lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 2 Nov 2010 13:49:36 -0300
From: Andres Riancho <andres.riancho@...il.com>
To: full-disclosure <full-disclosure@...ts.grok.org.uk>
Subject: [ANN] New version of w3af is available for
	download !

List,

This is one of those great moments in the life of a project, a moment that
I've been dreaming about for a couple of years. We're releasing a new
version of w3af, but that's not important. The major achievement is the
story behind the release, the effort put in this release by all the
contributors, Javier Andalia (our core developer) and Rapid7 (the company
that allows all this to happen).

For the first time in the project's life, we have a roadmap [0] , a
prioritized backlog [1] and a structured development process we follow to
deliver new features and fixing bugs.

The efforts for this release have been major, some of them haven been really
organized like our sprints that started one month ago [2][3] and some others
can be tracked through the SVN logs, like Taras' great improvements of the
GUI.

Just to name a few things we've done for this release:
     * We've written new HOWTO documents for our users
    * Considerably improved the speed of all grep plugins
    * Replaced Beautiful Soup by the faster libxml2 library
    * Introduced the usage of XPATH queries that will allow us to improve
performance and reduce false positives
    * Fixed hundreds of bugs

On this release you'll also find that after exploiting a vulnerability you
can leverage that access using our Web Application Payloads, a feature that
we developed together with Lucas Apa from Bonsai Information Security. These
payloads allow you to escalate privileges and will help you get from a low
privileged vulnerability (e.g. local file read) to a remote code execution.
In order to try them, exploit a vulnerability, get any type of shell and
then run any of the following commands: help, lsp, payload tcp (the last one
will show you the open connections in the remote box).

We still have tons of things to do, but for the first time in the project's
life we have a defined process that will make us achieve our objectives. You
can download the new version here:


https://sourceforge.net/projects/w3af/files/w3af/w3af%201.0-rc4/w3af-1.0-rc4.tar.bz2/download

Thanks!

[0] https://sourceforge.net/apps/trac/w3af/roadmap
[1] https://sourceforge.net/apps/trac/w3af/report/1
[2]
https://sourceforge.net/apps/trac/w3af/query?group=status&milestone=owls-sprint-1
[3]
https://sourceforge.net/apps/trac/w3af/query?group=status&milestone=owls-sprint-2
-- 
Andrés Riancho
Director of Web Security at Rapid7 LLC
Founder at Bonsai Information Security
Project Leader at w3af

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