Date: Wed, 08 Nov 2006 17:04:50 +0200 From: Jonathan <afarsec@012.net.il> To: FreeBSD-gnats-submit@FreeBSD.org Subject: ports/105291: New port: security/pantera - web site penetration testing suite Message-ID: <0J8F002HU49NQXD0@i_mtaout4.012.net.il> Resent-Message-ID: <200611081610.kA8GAQiA022123@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 105291 >Category: ports >Synopsis: New port: security/pantera - web site penetration testing suite >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Wed Nov 08 16:10:26 GMT 2006 >Closed-Date: >Last-Modified: >Originator: Yonatan >Release: FreeBSD 6.1-STABLE i386 >Organization: Afarsec >Environment: System: FreeBSD server.afarsec.com 6.1-STABLE FreeBSD 6.1-STABLE #0: Sat Jun 3 15:27:37 IDT 2006 root@server.afarsec.com:/usr/obj/usr/src/sys/GENERIC-ALTQ i386 >Description: New penetration testing suite, based on security/spike-proxy. At last, I sat down and coded something in sh that will help all those poor "but we need to drop the scheme into the database" ports (off the top of my head - ACID, which was replaces by BASE, and any number of PHP based CMS, blog engines, etc). Feel free to make this script prettyer. It is named pantera-install.sh . pantera.sh, otoh, is a small hack, like in spike-proxy, that goes to the pantera directory before running, or some of the "includes" will fail. If you feel like fixing it in the code, go ahead. I chose to depend on mysql51 arbitrarily. 5.0 is the documented requirement. Works for me. >How-To-Repeat: N/A >Fix: Sponsored by Afarsec. --- pantera.shar begins here --- # This is a shell archive. Save it in a file, remove anything before # this line, and then unpack it by entering "sh file". Note, it may # create directories; files and directories will be owned by you and # have default permissions. # # This archive contains: # # . # ./Makefile # ./distinfo # ./pkg-descr # ./scripts # ./scripts/pantera.sh # ./scripts/pantera-install.sh # ./pkg-plist # ./pkg-message # echo c - . mkdir -p . > /dev/null 2>&1 echo x - ./Makefile sed 's/^X//' >./Makefile << 'END-of-./Makefile' X# Ports collection makefile for: pantera X# Date created: 8 Nov 2006 X# Whom: Yonatan <onatan@gmail.com> X# X# $FreeBSD$ X# X XPORTNAME= pantera XPORTVERSION= 0.1.1 XCATEGORIES= security XMASTER_SITES= ${MASTER_SITE_SOURCEFORGE} XMASTER_SITE_SUBDIR= owasp XDISTNAME= Pantera_Release_${PORTVERSION} X XMAINTAINER= onatan@gmail.com XCOMMENT= Web Application Penetration Testing Suite X XBUILD_DEPENDS= ${PYTHON_SITELIBDIR}/OpenSSL/SSL.so:${PORTSDIR}/security/py-openssl \ X ${PYTHON_SITELIBDIR}/MySQLdb/connections.pyc:${PORTSDIR}/databases/py-MySQLdb-devel X X.if !defined(WITHOUT_MYSQL_SERVER) XBUILD_DEPENDS+= mysql:${PORTSDIR}/databases/mysql51-server X.endif X XWRKSRC= ${WRKDIR}/Pantera_Release XUSE_ZIP= yes XUSE_PYTHON= yes XNO_BUILD= yes X Xdo-install: X @${MKDIR} ${DATADIR} X ${CP} -Rp ${WRKSRC}/* ${DATADIR}/ X ${SED} "s|DATADIR|${DATADIR}|" ${SCRIPTDIR}/pantera.sh > ${PREFIX}/bin/pantera.sh X @${CHMOD} 755 ${PREFIX}/bin/pantera.sh X Xpost-install: X @${SED} "s|SCRIPTDIR|${SCRIPTDIR}|" ${PKGMESSAGE} X X.include <bsd.port.mk> END-of-./Makefile echo x - ./distinfo sed 's/^X//' >./distinfo << 'END-of-./distinfo' XMD5 (Pantera_Release_0.1.1.zip) = f6c29bb2d28ad6f0cbaab6d51bcd2b84 XSHA256 (Pantera_Release_0.1.1.zip) = 4a0ac77bade1656a9a9d02d1af9e01164ca9e35b450c16fff2c79678fc4c563a XSIZE (Pantera_Release_0.1.1.zip) = 1786718 END-of-./distinfo echo x - ./pkg-descr sed 's/^X//' >./pkg-descr << 'END-of-./pkg-descr' XOverview: XPantera uses an improved version of SpikeProxy to provide a powerful web Xapplication analysis engine. X XGoals: XThe primary goal of Pantera is to combine automated capabilities with complete Xmanual testing to get the best penetration testing results. X XWWW: http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project END-of-./pkg-descr echo c - ./scripts mkdir -p ./scripts > /dev/null 2>&1 echo x - ./scripts/pantera.sh sed 's/^X//' >./scripts/pantera.sh << 'END-of-./scripts/pantera.sh' X#!/bin/sh XDIR=`pwd` Xcd DATADIR Xpython pantera.py Xcd $DIR END-of-./scripts/pantera.sh echo x - ./scripts/pantera-install.sh sed 's/^X//' >./scripts/pantera-install.sh << 'END-of-./scripts/pantera-install.sh' X#!/bin/sh X# X# Pantera first time installation script. X# X# License (For this script only, not for Pantera): BSD. X# X# Bug reports & feature requests > onatan@gmail.com X# X# This script assumes the following: X# MySQL client and server are installed and useable. X# There is no Database named "pantera" (default name). X# User will take care of hardening database permissions after the installation X# is finished. X# X X# Feel free to change these, if you know what you're doing XDBNAME="pantera" XDBHOST="localhost" XDBUSER="root" XDBPASS="" X X Xecho "==> Checking that MySQL server is available:" X Xif [ -n "${DBPASS}" ]; then X PING=`mysqladmin -h ${DBHOST} -u ${DBUSER} -p=${DBPASS} ping` Xelse X PING=`mysqladmin -h ${DBHOST} -u ${DBUSER} ping` Xfi X Xif [ "mysqld is alive" != "${PING}" ]; then X echo "Cannot connect to MySQL with user 'root' and no password." X echo "Edit ${0} for different user and password." X exit 1 Xfi X X Xecho "==> Creating database schema named ${DBNAME}:" Xif [ -n "${DBPASS}" ]; then X mysqladmin -h ${DBHOST} -u ${DBUSER} -p=${DBPASS} create ${DBNAME} X