af/plugins/output/config:textFile>>> set showCaller true
w3af/plugins/output/config:textFile>>> back
w3af/plugins>>> output config htmlFile
w3af/plugins/output/config:htmlFile>>> set verbose 10
w3af/plugins/output/config:htmlFile>>> back
w3af/plugins>>> back
w3af>>> plugins
w3af/plugins>>> audit xss
w3af/plugins>>> back
w3af>>> http-settings
w3af/config:http-settings>>> set timeout 60
w3af/config:http-settings>>> set maxFileSize 1000000
w3af/config:http-settings>>> set proxyAddress work
w3af/config:http-settings>>> back
w3af>>> start
Exiting setOutputPlugins()
Called w3afCore.start()
Called buildOpeners
keepalive: The connection manager has 0 active connections.
keepalive: added one connection, len(self._hostmap["target.com"]): 1
DNS response from DNS server for domain: work
GET https://target.com/target/Login.aspx returned HTTP code "204"
Unhandled exception in xUrllib._send(): sendall
Traceback (most recent call last):
  File "/opt/programs/w3af/core/data/url/xUrllib.py", line 440, in _send
    res = self._cacheOpener.open( req )
  File "/usr/lib/python2.6/urllib2.py", line 383, in open
    response = self._open(req, data)
  File "/usr/lib/python2.6/urllib2.py", line 401, in _open
    '_open', req)
  File "/usr/lib/python2.6/urllib2.py", line 361, in _call_chain
    result = func(*args)
  File "/opt/programs/w3af/core/data/url/handlers/keepalive.py", line 576, in https_open
    return self.do_open(req)
  File "/opt/programs/w3af/core/data/url/handlers/keepalive.py", line 451, in do_open
    self._start_transaction(h, req)
  File "/opt/programs/w3af/core/data/url/handlers/keepalive.py", line 543, in _start_transaction
    h.endheaders()
  File "/usr/lib/python2.6/httplib.py", line 868, in endheaders
    self._send_output()
  File "/usr/lib/python2.6/httplib.py", line 740, in _send_output
    self.send(msg)
  File "/usr/lib/python2.6/httplib.py", line 719, in send
    self.sock.sendall(str)
AttributeError: sendall

Incrementing global error count. GEC: 0
hmmm... wtf?! The remote web server failed to send the content-type header.
Called _discoverWorker()
Starting plugin: spiderMan
Changing socket options of ProxyServer to (socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
spiderMan proxy is running on 10.8.0.1:44444.
Please configure your browser to use these proxy settings and navigate the target site.
To exit spiderMan plugin please navigate to http://127.7.7.7/spiderMan?terminate .
Using proxy handler: <function constructor at 0xb2d921b4>
Proxy server listening on 10.8.0.1:44444