W3AF Connector Page

w3af (Web Application Attack and Audit Framework) is an open-source web application security scanner. The project provides a vulnerability scanner and exploitation tool for Web applications. It provides information about security vulnerabilities for use in penetration testing engagements.

To import your data from the Web Application Attack and Audit Framework to the Application Security Module, you will need to leverage the w3af Connector under the Dynamic Assessment category.
The Connector is only a full run connector, and does not support incremental loads.

User Prerequisites/Connector Setup:

  • You must be able to export data from w3af in XML format.

  • You must be a Cisco Vulnerability Management administrator. 

Configuring your Connector in Cisco Vulnerability Management

1. In the Cisco Vulnerability Management UI, click Connectors.
2. Click Add Connector.
3. In the Dynamic Assessment section, click w3af .



4. On the w3af page, enter the following information:



  • Name: Enter a name for the connector, or leave it as w3af.

  • Asset Inactivity Limit: Enter a time in days for the connector level asset inactivity limit. Cisco recommends 2-3 times the scan cadence of your connector scans).

5. Click Save.

What w3af Items does Cisco Vulnerability Management Import?

Fields in w3af

Fields in Cisco Vulnerability Management


scaninfo > target

Application Identifier

Search for application_identifer in Cisco Vulnerability Management by using the custom query box and typing application:""

vulnerability > url




Vulnerability Name





vulnerability Status

Cisco Vulnerability Management does not map false positives, all vulnerabilities reported are imported in a default status of “open”. Once vulnerabilities are not reported in a subsequent scan, in which case the platform auto-closes the vuln.

vulnerability > message





Not passed from w3af, Cisco Vulnerability Management applies solutions based on our Fix Repository mapping



Low - 3
Medium - 6
High - 9
Else - 0



Mapped based on identifier or manual (Code based, no human input) mapping based on data received

Start (scan Start)

Last Seen




No tags are presented in the XML report. As a result, no tags are imported.


The Connector does not import the following:

  • Custom fields

  • Tags (if any)

Optional Settings

The following settings can be enabled on the backend for w3af Connectors. To have these settings enabled, or for more information, please contact Support, or your Customer Success Engineer.

Exclude Informationals

When this option is enabled, Cisco Vulnerability Management will import only vulnerabilities that include a CVE, CWE, or WASC ID.

Skip Tags

This setting enables you to not create any Tags in Cisco Vulnerability Management based on the scanner metadata.

Ignore Scanner Last Seen Time

Select this setting if you do not want the asset last seen time in Cisco Vulnerability Management to be the scanner reported last seen time.

Tag Reset

This setting assists you in keeping your scanner metadata synchronized with Cisco Vulnerability Management. Each time the connector is run, all tags in Cisco Vulnerability Management will be removed and the scanner tag metadata re-created.

If you have created any manual tags or any tags were created off of metadata from other connectors, that tag information will be removed and will be refreshed once those other connectors are rerun.

Custom Ordered Locators

Locators (such as IP, Netbios, and FQDN) can be reordered to better deduplicate vulnerabilities on the Connector level or the entire Platform level. For more information, see the help article here.

Common Reasons for w3af Connector Run Failures

  • If Cisco Vulnerability Management receives data that is not in the expected format and cannot process it, the connector will fail.

  • If more than 1% of connector payloads fail to import cleanly, Cisco Vulnerability Management will auto-fail the Connector Run

Additional Assistance:

Contact Cisco Support if you require any additional assistance with the w3af Connector.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request



Please sign in to leave a comment.