CRTDB=$? Xelse X mysqladmin -h ${DBHOST} -u ${DBUSER} create ${DBNAME} X CRTDB=$? Xfi X Xif [ "0" -ne "${CRTDB}" ]; then X echo "Cannot create schema. Maybe it is already there." X echo "If you want to drop it, use:" X echo "mysqladmin drop ${DBNAME}" X echo "with the proper user-name and password." X exit 1 Xfi X X Xecho "==> Identifying Schema file:" X X# Hack to get DATADIR: XTMP1=`which pantera.sh` XTMP2=`grep "^cd /" ${TMP1}` XTMP3=`echo "${TMP2}" | sed "s/^cd //" ` X XDATADIR=$TMP3 XSCHEMA_FILE=${DATADIR}/doc/pantera_sql_create_script.txt Xif [ ! -r ${SCHEMA_FILE} ]; then X echo "Cannot identify schema file." X echo "I guessed it would be at:" X echo "${SCHEMA_FILE}" X echo "but it was not there, or not readable." X echo "If you know where it is, set SCHEMA_FILE variable manually." X exit 1 Xfi X X Xecho "==> Installing schema:" X Xif [ -n "${DBPASS}" ]; then X mysql -h ${DBHOST} -u ${DBUSER} -p=${DBPASS} ${DBNAME} < ${SCHEMA_FILE} X INSTSCHM=$? Xelse X mysql -h ${DBHOST} -u ${DBUSER} ${DBNAME} < ${SCHEMA_FILE} X INSTSCHM=$? Xfi X Xif [ "0" -ne "${INSTSCHM}" ]; then X echo "Cannot install schema." X echo "Very weird - we should have failed earlier." X exit 1 Xfi X X Xecho "==> All Done!" Xecho "If you made any changes to the user-name and password," Xecho "or plan to make these changes, update the panteracfg.xml file," Xecho "in ${DATADIR} ." Xecho "It would also be a good idea to create a database-user for pantera," Xecho "GRANT this users rights on the \"${DBNAME}\" database schema," Xecho "and set a password for this user. See MySQL Documentation at" Xecho "http://www.mysql.org/doc/ for more details." Xecho "To use Pantera, run \"pantera.sh\", and set the IP address of" Xecho "this machine, and port 8080, to your browsers proxy." END-of-./scripts/pantera-install.sh echo x - ./pkg-plist sed 's/^X//' >./pkg-plist << 'END-of-./pkg-plist' Xbin/pantera.sh X%%DATADIR%%/CA.cert X%%DATADIR%%/CA.pkey X%%DATADIR%%/CHANGELOG.txt X%%DATADIR%%/CREDITS.txt X%%DATADIR%%/INSTALL.txt X%%DATADIR%%/LICENSE.txt X%%DATADIR%%/TODO.txt X%%DATADIR%%/data/backupfilelist.xml X%%DATADIR%%/data/ext_types.xml X%%DATADIR%%/data/filerotlist.xml X%%DATADIR%%/data/invalihtmlext.xml X%%DATADIR%%/data/sensible_words.xml X%%DATADIR%%/data/sqlinjectlist.xml X%%DATADIR%%/doc/en/FAQ.html X%%DATADIR%%/doc/en/configfile.html X%%DATADIR%%/doc/en/features.html X%%DATADIR%%/doc/en/img/Thumbs.db X%%DATADIR%%/doc/en/img/body.jpg X%%DATADIR%%/doc/en/img/browser_setup.JPG X%%DATADIR%%/doc/en/img/browser_uri.JPG X%%DATADIR%%/doc/en/img/cache_mode.jpg X%%DATADIR%%/doc/en/img/cleaner.jpg X%%DATADIR%%/doc/en/img/data_miner_1.jpg X%%DATADIR%%/doc/en/img/data_miner_2.jpg