[Python-apps-commits] r8447 - in packages/wapiti/trunk/debian (6 files)

adejong at users.alioth.debian.org adejong at users.alioth.debian.org
Sun Apr 8 19:24:21 UTC 2012 

    Date: Sunday, April 8, 2012 @ 19:24:17
  Author: adejong
Revision: 8447

  * Save output to a scans directory in the current directory.
  * Disable the built-in Nikto plugin because of licensing issues of the
    used database file.
  * Install a README.Debian that explains the differences from upstream.

Added:
  packages/wapiti/trunk/debian/README.Debian
  packages/wapiti/trunk/debian/patches/allow-local-nikto-db.patch
  packages/wapiti/trunk/debian/patches/disable-nikto-download.patch
  packages/wapiti/trunk/debian/patches/use-local-scans-dir.patch
Modified:
  packages/wapiti/trunk/debian/changelog
  packages/wapiti/trunk/debian/patches/series

Added: packages/wapiti/trunk/debian/README.Debian
===================================================================
--- packages/wapiti/trunk/debian/README.Debian	                        (rev 0)
+++ packages/wapiti/trunk/debian/README.Debian	2012-04-08 19:24:17 UTC (rev 8447)
@@ -0,0 +1,18 @@
+This package differs from upstream in the following ways:
+
+ - It saves the result of scans in a scans folder in the current working
+   directory.
+ - It provides wapiti, wapiti-lswww and wapiti-getcookie commands to perform
+   the needed actions.
+ - The Nikto plugin is disabled by default because the database file used
+   contains a notice that forbids use of the file with anything other than
+   the full Nikto package without written permission. Users that have
+   received permission from the distributor of the database can install
+   the db_tests file in /usr/share/wapiti/config/attacks/nikto_db. If you
+   have the nikto package installed this can be done with:
+   ln -s /var/lib/nikto/plugins/db_tests /usr/share/wapiti/config/attacks/nikto_db
+
+Due to a limitation in which the reports are generated the reports are
+not opened correctly when opening in Chromium.
+
+See the file example.txt for example usage information.

Modified: packages/wapiti/trunk/debian/changelog
===================================================================
--- packages/wapiti/trunk/debian/changelog	2012-04-08 17:58:53 UTC (rev 8446)
+++ packages/wapiti/trunk/debian/changelog	2012-04-08 19:24:17 UTC (rev 8447)
@@ -9,9 +9,12 @@
     json.js from the upstream tarball.
   * Don't install bundled BeautifulSoup and httplib2 and instead use the
     system ones.
+  * Disable the built-in Nikto plugin because of licensing issues of the
+    used database file.
+  * Install a README.Debian that explains the differences from upstream.
   * Update debian/watch file.
 
- -- Arthur de Jong <adejong at debian.org>  Sun, 08 Apr 2012 19:58:30 +0200
+ -- Arthur de Jong <adejong at debian.org>  Sun, 08 Apr 2012 21:20:22 +0200
 
 wapiti (1.1.6-4) unstable; urgency=low
 

Added: packages/wapiti/trunk/debian/patches/allow-local-nikto-db.patch
===================================================================
--- packages/wapiti/trunk/debian/patches/allow-local-nikto-db.patch	                        (rev 0)
+++ packages/wapiti/trunk/debian/patches/allow-local-nikto-db.patch	2012-04-08 19:24:17 UTC (rev 8447)
@@ -0,0 +1,32 @@
+Description: Save and load the local Nikto database in Nikto format.
+Author: Arthur de Jong <adejong at debian.org>
+
+--- a/src/attack/mod_nikto.py
++++ b/src/attack/mod_nikto.py
+@@ -22,9 +22,10 @@
+ 
+   def __init__(self, HTTP, xmlRepGenerator):
+     Attack.__init__(self, HTTP, xmlRepGenerator)
++    csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\")
+     try:
+       fd = open(self.CONFIG_DIR + "/" + self.CONFIG_FILE)
+-      reader = csv.reader(fd)
++      reader = csv.reader(fd, "nikto")
+       self.nikto_db = [l for l in reader if l!=[] and l[0].isdigit()]
+       fd.close()
+     except IOError:
+@@ -36,13 +37,12 @@
+         print _("Problem with local nikto database.")
+         print _("Downloading from the web...")
+         page = urllib2.urlopen("http://cirt.net/nikto/UPDATES/2.1.0/db_tests")
+-        csv.register_dialect("nikto", quoting=csv.QUOTE_ALL, doublequote=False, escapechar="\\")
+         reader = csv.reader(page, "nikto")
+         self.nikto_db = [l for l in reader if l!=[] and l[0].isdigit()]
+         page.close()
+ 
+         fd = open(self.CONFIG_DIR + "/" + self.CONFIG_FILE, "w")
+-        writer = csv.writer(fd)
++        writer = csv.writer(fd, "nikto")
+         writer.writerows(self.nikto_db)
+         fd.close()
+       except socket.timeout:

Added: packages/wapiti/trunk/debian/patches/disable-nikto-download.patch
===================================================================
--- packages/wapiti/trunk/debian/patches/disable-nikto-download.patch	                        (rev 0)
+++ packages/wapiti/trunk/debian/patches/disable-nikto-download.patch	2012-04-08 19:24:17 UTC (rev 8447)
@@ -0,0 +1,21 @@
+Description: Disable downloading of Nikto database.
+ The Nikto database contains a notice that forbids use of the file with
+ anything other than the full Nikto package. Also, downloading at run-time
+ would cause problems with writing the file because the config directory
+ isn't writeable.
+Author: Arthur de Jong <adejong at debian.org>
+Forwarded: not-needed
+
+--- a/src/attack/mod_nikto.py
++++ b/src/attack/mod_nikto.py
+@@ -28,6 +28,10 @@
+       self.nikto_db = [l for l in reader if l!=[] and l[0].isdigit()]
+       fd.close()
+     except IOError:
++      # Disable downloading of Nikto database because the license of the file
++      # forbids it.
++      self.nikto_db = []
++      return
+       try:
+         print _("Problem with local nikto database.")
+         print _("Downloading from the web...")

Modified: packages/wapiti/trunk/debian/patches/series
===================================================================
--- packages/wapiti/trunk/debian/patches/series	2012-04-08 17:58:53 UTC (rev 8446)
+++ packages/wapiti/trunk/debian/patches/series	2012-04-08 19:24:17 UTC (rev 8447)
@@ -2,3 +2,6 @@
 fix-man-page.patch
 use-global-beautifulsoup.patch
 use-global-httplib2.patch
+use-local-scans-dir.patch
+disable-nikto-download.patch
+allow-local-nikto-db.patch

Added: packages/wapiti/trunk/debian/patches/use-local-scans-dir.patch
===================================================================
--- packages/wapiti/trunk/debian/patches/use-local-scans-dir.patch	                        (rev 0)
+++ packages/wapiti/trunk/debian/patches/use-local-scans-dir.patch	2012-04-08 19:24:17 UTC (rev 8447)
@@ -0,0 +1,32 @@
+Description: Save scan results in a scans directory in the local directory.
+Author: Arhur de Jong <adejong at debian.org>
+Forwarded: not-needed
+
+--- a/src/net/crawlerpersister.py
++++ b/src/net/crawlerpersister.py
+@@ -9,8 +9,10 @@
+   """
+ 
+   CRAWLER_DATA_DIR_NAME = "scans"
+-  BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__),'../..'))
++  BASE_DIR = os.getcwd()
+   CRAWLER_DATA_DIR = BASE_DIR+"/"+CRAWLER_DATA_DIR_NAME
++  if not os.path.exists(CRAWLER_DATA_DIR):
++    os.makedirs(CRAWLER_DATA_DIR)
+ 
+   ROOT_URL = "rootURL"
+   TO_BROWSE = "toBrowse"
+--- a/src/wapiti.py
++++ b/src/wapiti.py
+@@ -160,10 +160,7 @@
+         self.reportGen = TXTReportGenerator()
+     else: #default
+         self.reportGen = XMLReportGenerator()
+-    if "__file__" in dir():
+-      BASE_DIR = os.path.normpath(os.path.join(os.path.abspath(__file__), '..'))
+-    else:
+-      BASE_DIR = os.getcwd()
++    BASE_DIR = '/usr/share/wapiti'
+     xmlParser = VulnerabilityXMLParser()
+     xmlParser.parse(BASE_DIR + "/config/vulnerabilities/vulnerabilities.xml")
+     for vul in xmlParser.getVulnerabilities():

More information about the Python-apps-commits mailing list