[Python-apps-commits] r8444 - in packages/wapiti/trunk/debian (5 files)
adejong at users.alioth.debian.org
adejong at users.alioth.debian.org
Sun Apr 8 16:28:14 UTC 2012
Date: Sunday, April 8, 2012 @ 16:28:09
Author: adejong
Revision: 8444
* Install upstream manual page.
Added:
packages/wapiti/trunk/debian/patches/fix-man-page.patch
Modified:
packages/wapiti/trunk/debian/changelog
packages/wapiti/trunk/debian/patches/series
packages/wapiti/trunk/debian/wapiti.manpages
Deleted:
packages/wapiti/trunk/debian/wapiti.1
Modified: packages/wapiti/trunk/debian/changelog
===================================================================
--- packages/wapiti/trunk/debian/changelog 2012-04-08 16:18:39 UTC (rev 8443)
+++ packages/wapiti/trunk/debian/changelog 2012-04-08 16:28:09 UTC (rev 8444)
@@ -4,9 +4,10 @@
* Drop no longer relevant recommends.
* Install wapiti-getcookie and wapiti-lswww commands.
* Update patches (drop most because no longer relevant).
+ * Install upstream manual page.
* Update debian/watch file.
- -- Arthur de Jong <adejong at debian.org> Sun, 08 Apr 2012 18:18:16 +0200
+ -- Arthur de Jong <adejong at debian.org> Sun, 08 Apr 2012 18:27:48 +0200
wapiti (1.1.6-4) unstable; urgency=low
Added: packages/wapiti/trunk/debian/patches/fix-man-page.patch
===================================================================
--- packages/wapiti/trunk/debian/patches/fix-man-page.patch (rev 0)
+++ packages/wapiti/trunk/debian/patches/fix-man-page.patch 2012-04-08 16:28:09 UTC (rev 8444)
@@ -0,0 +1,21 @@
+Description: Fixes for the manual page.
+Author: Arthur de Jong <adejong at debian.org>
+
+--- a/doc/wapiti.1
++++ b/doc/wapiti.1
+@@ -89,7 +89,7 @@
+ .br
+ .RS
+ .RS
+--m "-all,xss:get,exec:post"
++\-m "\-all,xss:get,exec:post"
+ .RE
+ .RE
+ .TP
+@@ -139,5 +139,5 @@
+ .SH BUG REPORTS
+ If you find a bug in Wapiti please report it to http://sourceforge.net/tracker/?group_id=168625
+ .SH SEE ALSO
+-The README file that comes with Wapiti gives more detailed informations on the options.
++The README file that comes with Wapiti gives more detailed information on the options.
+ .\" Vim for teh win!
Modified: packages/wapiti/trunk/debian/patches/series
===================================================================
--- packages/wapiti/trunk/debian/patches/series 2012-04-08 16:18:39 UTC (rev 8443)
+++ packages/wapiti/trunk/debian/patches/series 2012-04-08 16:28:09 UTC (rev 8444)
@@ -1 +1,2 @@
use-wapiti-command.patch
+fix-man-page.patch
Deleted: packages/wapiti/trunk/debian/wapiti.1
===================================================================
--- packages/wapiti/trunk/debian/wapiti.1 2012-04-08 16:18:39 UTC (rev 8443)
+++ packages/wapiti/trunk/debian/wapiti.1 2012-04-08 16:28:09 UTC (rev 8444)
@@ -1,78 +0,0 @@
-.TH WAPITI "1" "July 2007" "http://wapiti.sourceforge.net/" "User Commands"
-.SH NAME
-wapiti \- a web application vulnerability scanner.
-.SH SYNOPSIS
-.B wapiti
-\fIhttp://server.com/base/url/ \fR[\fIoptions\fR]
-.SH DESCRIPTION
-Wapiti allows you to audit the security of your web applications.
-.br
-It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
-.SH OPTIONS
-.PP
-\fB\-s\fR, \fB\-\-start\fR <url>
-.br
- specify an url to start with.
-.PP
-\fB\-x\fR, \fB\-\-exclude\fR <url>
-.br
- exclude an url from the scan (for example logout scripts) you can also use a wildcard (*):
-.br
- Example : \fB\-x\fR "http://server/base/?page=*&module=test" or \fB\-x\fR "http://server/base/admin/*" to exclude a directory
-.PP
-\fB\-p\fR, \fB\-\-proxy\fR <url_proxy>
-.br
- specify a proxy (\fB\-p\fR http://proxy:port/)
-.PP
-\fB\-c\fR, \fB\-\-cookie\fR <cookie_file>
-.br
- use a cookie
-.PP
-\fB\-t\fR, \fB\-\-timeout\fR <timeout>
-.br
- set the timeout (in seconds)
-.PP
-\fB\-a\fR, \fB\-\-auth\fR <login%password>
-.br
- set credentials (for HTTP authentication) doesn't work with Python 2.4
-.PP
-\fB\-r\fR, \fB\-\-remove\fR <parameter_name>
-.br
- removes a parameter from URLs
-.PP
-\fB\-m\fR, \fB\-\-module\fR <module>
-.br
- use a predefined set of scan/attack options:
-.br
- GET_ALL: only use GET request (no POST)
-.br
- GET_XSS: only XSS attacks with HTTP GET method
-.br
- POST_XSS: only XSS attacks with HTTP POST method
-.PP
-\fB\-u\fR, \fB\-\-underline\fR
-.br
- use color to highlight vulnerable parameters in output
-.PP
-\fB\-v\fR, \fB\-\-verbose\fR <level>
-.br
- set the verbosity level:
-.br
- 0: quiet (default),
-.br
- 1: print each url,
-.br
- 2: print every attack
-.PP
-\fB\-h\fR, \fB\-\-help\fR
-.br
- print help page
-.SH EFFICIENCY
-Wapiti is developed in Python and use a library called lswww. This web spider library does the most of the work. Unfortunately, the html parsers module within python only works with well formed html pages so lswww fails to extract information from bad-coded webpages. Tidy can clean these webpages on the fly for us so lswww will give pretty good results. In order to make Wapiti far more efficient, you should:
-.PP
- apt-get install python-utidylib python-ctypes
-.SH AUTHOR
-.PP
- Copyright (C) 2006-2007 Nicolas Surribas <nicolas.surribas at gmail.com>
-.PP
- Manpage created by Thomas Bl\[:a]sing <thomasbl at pool.math.tu-berlin.de>
Modified: packages/wapiti/trunk/debian/wapiti.manpages
===================================================================
--- packages/wapiti/trunk/debian/wapiti.manpages 2012-04-08 16:18:39 UTC (rev 8443)
+++ packages/wapiti/trunk/debian/wapiti.manpages 2012-04-08 16:28:09 UTC (rev 8444)
@@ -1 +1 @@
-debian/wapiti.1
+doc/wapiti.1
More information about the Python-apps-commits
mailing list