X%%DATADIR%%/doc/en/img/domain_mng.JPG X%%DATADIR%%/doc/en/img/domain_mng_1.jpg X%%DATADIR%%/doc/en/img/edit_send.jpg X%%DATADIR%%/doc/en/img/high.png X%%DATADIR%%/doc/en/img/history.jpg X%%DATADIR%%/doc/en/img/http_editor.jpg X%%DATADIR%%/doc/en/img/http_editor_1.jpg X%%DATADIR%%/doc/en/img/http_editor_2.jpg X%%DATADIR%%/doc/en/img/icon_activex.png X%%DATADIR%%/doc/en/img/icon_authform.png X%%DATADIR%%/doc/en/img/icon_comment.png X%%DATADIR%%/doc/en/img/icon_cookie.png X%%DATADIR%%/doc/en/img/icon_email.png X%%DATADIR%%/doc/en/img/icon_form.png X%%DATADIR%%/doc/en/img/icon_hidden.png X%%DATADIR%%/doc/en/img/icon_postauth.png X%%DATADIR%%/doc/en/img/icon_querystr.png X%%DATADIR%%/doc/en/img/icon_script.png X%%DATADIR%%/doc/en/img/icon_session_id.gif X%%DATADIR%%/doc/en/img/icon_target.png X%%DATADIR%%/doc/en/img/info.png X%%DATADIR%%/doc/en/img/info_1.jpg X%%DATADIR%%/doc/en/img/info_2.jpg X%%DATADIR%%/doc/en/img/info_3.jpg X%%DATADIR%%/doc/en/img/lock_icon.png X%%DATADIR%%/doc/en/img/low.png X%%DATADIR%%/doc/en/img/med.png X%%DATADIR%%/doc/en/img/notes.jpg X%%DATADIR%%/doc/en/img/panther.gif X%%DATADIR%%/doc/en/img/ppa_summary.jpg X%%DATADIR%%/doc/en/img/project_mng.jpg X%%DATADIR%%/doc/en/img/project_mode.jpg X%%DATADIR%%/doc/en/img/safe.png X%%DATADIR%%/doc/en/img/session_trace.jpg X%%DATADIR%%/doc/en/img/snitch_1.jpg X%%DATADIR%%/doc/en/img/snitch_2.jpg X%%DATADIR%%/doc/en/img/stats.jpg X%%DATADIR%%/doc/en/img/url.png X%%DATADIR%%/doc/en/img/utils.jpg X%%DATADIR%%/doc/en/img/utils_1.jpg X%%DATADIR%%/doc/en/img/warp_menu.jpg X%%DATADIR%%/doc/en/index.html X%%DATADIR%%/doc/en/install.html X%%DATADIR%%/doc/en/modes.html X%%DATADIR%%/doc/en/overview.html X%%DATADIR%%/doc/en/ppa.html X%%DATADIR%%/doc/en/quick.html X%%DATADIR%%/doc/en/tipscheats.html X%%DATADIR%%/doc/en/ui_cleaner.html X%%DATADIR%%/doc/en/ui_close_project.html X%%DATADIR%%/doc/en/ui_config.html X%%DATADIR%%/doc/en/ui_data_miner.html X%%DATADIR%%/doc/en/ui_domain.html X%%DATADIR%%/doc/en/ui_error_console.html X%%DATADIR%%/doc/en/ui_history.html X%%DATADIR%%/doc/en/ui_history_body.html X%%DATADIR%%/doc/en/ui_history_delete.html X%%DATADIR%%/doc/en/ui_history_edit_send.html X%%DATADIR%%/doc/en/ui_history_info.html X%%DATADIR%%/doc/en/ui_history_notes.html X%%DATADIR%%/doc/en/ui_http_editor.html X%%DATADIR%%/doc/en/ui_interceptor.html X%%DATADIR%%/doc/en/ui_ppa.html X%%DATADIR%%/doc/en/ui_ppa_summary.html X%%DATADIR%%/doc/en/ui_project.html X%%DATADIR%%/doc/en/ui_project_notes.html X%%DATADIR%%/doc/en/ui_replacer.html X%%DATADIR%%/doc/en/ui_report.html X%%DATADIR%%/doc/en/ui_session_trace.html X%%DATADIR%%/doc/en/ui_session_trace_raw.html