Integrate W3AF with Vulnetix via Docker. Use W3AF's extensible plugin architecture to detect SQL injection, XSS, CSRF, and 200+ other vulnerability classes. Export XML reports for ingestion.
PythonCLI toolXMLHTMLCSV
Install & scan
$ # Recommended — Docker image (avoids Python 2.7 dependency issues) docker pull andresriancho/w3af # Note: W3AF requires Python 2.7 (EOL). Docker is the recommended approach. $ # Run via Docker with a profile file docker run --rm -v "$(pwd)/reports:/root/w3af-shared" andresriancho/w3af ./w3af_console -s /root/w3af-shared/scan.w3af # Create scan.w3af profile: # plugins output xml_file # output config xml_file # set output_file /root/w3af-shared/report.xml # back # target # set target https://example.com/ # back # start
Run W3AF in CI
Scan on every push and upload the results to Vulnetix:
- name: Create W3AF profile
run: |
mkdir -p reports
cat > scan.w3af << 'EOF'
plugins output xml_file
output config xml_file
set output_file /root/w3af-shared/report.xml
back
target
set target ${{ secrets.TARGET_URL }}
back
start
EOF
- name: Run W3AF scan
run: |
docker run --rm -v "$(pwd)/reports:/root/w3af-shared" -v "$(pwd)/scan.w3af:/root/scan.w3af" andresriancho/w3af ./w3af_console -s /root/scan.w3af
- name: Upload report
run: vulnetix upload --file reports/report.xml
Centralise W3AF results in Vulnetix
Upload W3AF XML, HTML, CSV output to the Vulnetix platform to deduplicate findings, prioritise them with EPSS, CISA KEV and Coalition ESS exploit intelligence, and track remediation across every scanner in a single queue.