wXf is a new framework focused on web application security and written in Ruby, with the look and feel of Metasploit.

I have read some posts written by carnalOwnage  as well as some videos on Vimeo and I have to say it  looks really interesting :)

I am quite sure that my definition is too simple, but I understand it follows the same principle of Metasploit but oriented to Web Application security, with the advantage of being well integrated with Burp. Of course, this tool can be really helpful to pen-testers that do an extensive use of Burp, because  it will permit to script many tasks with Buby modules  and automate many attacks, saving lots of time.

Doing some searches on Google I also found this video on securitytube.net that corresponds to a talk offered during the APPSEC DC 2010.

wxf: Web Exploitation Framework with Ken Johnson, Fishnet Security and Chris Gates, No Affiliation. from OWASP DC on Vimeo.

Links carnalOwnage’s posts:

http://carnal0wnage.attackresearch.com/2011/05/jruby-buby-wxf-fun.html http://carnal0wnage.attackresearch.com/2011/05/buby-script-basics-part-1.html http://carnal0wnage.attackresearch.com/2011/05/buby-script-basics-part-2.html http://carnal0wnage.attackresearch.com/2011/05/buby-script-basics-part-3.html http://carnal0wnage.attackresearch.com/2011/05/buby-script-basics-part-4.html http://carnal0wnage.attackresearch.com/2011/05/buby-script-basics-part-5.html http://carnal0wnage.attackresearch.com/2011/05/buby-script-basics-part-6.html