/usr/share/doc/w3af-console/examples/script-evasion-modsecurity.w3af is in w3af-console 1.0-rc3svn3489-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | # This is a simple xss detection demo:
#http-settings
#set proxyAddress 127.0.0.1
#set proxyPort 8080
#back
plugins
output console,textFile
output
output config textFile
set fileName output-w3af.txt
set verbose True
back
output config console
set verbose False
back
audit xss
audit
# There is no sense in enabling ALLL evasion plugins. IT WONT WORK
# But i'm enabling them just to test if they raise any exceptions
evasion modsecurity
evasion
back
target
set target http://localhost/w3af/xss-forms/test-forms.html
#set target http://172.16.1.132/index.asp?q=holaMundo
back
start
assert 1 == 1
exit
|