Greetings and initial video presentation we're going to see how we go about conducting a website vulnerability scan using the web application attack an audit framework, or w three a. Now for this lab I'll be using one virtual install of Kali Linux with the W three a freshly installed. I'll also be using a installation of menace portable two as my victim. And we'll also be going up to the internet and we'll be using a website called Accu art that is left intentionally vulnerable for pentesting purposes. To begin the lab I've opened up a terminal and I've typed in cd space w three AF because I need to get over to the directory where the executable to launch the program is located. I'm going to go ahead and hit enter.
Notice that my prompt changes to let me know that I'm in the correct directory. I'm now going to go ahead and type in Period four slash w three AF underscore console. This is the executable that launches the application. So when I hit Enter, notice that my prompt is going to change, let me know that we are now inside of that application, there's only been a few commands we have to remember to use this application effectively. So we start off with by using the target command, so we'll type in target, hit enter. Notice that my prompt changes.
Now I can type in the command. Using the set command, I can now set the path to the target. In this case, I'm going to use my Mathilde a website that is part of my mess portable to installation. So if I was to open up a browser, and I was just typing the address bar, the address of my minister portable to forward slash with the address of the web server, it would be the same thing. So I'm saying set the target to my meta Squirtle machine forward slash my web server. I'm going to go ahead Hit Enter, and the target has been set.
Now I'm going to use the back command, this is going to take me back. And notice that my configuration has been saved, I now need to assign a plugin or plugins to this target. So I've typed in the command plugins that can take me to the plugins container. And here I'm going to select a plug in. So I'm going to type in audit, that's going to be my plugin. And if I hit Enter, I get all of the options to use with this particular plugin.
So now if I type in audit space, Paul, I get all of these options. So I'm going to go ahead and hit Enter. And this time, I'm going to hit back one more time. And now I'm ready to launch to launch all I have to do is type in the word start, and in just a moment, the results for our scan over to my meta splittable web server Matilda will come back to us and there are the results. You'll notice that the results are actually in blue. These are the vulnerabilities that it found and this is How you can tell what vulnerabilities are present on whatever web server you decide to scan.
Now the next website we're going to go after is called Accu art. And we're going to see how we scan an actual website on the internet. So again, I'm going to type in the word target, select the target prompt, I just typed in the name of the website, set space target name of the website. Now I'm going to go ahead and hit Enter. And again, we're going to do a back notice that the information was also saved again this time. And now I'm going to type in plugins.
And now we're going to choose the plugins we want. Again, I'm going to use audit. And if I type in, or if I hit Enter, you'll notice that I get all those options against I'm going to type in audit space, all hit enter. Now I'm going to type in back and just as before, if I type in the word start, the scan begins. And in just a moment, we'll have the results. Now this website that we're using is a testing website for pentesters are hackers.
And so it's actually legal to go ahead and scan it. If you use this utility to conduct an unauthorized scan, you do so at your own risk. So let's go ahead and let this thing roll on here just for a second. So we have a number of dab methods that we can actually exploit on this server. But this is just an example of how powerful this web scanner actually is. And we've only touched the surface on it, it actually does a lot more, but this is enough to get you started.
In this short video presentation, we demonstrated how to conduct a website vulnerability scan using the web application attack and audit framework. W three AF you also saw how easy it was to conduct a testing of this tool using meta splittable and using a national website on the internet. If you have any questions or you have any concerns about what was shown to you in this video, please don't hesitate to reach out and contact your instructor And I'll see you in my next video.