w3af (web application attack and audit framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities and aids in penetration testing efforts. Users have the choice between a graphic user interface and a command-line interface.w3af identifies most web application vulnerabilities using more than 130 plug-ins.