Andres Riancho has announced  that a new version of w3af is available.

Just to name a few things we’ve done for this release:

  • We’ve written new HOWTO documents for our users
  • Considerably improved the speed of all grep plugins
  • Replaced Beautiful Soup by the faster libxml2 library
  • Introduced the usage of XPATH queries that will allow us to improve performance and reduce false positives
  • Fixed hundreds of bugs

On this release you’ll also find that after exploiting a vulnerability youcan leverage that access using our Web Application Payloads, a feature that we developed together with Lucas Apa from Bonsai Information Security. These payloads allow you to escalate privileges and will help you get from a low privileged vulnerability (e.g. local file read) to a remote code execution. In order to try them, exploit a vulnerability, get any type of shell and then run any of the following commands: help, lsp, payload tcp (the last one will show you the open connections in the remote box).