X%%DATADIR%%/doc/en/ui_site_tree.html X%%DATADIR%%/doc/en/ui_snitch.html X%%DATADIR%%/doc/en/ui_stats.html X%%DATADIR%%/doc/en/ui_supress.html X%%DATADIR%%/doc/en/ui_utils.html X%%DATADIR%%/doc/en/vri.html X%%DATADIR%%/doc/en/warp_menu.html X%%DATADIR%%/doc/pantera_sql_create_script.txt X%%DATADIR%%/doc/pantera_sql_delete_script.txt X%%DATADIR%%/doc/scripts_example/ppa/plugin_template.py X%%DATADIR%%/dtree.css X%%DATADIR%%/dtree.js X%%DATADIR%%/help/en/index.html X%%DATADIR%%/help/es/index.html X%%DATADIR%%/img/Thumbs.db X%%DATADIR%%/img/asc_order.png X%%DATADIR%%/img/back_button.gif X%%DATADIR%%/img/base.gif X%%DATADIR%%/img/cd.gif X%%DATADIR%%/img/delete_button.gif X%%DATADIR%%/img/desc_order.png X%%DATADIR%%/img/discussionitem_icon.png X%%DATADIR%%/img/down-red.gif X%%DATADIR%%/img/ed_category.png X%%DATADIR%%/img/ed_help.png X%%DATADIR%%/img/ed_hr.png X%%DATADIR%%/img/ed_link.png X%%DATADIR%%/img/ed_pagelink.png X%%DATADIR%%/img/ed_pages.png X%%DATADIR%%/img/ed_plugins.png X%%DATADIR%%/img/ed_preview.png X%%DATADIR%%/img/ed_redo.png X%%DATADIR%%/img/ed_save.png X%%DATADIR%%/img/ed_undo.png X%%DATADIR%%/img/edit_send_button.gif X%%DATADIR%%/img/empty.gif X%%DATADIR%%/img/empty_button.gif X%%DATADIR%%/img/file_icon.png X%%DATADIR%%/img/folder.gif X%%DATADIR%%/img/folderopen.gif X%%DATADIR%%/img/ftp.png X%%DATADIR%%/img/globe.gif X%%DATADIR%%/img/high.png X%%DATADIR%%/img/http.png X%%DATADIR%%/img/https.png X%%DATADIR%%/img/icon_activex.png X%%DATADIR%%/img/icon_apache.png X%%DATADIR%%/img/icon_auth.gif X%%DATADIR%%/img/icon_authform.png X%%DATADIR%%/img/icon_check.png X%%DATADIR%%/img/icon_check_highlighted.png X%%DATADIR%%/img/icon_comment.png X%%DATADIR%%/img/icon_comment_highlighted.png X%%DATADIR%%/img/icon_cookie.png X%%DATADIR%%/img/icon_dir.gif X%%DATADIR%%/img/icon_email.png X%%DATADIR%%/img/icon_email_highlighted.png X%%DATADIR%%/img/icon_form.png X%%DATADIR%%/img/icon_hidden.png X%%DATADIR%%/img/icon_iis.png X%%DATADIR%%/img/icon_postauth.png X%%DATADIR%%/img/icon_querystr.png X%%DATADIR%%/img/icon_script.png X%%DATADIR%%/img/icon_script_highlighted.png X%%DATADIR%%/img/icon_session_id.gif X%%DATADIR%%/img/icon_target.png X%%DATADIR%%/img/imgfolder.gif X%%DATADIR%%/img/info.png X%%DATADIR%%/img/info_button.gif X%%DATADIR%%/img/join.gif X%%DATADIR%%/img/joinbottom.gif X%%DATADIR%%/img/line.gif X%%DATADIR%%/img/lock_icon.png X%%DATADIR%%/img/low.png X%%DATADIR%%/img/med.png X%%DATADIR%%/img/minus.gif X%%DATADIR%%/img/minusbottom.gif X%%DATADIR%%/img/musicfolder.gif X%%DATADIR%%/img/no_body_button.gif X%%DATADIR%%/img/nolines_minus.gif X%%DATADIR%%/img/nolines_plus.gif X%%DATADIR%%/img/notes_button.gif X%%DATADIR%%/img/ok_button.gif