From owner-freebsd-ports-bugs@FreeBSD.ORG Wed Oct 3 15:10:02 2007 Return-Path: Delivered-To: freebsd-ports-bugs@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 8344616A418 for ; Wed, 3 Oct 2007 15:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 6DB8A13C4AA for ; Wed, 3 Oct 2007 15:10:02 +0000 (UTC) (envelope-from gnats@FreeBSD.org) Received: from freefall.freebsd.org (gnats@localhost [127.0.0.1]) by freefall.freebsd.org (8.14.1/8.14.1) with ESMTP id l93FA29a064119 for ; Wed, 3 Oct 2007 15:10:02 GMT (envelope-from gnats@freefall.freebsd.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.1/8.14.1/Submit) id l93FA2ng064118; Wed, 3 Oct 2007 15:10:02 GMT (envelope-from gnats) Resent-Date: Wed, 3 Oct 2007 15:10:02 GMT Resent-Message-Id: <200710031510.l93FA2ng064118@freefall.freebsd.org> Resent-From: FreeBSD-gnats-submit@FreeBSD.org (GNATS Filer) Resent-To: freebsd-ports-bugs@FreeBSD.org Resent-Reply-To: FreeBSD-gnats-submit@FreeBSD.org, Philippe Audeoud Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id BF28A16A419 for ; Wed, 3 Oct 2007 15:08:37 +0000 (UTC) (envelope-from jadawin@huppa.tuxaco.net) Received: from huppa.tuxaco.net (huppa.tuxaco.net [91.121.19.193]) by mx1.freebsd.org (Postfix) with ESMTP id 9435A13C468 for ; Wed, 3 Oct 2007 15:08:37 +0000 (UTC) (envelope-from jadawin@huppa.tuxaco.net) Received: from localhost (unknown [127.0.0.1]) by huppa.tuxaco.net (Postfix) with ESMTP id 461BAE342 for ; Wed, 3 Oct 2007 17:09:25 +0200 (CEST) Received: from huppa.tuxaco.net ([127.0.0.1]) by localhost (huppa.tuxaco.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sr9gp3aQhce1 for ; Wed, 3 Oct 2007 17:09:20 +0200 (CEST) Received: by huppa.tuxaco.net (Postfix, from userid 1001) id 23E1AE1AB; Wed, 3 Oct 2007 17:09:20 +0200 (CEST) Message-Id: <20071003150920.23E1AE1AB@huppa.tuxaco.net> Date: Wed, 3 Oct 2007 17:09:20 +0200 (CEST) From: Philippe Audeoud To: FreeBSD-gnats-submit@FreeBSD.org X-Send-Pr-Version: 3.113 Cc: Subject: ports/116873: New Port: security/wapiti - a tool to audit your web applications X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list Reply-To: Philippe Audeoud List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Oct 2007 15:10:02 -0000 >Number: 116873 >Category: ports >Synopsis: New Port: security/wapiti - a tool to audit your web applications >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Oct 03 15:10:01 GMT 2007 >Closed-Date: >Last-Modified: >Originator: Philippe Audeoud >Release: FreeBSD 6.2-RELEASE i386 >Organization: >Environment: System: FreeBSD huppa.tuxaco.net 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Tue Mar 20 16:05:42 CET 2007 root@:/usr/obj/usr/src/sys/GENERIC i386 >Description: Wapiti allows you to audit the security of your web applications. It's written in Python and acts like a fuzzer. It can inject data, too. >How-To-Repeat: >Fix: --- shar-wapiti-1.sh begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # wapiti/ # wapiti/Makefile # wapiti/distinfo # wapiti/pkg-descr # echo c - wapiti/ mkdir -p wapiti/ > /dev/null 2>&1 echo x - wapiti/Makefile sed 's/^X//' >wapiti/Makefile << 'END-of-wapiti/Makefile' X# New ports collection makefile for: wapiti X# Date created: 3 October 2007 X# Whom: Philippe Audeoud X# $FreeBSD$ X XPORTNAME= wapiti XPORTVERSION= 1.1.6 XCATEGORIES= security XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE_EXTENDED} XMASTER_SITE_SUBDIR= wapiti X XMAINTAINER= jadawin@tuxaco.net XCOMMENT= Wapiti is a vulnerability scanner for web applications X XRUN_DEPENDS= ${PYTHON_SITELIBDIR}/tidy:${PORTSDIR}/www/py-utidy X XUSE_PYTHON= 2.3+ XNO_BUILD= yes XPORTDOCS= README X XPLIST_FILES= bin/wapiti.py \ X bin/lswww.py \ X bin/getcookie.py \ X bin/cookie.py \ X bin/BeautifulSoup.py X Xdo-install: X.for i in wapiti.py lswww.py getcookie.py cookie.py BeautifulSoup.py X ${INSTALL_SCRIPT} ${WRKSRC}/${i} ${PREFIX}/bin/ X.endfor X.if !defined(NOPORTDOCS) X ${MKDIR} ${DOCSDIR} X ${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR} X.endif X X.include END-of-wapiti/Makefile echo x - wapiti/distinfo sed 's/^X//' >wapiti/distinfo << 'END-of-wapiti/distinfo' XMD5 (wapiti-1.1.6.tar.gz) = 8b6067b64c16b575da43aa2dbfaeea23 XSHA256 (wapiti-1.1.6.tar.gz) = cb9fb6b969d01e84e953235f7e7554fee62916aaf3215a1abd4455a0efecbaed XSIZE (wapiti-1.1.6.tar.gz) = 51200 END-of-wapiti/distinfo echo x - wapiti/pkg-descr sed 's/^X//' >wapiti/pkg-descr << 'END-of-wapiti/pkg-descr' XWapiti allows you to audit the security of your web applications. XIt performs "black-box" scans, i.e. it does not study the source code of Xthe application but will scans the webpages of the deployed webapp, Xlooking for scripts and forms where it can inject data. XOnce it gets this list, Wapiti acts like a fuzzer, injecting payloads to Xsee if a script is vulnerable. X XWWW: http://wapiti.sourceforge.net/ END-of-wapiti/pkg-descr exit --- shar-wapiti-1.sh ends here --- >Release-Note: >Audit-Trail: >Unformatted: