[Python-apps-commits] r8447 - in packages/wapiti/trunk/debian (6 files)
adejong at users.alioth.debian.org
adejong at users.alioth.debian.org
Sun Apr 8 19:24:21 UTC 2012
Date: Sunday, April 8, 2012 @ 19:24:17
Author: adejong
Revision: 8447
* Save output to a scans directory in the current directory.
* Disable the built-in Nikto plugin because of licensing issues of the
used database file.
* Install a README.Debian that explains the differences from upstream.
Added:
packages/wapiti/trunk/debian/README.Debian
packages/wapiti/trunk/debian/patches/allow-local-nikto-db.patch
packages/wapiti/trunk/debian/patches/disable-nikto-download.patch
packages/wapiti/trunk/debian/patches/use-local-scans-dir.patch
Modified:
packages/wapiti/trunk/debian/changelog
packages/wapiti/trunk/debian/patches/series
Added: packages/wapiti/trunk/debian/README.Debian
===================================================================
--- packages/wapiti/trunk/debian/README.Debian (rev 0)
+++ packages/wapiti/trunk/debian/README.Debian 2012-04-08 19:24:17 UTC (rev 8447)
@@ -0,0 +1,18 @@
+This package differs from upstream in the following ways:
+
+ - It saves the result of scans in a scans folder in the current working
+ directory.
+ - It provides wapiti, wapiti-lswww and wapiti-getcookie commands to perform
+ the needed actions.
+ - The Nikto plugin is disabled by default because the database file used
+ contains a notice that forbids use of the file with anything other than
+ the full Nikto package without written permission. Users that have
+ received permission from the distributor of the database can install
+ the db_tests file in /usr/share/wapiti/config/attacks/nikto_db. If you
+ have the nikto package installed this can be done with:
+ ln -s /var/lib/nikto/plugins/db_tests /usr/share/wapiti/config/attacks/nikto_db
+
+Due to a limitation in which the reports are generated the reports are
+not opened correctly when opening in Chromium.
+
+See the file example.txt for example usage information.
Modified: packages/wapiti/trunk/debian/changelog
===================================================================
--- packages/wapiti/trunk/debian/changelog 2012-04-08 17:58:53 UTC (rev 8446)
+++ packages/wapiti/trunk/debian/changelog 2012-04-08 19:24:17 UTC (rev 8447)
@@ -9,9 +9,12 @@
json.js from the upstream tarball.
* Don't install bundled BeautifulSoup and httplib2 and instead use the
system ones.
+ * Disable the built-in Nikto plugin because of licensing issues of the
+ used database file.
+ * Install a README.Debian that explains the differences from upstream.
* Update debian/watch file.
- -- Arthur de Jong <adejong at debian.org> Sun, 08 Apr 2012 19:58:30 +0200
+ -- Arthur de Jong <adejong at debian.org> Sun, 08 Apr 2012 21:20:22 +0200
wapiti (1.1.6-4) unstable; urgency=low
Added: packages/wapiti/trunk/debian/patches/allow-local-nikto-db.patch
===================================================================
--- packages/wapiti/trunk/debian/patches/allow-local-nikto-db.patch (rev 0)
+++ packages/wapiti/trunk/debian/patches/allow-local-nikto-db.patch 2012-04-08 19:24:17 UTC (rev 8447)
@@ -0,0 +1,32 @@
+Description: Save and load the local Nikto database in Nikto format.
+Author: Arthur de Jong <adejong at debian.org>
+
+--- a/src/attack/mod_nikto.py
++++ b/src/attack/mod_nikto.py
+@@ -22,9 +22,10 @@
+
+ def __init__(self, HTTP, xmlRepGenerator):
+ Attack.__init__(self, HTTP, xmlRepGenerator)
++ csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\")
+ try:
+ fd = open(self.CONFIG_DIR + "/" + self.CONFIG_FILE)
+- reader = csv.reader(fd)
++ reader = csv.reader(fd, "nikto")
+ self.nikto_db = [l for l in reader if l!=[] and l[0].isdigit()]
+ fd.close()
+ except IOError:
+@@ -36,13 +37,12 @@
+ print _("Problem with local nikto database.")
