I did my routine subversion checkout of w3af today and discovered an interesting new feature.

So, lets check it out shall we:

Very clean interface!

A simple scan on my one of my sandboxes:

Searchable http output log (draws a crazy wide window):

None of the top menu items work yet:

This is a very good start to an awesome feature. I would estimate that 98% of the core funtionality is in place already, making this a very usable alpha stage frontend.

Some things need work, such as the wide window that is rendered when you search the http output, and error handling when a plugin such as remoteFileInclude is not configured properly. Speaking of which, I have yet to get that particular plugin working on my local server instead of the w3af website. If anyone has a tip on getting it to work, leave me a comment.

Another plugin that seems to be broken is the web20Spider, which requires a special python module and apparently a Firefox plugin. I have yet to figure out this one, and even though I seem to have all the dependencies, it refuses to see them and will not run. The new GTK based UI has a browser built in, so they may be well on their way to making that function usable. Let’s hope so!

***Edit***

I have been informed by Andres Riancho that the GUI is actually closer to 60% complete. Expect to see added features such as exploit functionality in the near future.

Also, I would like to remind anyone interested in contributing to the w3af project to consider joining their users or developers mailing lists at sourceforge.