[Python-modules-commits] r5179 - in packages/wapiti/trunk (13 files)
thomasbl-guest at users.alioth.debian.org
thomasbl-guest at users.alioth.debian.org
Mon Apr 28 18:08:15 UTC 2008
Date: Monday, April 28, 2008 @ 18:08:13
Author: thomasbl-guest
Revision: 5179
[svn-inject] Applying Debian modifications to trunk
Added:
packages/wapiti/trunk/debian/
packages/wapiti/trunk/debian/README.debian
packages/wapiti/trunk/debian/changelog
packages/wapiti/trunk/debian/compat
packages/wapiti/trunk/debian/control
packages/wapiti/trunk/debian/copyright
packages/wapiti/trunk/debian/docs
packages/wapiti/trunk/debian/rules
packages/wapiti/trunk/debian/wapiti.1
packages/wapiti/trunk/debian/watch
packages/wapiti/trunk/setup.py
Modified:
packages/wapiti/trunk/lswww.py
packages/wapiti/trunk/wapiti.py
Property changes on: packages/wapiti/trunk/debian
___________________________________________________________________
Name: mergeWithUpstream
+ 1
Added: packages/wapiti/trunk/debian/README.debian
===================================================================
--- packages/wapiti/trunk/debian/README.debian (rev 0)
+++ packages/wapiti/trunk/debian/README.debian 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,8 @@
+wapiti for debian
+-----------------
+ - Added setup.py for installing it all into the right dirs.
+ - Modified source so that you can see the packages directly which
+ want to be installed for wapiti.
+ ( python-utidylib, python-ctypes )
+
+-- Thomas Bläsing <thomasbl at pool.math.tu-berlin.de>
Added: packages/wapiti/trunk/debian/changelog
===================================================================
--- packages/wapiti/trunk/debian/changelog (rev 0)
+++ packages/wapiti/trunk/debian/changelog 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,21 @@
+wapiti (1.1.6-3) unstable; urgency=low
+
+ * Closes: #477034 (thanks to Kumar Appaiah <akumar at ee.iitm.ac.in>)
+ * watch-file added
+
+ -- Thomas Bläsing <thomasbl at pool.math.tu-berlin.de> MSt, 26 Apr 2008 12:04:20 +0000
+
+wapiti (1.1.6-2) unstable; urgency=low
+
+ * changed description ( Closes: #434804 )
+ * modified man-page.
+ * debianized warning output, if python-utidylib and python-ctypes are not installed.
+
+ -- Thomas Bläsing <thomasbl at pool.math.tu-berlin.de> Mon, 30 Jul 2007 11:53:19 +0200
+
+wapiti (1.1.6-1) unstable; urgency=low
+
+ * Initial release (Closes: #381418)
+
+ -- Thomas Bläsing <thomasbl at pool.math.tu-berlin.de> Thu, 28 Jun 2007 14:08:17 +0200
+
Added: packages/wapiti/trunk/debian/compat
===================================================================
--- packages/wapiti/trunk/debian/compat (rev 0)
+++ packages/wapiti/trunk/debian/compat 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1 @@
+5
Added: packages/wapiti/trunk/debian/control
===================================================================
--- packages/wapiti/trunk/debian/control (rev 0)
+++ packages/wapiti/trunk/debian/control 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,32 @@
+Source: wapiti
+Section: python
+XS-Python-Version: >= 2.4
+Priority: optional
+Maintainer: Thomas Bläsing <thomasbl at pool.math.tu-berlin.de>
+Uploaders: Debian Python Modules Team <python-modules-team at lists.alioth.debian.org>
+Build-Depends: python, python-central (>= 0.5), debhelper (>= 5.0.37.1)
+Standards-Version: 3.7.3
+Vcs-Svn: svn://svn.debian.org/python-modules/packages/wapiti
+Vcs-Browser: http://svn.debian.org/wsvn/python-modules/packages/wapiti/trunk/?op=log
+
+Package: wapiti
+Architecture: all
+Depends: ${python:Depends}
+Provides: ${python:Provides}
+Recommends: python-utidylib (>= 0.2), python-ctypes (>= 1.0.1)
+XB-Python-Version: ${python:Versions}
+Homepage: http://wapiti.sourceforge.net/
+Description: Web application vulnerability scanner
+ Wapiti allows you to audit the security of your web applications.
+ It performs "black-box" scans, i.e. it does not study the source code of the
+ application but will scans the webpages of the deployed webapp, looking for
+ scripts and forms where it can inject data.
+ Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see
+ if a script is vulnerable.
+ Wapiti can detect the following vulnerabilities:
+ - File Handling Errors (Local and remote include/require, fopen, ...)
+ - Database Injection (PHP/JSP/ASP SQL Injections and XPath Injections)
+ - XSS (Cross Site Scripting) Injection
+ - LDAP Injection
+ - Command Execution detection (eval(), system(), passtru()...)
+ - CRLF Injection (HTTP Response Splitting, session fixation...)
Added: packages/wapiti/trunk/debian/copyright
===================================================================
--- packages/wapiti/trunk/debian/copyright (rev 0)
+++ packages/wapiti/trunk/debian/copyright 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,28 @@
+This package was debianized by Thomas Bläsing <thomasbl at pool.math.tu-berlin.de> on
+Thu, 28 Jun 2007 14:08:17 +0200.
+
+It was downloaded from http://wapiti.sourceforge.net/
+
+Upstream Author:
+ Nicolas Surribas <nicolas.surribas at gmail.com>
+
+Copyright:
+ Copyright (C) 2006-2007 Nicolas Surribas
+
+License:
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; version 2 dated June, 1991.
+
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this package; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston,
+ MA 02110-1301, USA.
+
+The Debian packaging is (C) 2007, Thomas Bläsing <thomasbl at pool.math.tu-berlin.de> and
+is licensed under the GPL, see `/usr/share/common-licenses/GPL'.
Added: packages/wapiti/trunk/debian/docs
===================================================================
--- packages/wapiti/trunk/debian/docs (rev 0)
+++ packages/wapiti/trunk/debian/docs 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,2 @@
+AUTHORS
+README
Added: packages/wapiti/trunk/debian/rules
===================================================================
--- packages/wapiti/trunk/debian/rules (rev 0)
+++ packages/wapiti/trunk/debian/rules 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,46 @@
+#!/usr/bin/make -f
+
+build:
+
+clean:
+ dh_testdir
+ dh_testroot
+ dh_clean
+ rm -rf build/
+ find . -name "*.pyc" | xargs rm -f
+
+install:
+ dh_testdir
+ dh_testroot
+ dh_clean -k
+ dh_installdirs
+
+ python setup.py install --no-compile --root=$(CURDIR)/debian/wapiti
+
+ mkdir -p $(CURDIR)/debian/wapiti/usr/bin
+ cp wapiti.py $(CURDIR)/debian/wapiti/usr/bin/wapiti
+ chmod +x $(CURDIR)/debian/wapiti/usr/bin/wapiti
+
+ # for lintian to solve the hybrid problem
+ chmod +x $(CURDIR)/debian/wapiti/usr/lib/`pyversions -d`/site-packages/*.py
+ #rm -f $(CURDIR)/debian/wapiti/usr/lib/python2.4/site-packages/*.egg-info
+
+binary-indep: install
+ dh_testdir
+ dh_testroot
+ dh_pycentral
+ dh_installchangelogs ChangeLog_Wapiti
+ dh_installman debian/wapiti.1
+ dh_installdocs
+ dh_link
+ dh_compress
+ dh_fixperms
+ dh_installdeb
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+
+binary-arch:
+
+binary: binary-indep
+.PHONY: build clean binary-indep binary install
Property changes on: packages/wapiti/trunk/debian/rules
___________________________________________________________________
Name: svn:executable
+ *
Added: packages/wapiti/trunk/debian/wapiti.1
===================================================================
--- packages/wapiti/trunk/debian/wapiti.1 (rev 0)
+++ packages/wapiti/trunk/debian/wapiti.1 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,78 @@
+.TH WAPITI "1" "July 2007" "http://wapiti.sourceforge.net/" "User Commands"
+.SH NAME
+wapiti \- a web application vulnerability scanner.
+.SH SYNOPSIS
+.B wapiti
+\fIhttp://server.com/base/url/ \fR[\fIoptions\fR]
+.SH DESCRIPTION
+Wapiti allows you to audit the security of your web applications.
+.br
+It performs "black-box" scans, i.e. it does not study the source code of the application but will scans the webpages of the deployed webapp, looking for scripts and forms where it can inject data. Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if a script is vulnerable.
+.SH OPTIONS
+.PP
+\fB\-s\fR, \fB\-\-start\fR <url>
+.br
+ specify an url to start with.
+.PP
+\fB\-x\fR, \fB\-\-exclude\fR <url>
+.br
+ exclude an url from the scan (for example logout scripts) you can also use a wildcard (*):
+.br
+ Example : \fB\-x\fR "http://server/base/?page=*&module=test" or \fB\-x\fR "http://server/base/admin/*" to exclude a directory
+.PP
+\fB\-p\fR, \fB\-\-proxy\fR <url_proxy>
+.br
+ specify a proxy (\fB\-p\fR http://proxy:port/)
+.PP
+\fB\-c\fR, \fB\-\-cookie\fR <cookie_file>
+.br
+ use a cookie
+.PP
+\fB\-t\fR, \fB\-\-timeout\fR <timeout>
+.br
+ set the timeout (in seconds)
+.PP
+\fB\-a\fR, \fB\-\-auth\fR <login%password>
+.br
+ set credentials (for HTTP authentication) doesn't work with Python 2.4
+.PP
+\fB\-r\fR, \fB\-\-remove\fR <parameter_name>
+.br
+ removes a parameter from URLs
+.PP
+\fB\-m\fR, \fB\-\-module\fR <module>
+.br
+ use a predefined set of scan/attack options:
+.br
+ GET_ALL: only use GET request (no POST)
+.br
+ GET_XSS: only XSS attacks with HTTP GET method
+.br
+ POST_XSS: only XSS attacks with HTTP POST method
+.PP
+\fB\-u\fR, \fB\-\-underline\fR
+.br
+ use color to highlight vulnerable parameters in output
+.PP
+\fB\-v\fR, \fB\-\-verbose\fR <level>
+.br
+ set the verbosity level:
+.br
+ 0: quiet (default),
+.br
+ 1: print each url,
+.br
+ 2: print every attack
+.PP
+\fB\-h\fR, \fB\-\-help\fR
+.br
+ print help page
+.SH EFFICIENCY
+Wapiti is developed in python and use a library I made called lswww. This web spider library does the most of the work. Unfortunately, the html parsers module within python only works with well formated html pages so lswww fails to extract informations from bad-coded webpages. Tidy can clean these webpages on the fly for us so lswww will give pretty good results. In order to make Wapiti far more efficient, you should:
+.PP
+ apt-get install python-utidylib python-ctypes
+.SH AUTHOR
+.PP
+ Copyright (C) 2006-2007 Nicolas Surribas <nicolas.surribas at gmail.com>
+.PP
+ Manpage created by Thomas Bl\[:a]sing <thomasbl at pool.math.tu-berlin.de>
Added: packages/wapiti/trunk/debian/watch
===================================================================
--- packages/wapiti/trunk/debian/watch (rev 0)
+++ packages/wapiti/trunk/debian/watch 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,2 @@
+version=2
+http://sf.net/wapiti/wapiti-(.+)\.tar\.gz
Modified: packages/wapiti/trunk/lswww.py
===================================================================
--- packages/wapiti/trunk/lswww.py 2008-04-28 18:08:05 UTC (rev 5178)
+++ packages/wapiti/trunk/lswww.py 2008-04-28 18:08:13 UTC (rev 5179)
@@ -31,9 +31,11 @@
import tidy
except ImportError:
print "lswww will be far less effective without tidy"
- print "please install libtidy ( http://tidy.sourceforge.net/ ),"
- print "ctypes ( http://starship.python.net/crew/theller/ctypes/ )"
- print "and uTidylib ( http://utidylib.berlios.de/ )"
+# print "please install libtidy ( http://tidy.sourceforge.net/ ),"
+# print "ctypes ( http://starship.python.net/crew/theller/ctypes/ )"
+# print "and uTidylib ( http://utidylib.berlios.de/ )"
+ print "please install libtidy and ctypes:"
+ print "\tapt-get install python-utidylib python-ctypes"
tidyhere=0
else:
tidyhere=1
Added: packages/wapiti/trunk/setup.py
===================================================================
--- packages/wapiti/trunk/setup.py (rev 0)
+++ packages/wapiti/trunk/setup.py 2008-04-28 18:08:13 UTC (rev 5179)
@@ -0,0 +1,14 @@
+#!/usr/bin/env python
+
+from distutils.core import setup
+
+setup(
+ name='wapiti',
+ py_modules=['cookie', 'getcookie', 'lswww'],
+ version='1.1.6',
+ description='Web application vulnerability scanner',
+ author='Nicolas Surribas',
+ author_email='nicolas.surribas at gmail.com',
+ url='http://wapiti.sourceforge.net/'
+
+ )
Modified: packages/wapiti/trunk/wapiti.py
===================================================================
--- packages/wapiti/trunk/wapiti.py 2008-04-28 18:08:05 UTC (rev 5178)
+++ packages/wapiti/trunk/wapiti.py 2008-04-28 18:08:13 UTC (rev 5179)
@@ -30,7 +30,7 @@
"""
Wapiti-1.1.6 - A web application vulnerability scanner
-Usage: python wapiti.py http://server.com/base/url/ [options]
+Usage: wapiti http://server.com/base/url/ [options]
Supported options are:
-s <url>
More information about the Python-modules-commits
mailing list