+ print _("Downloading from the web...")
+ page = urllib2.urlopen("http://cirt.net/nikto/UPDATES/2.1.0/db_tests")
+- csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\")
+ reader = csv.reader(page, "nikto")
+ self.nikto_db = [l for l in reader if l!=[] and l[0].isdigit()]
+ page.close()
+
+ fd = open(self.CONFIG_DIR + "/" + self.CONFIG_FILE, "w")
+- writer = csv.writer(fd)
++ writer = csv.writer(fd, "nikto")
+ writer.writerows(self.nikto_db)
+ fd.close()
+ except socket.timeout:
Added: packages/wapiti/trunk/debian/patches/disable-nikto-download.patch
===================================================================
--- packages/wapiti/trunk/debian/patches/disable-nikto-download.patch (rev 0)
+++ packages/wapiti/trunk/debian/patches/disable-nikto-download.patch 2012-04-08 19:24:17 UTC (rev 8447)
@@ -0,0 +1,21 @@
+Description: Disable downloading of Nikto database.
+ The Nikto database contains a notice that forbids use of the file with
+ anything other than the full Nikto package. Also, downloading at run-time
+ would cause problems with writing the file because the config directory
+ isn't writeable.
+Author: Arthur de Jong <adejong at debian.org>
+Forwarded: not-needed
+
+--- a/src/attack/mod_nikto.py
++++ b/src/attack/mod_nikto.py
+@@ -28,6 +28,10 @@
+ self.nikto_db = [l for l in reader if l!=[] and l[0].isdigit()]
+ fd.close()
+ except IOError:
++ # Disable downloading of Nikto database because the license of the file
++ # forbids it.
++ self.nikto_db = []
++ return
+ try:
+ print _("Problem with local nikto database.")
+ print _("Downloading from the web...")
Modified: packages/wapiti/trunk/debian/patches/series
===================================================================
--- packages/wapiti/trunk/debian/patches/series 2012-04-08 17:58:53 UTC (rev 8446)
+++ packages/wapiti/trunk/debian/patches/series 2012-04-08 19:24:17 UTC (rev 8447)
@@ -2,3 +2,6 @@
fix-man-page.patch
use-global-beautifulsoup.patch
use-global-httplib2.patch
+use-local-scans-dir.patch
+disable-nikto-download.patch
+allow-local-nikto-db.patch
Added: packages/wapiti/trunk/debian/patches/use-local-scans-dir.patch
===================================================================
--- packages/wapiti/trunk/debian/patches/use-local-scans-dir.patch (rev 0)
+++ packages/wapiti/trunk/debian/patches/use-local-scans-dir.patch 2012-04-08 19:24:17 UTC (rev 8447)
@@ -0,0 +1,32 @@
+Description: Save scan results in a scans directory in the local directory.
+Author: Arhur de Jong <adejong at debian.org>
+Forwarded: not-needed
+
+--- a/src/net/crawlerpersister.py
++++ b/src/net/crawlerpersister.py
+@@ -9,8 +9,10 @@
+ """
+
+ CRAWLER_DATA_DIR_NAME = "scans"
+- BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__),'../..'))
++ BASE_DIR = os.getcwd()
+ CRAWLER_DATA_DIR = BASE_DIR+"/"+CRAWLER_DATA_DIR_NAME
++ if not os.path.exists(CRAWLER_DATA_DIR):
++ os.makedirs(CRAWLER_DATA_DIR)
+
+ ROOT_URL = "rootURL"
+ TO_BROWSE = "toBrowse"
+--- a/src/wapiti.py
++++ b/src/wapiti.py
+@@ -160,10 +160,7 @@
+ self.reportGen = TXTReportGenerator()
+ else: #default
+ self.reportGen = XMLReportGenerator()
+- if "__file__" in dir():
+- BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__), '..'))
+- else:
+- BASE_DIR = os.getcwd()
++ BASE_DIR = '/usr/share/wapiti'
+ xmlParser = VulnerabilityXMLParser()
+ xmlParser.parse(BASE_DIR + "/config/vulnerabilities/vulnerabilities.xml")
+ for vul in xmlParser.getVulnerabilities():
More information about the Python-apps-commits
mailing list