Fast Exploit refactoring using vulnerability templates about w3af HOT 4 CLOSED

GUI comments and ideas:

• The Exploit tab should be enabled at all times, which is a change from the current state where its only enabled after a scan has started.
• The button to add vulnerabilities should be only available in the exploit tab
• When the user clicks the "+ Add..." button a wizard with these steps shows up:
  • Choose the vulnerability to add (radio buttons with all the available vulnerabilities, short and long names)
  • Click Next/Cancel
  • Configure the vulnerability parameters
  • Click Add to KB/Back/Cancel/

When a user drags an attack plugin to a vulnerability, a configuration window should appear to let the user configure the plugin. Only appear is there is a configuration parameter available.

from w3af.

The user doesn't have a clear way to determine which vulnerability he's exploiting. Show more vulnerability information to the view. These are some items that should be displayed:

• URL
• Data container
• Original value
• Payload
• Vulnerability description

Please note that not all plugins generate vulnerabilities with all of those attributes.

from w3af.

The user has no way of knowing what an exploit actually does without looking at the source code. Show the long description in the exploit view. Maybe I can kill two birds with one stone and put the plugin configuration and description below the plugin? That way the user can read the description and configure the plugin before running it via drag&drop.

Remember to remove the context-menu "Configure plugin..."

from w3af.

w00t! 👍

from w3af.