While I am not a frequent poster around here, I am a frequent "lurker" and have enjoyed the generous contributions from forum members here.
I finally have a question of my own, and have searched the boards here, unable to find an answer to my specific question. So, here goes....
I have been asked to conduct a Penetration Test on a friend's website. I have his full consent to go "whole hog" in order to find potential vulnerabilities. He is aware of my knowledge level (strong theory, little hands on experience with Pen-Testing). He hopes that this project will bring me some much needed experience.
We decided to use W3af for our pen-test. Now that we have made our first attempt with W3af, we have now encountered the dilemma of how to read and interpret the results.
I am signed up with the W3af mailing list and I have asked this same question there. While the people there were helpful, I was unable to come across any solid resources on how to understand the actual results spat out by W3af.
I am a Windows user migrating over to Linux. I have limited Linux experience, but hope to change this around very soon. Lastly, I just want to point out that when we did the first W3af Pen-Test, we chose the most generic settings available. In fact, I think we just went with full defaults set and let it run for awhile. If this is a silly thing to do, I would appreciate the head's up on this. We are completely clueless!
A brief sample of our results generated by first W3af attempt (IP has been blanked out for privacy reasons):
[Sun 04 Apr 2010 05:11:17 AM UTC] Found a new virtual host at the target web server, the virtual host name is: "webmail.example.com". To access this site you might need to change your DNS resolution settings in order to point "webmail.example.com" to the IP address of "example.com". This vulnerability was found in the request with id 269.
[Sun 04 Apr 2010 05:12:02 AM UTC] Fingerprinted this host as a Microsoft Windows system. This information was found in the requests with ids 377 and 378.
[Sun 04 Apr 2010 05:12:02 AM UTC] A robots.txt file was found at: "http://example.com/robots.txt". This information was found in the request with id 379.
[Sun 04 Apr 2010 05:12:21 AM UTC] The target site *has* a DNS wildcard configuration. This information was found in the request with id 450.
[Sun 04 Apr 2010 05:12:21 AM UTC] The contents of http://xx.xxx.xx.xx/ differ from the contents of http://example.com/. This information was found in the request with id 451.
[Sun 04 Apr 2010 05:19:17 AM UTC] The URL "http://example.com/music/" has the following allowed methods: GET, HEAD, OPTIONS,
[Sun 04 Apr 2010 05:12:42 AM UTC] : 2 real server(s)
[Sun 04 Apr 2010 05:12:42 AM UTC] ======================================================================
[Sun 04 Apr 2010 05:12:42 AM UTC]
[Sun 04 Apr 2010 05:12:42 AM UTC] server 1: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8e-fips-rhel5 mod_auth_passthrough/2.1 mod_bwlimited/1.4 FrontPage/220.127.116.1135
[Sun 04 Apr 2010 05:12:42 AM UTC]
[Sun 04 Apr 2010 05:19:17 AM UTC] The URL: "http://example.com/pqd_dl.php" has an object tag.----------------------------------------------------------------------
And on and on it goes. The site consists mainly of PHP files. This site uses shared hosting. W3af was able to locate a few files and folders that were not intended for public viewing or use. This is very concerning. At this point, we just want to be able to decipher a very detailed log out out by W3af. Any insight is GREATLY appreciated!
Anyway, thanks for your help guys. Looking forward to learning more and contributing more as time goes on....