REST API v1.0

Objective

The objective of this document is to define the REST API for w3af.

The basic features

We're going to focus on delivering the most basic functionality: configure a scan, start, get status, pause, stop and read identified vulnerabilities. Any other features will be implemented in next versions.

Authentication

Basic HTTP authentication will be required to access the API

Authorization

There won't be any concept of users nor permissions. If the user has the credentials he'll have access to all the information.

Persistence

Scan results will be removed each time you start a new scan, or shutdown the w3af_api process.

Method to be exposed via API

Before reading the list, please note that the methods might not be exposed one-to-one. In other words, there might be two or more methods listed below which are going to be called when accessing one REST API path.

w3afCore.py

• start
• stop
• pause

plugins.py

• set_plugin_options
• get_plugin_options
• get_all_enabled_plugins
• get_enabled_plugins
• set_plugins
• get_plugin_list

status.py

• get_status
• is_running
• is_paused
• get_run_time
• get_scan_time
• get_rpm

target.py

• set_options which is used to configure the scan target

knowledgebase.py

• get
• get_all_known_urls
• get_all_known_fuzzable_requests
• get_all_vulns
• get_all_infos