X%%DATADIR%%/img/page.gif X%%DATADIR%%/img/page_body_button.gif X%%DATADIR%%/img/panther.gif X%%DATADIR%%/img/plus.gif X%%DATADIR%%/img/plusbottom.gif X%%DATADIR%%/img/question.gif X%%DATADIR%%/img/safe.png X%%DATADIR%%/img/snitch_button.gif X%%DATADIR%%/img/spider.gif X%%DATADIR%%/img/trash.gif X%%DATADIR%%/img/up-red.gif X%%DATADIR%%/img/url.png X%%DATADIR%%/js_menu_1.js X%%DATADIR%%/ntlm/U32.py X%%DATADIR%%/ntlm/U32.pyc X%%DATADIR%%/ntlm/basic_auth.py X%%DATADIR%%/ntlm/config.py X%%DATADIR%%/ntlm/config_affairs.py X%%DATADIR%%/ntlm/des.py X%%DATADIR%%/ntlm/des.pyc X%%DATADIR%%/ntlm/des.py~ X%%DATADIR%%/ntlm/des_c.py X%%DATADIR%%/ntlm/des_c.pyc X%%DATADIR%%/ntlm/des_data.py X%%DATADIR%%/ntlm/des_data.pyc X%%DATADIR%%/ntlm/http_header.py X%%DATADIR%%/ntlm/logger.py X%%DATADIR%%/ntlm/md4.py X%%DATADIR%%/ntlm/md4.pyc X%%DATADIR%%/ntlm/ntlm_auth.py X%%DATADIR%%/ntlm/ntlm_messages.py X%%DATADIR%%/ntlm/ntlm_messages.pyc X%%DATADIR%%/ntlm/ntlm_messages.py~ X%%DATADIR%%/ntlm/ntlm_procs.py X%%DATADIR%%/ntlm/ntlm_procs.pyc X%%DATADIR%%/ntlm/ntlm_procs.py~ X%%DATADIR%%/ntlm/ntlmutils.py X%%DATADIR%%/ntlm/ntlmutils.pyc X%%DATADIR%%/ntlm/proxy_client.py X%%DATADIR%%/ntlm/server.py X%%DATADIR%%/ntlm/www_client.py X%%DATADIR%%/pantera.css X%%DATADIR%%/pantera.py X%%DATADIR%%/panteraAnalyzer.py X%%DATADIR%%/panteraDB.py X%%DATADIR%%/panteraFile.py X%%DATADIR%%/panteraHTML.py X%%DATADIR%%/panteraLib.py X%%DATADIR%%/panteraPlugins.py X%%DATADIR%%/panteraSnitch.py X%%DATADIR%%/panteraUI.py X%%DATADIR%%/panteracfg.xml X%%DATADIR%%/panterautils.py X%%DATADIR%%/pdoc/Thumbs.db X%%DATADIR%%/pdoc/rfc2109.htm X%%DATADIR%%/plugins/example.py X%%DATADIR%%/plugins/misc.txt X%%DATADIR%%/ppa_plugins/check_for_auth.py X%%DATADIR%%/ppa_plugins/check_for_autocomplete.py X%%DATADIR%%/ppa_plugins/check_for_comments.py X%%DATADIR%%/ppa_plugins/check_for_cookies.py X%%DATADIR%%/ppa_plugins/check_for_fileupload.py X%%DATADIR%%/ppa_plugins/check_for_forms.py X%%DATADIR%%/ppa_plugins/check_for_hiddens.py X%%DATADIR%%/ppa_plugins/check_for_ipheader.py X%%DATADIR%%/ppa_plugins/check_for_links.py X%%DATADIR%%/ppa_plugins/check_for_mails.py X%%DATADIR%%/ppa_plugins/check_for_object.py X%%DATADIR%%/ppa_plugins/check_for_param_hunter.py X%%DATADIR%%/ppa_plugins/check_for_parameters.py X%%DATADIR%%/ppa_plugins/check_for_permamentcookie.py X%%DATADIR%%/ppa_plugins/check_for_scripts.py X%%DATADIR%%/ppa_plugins/check_for_securecookie.py X%%DATADIR%%/ppa_plugins/check_for_server.py X%%DATADIR%%/ppa_plugins/check_for_session_id.py X%%DATADIR%%/ppa_plugins/check_for_ssl.py X%%DATADIR%%/public_scripts.js X%%DATADIR%%/requestandresponse.py X%%DATADIR%%/runme.ba_ X%%DATADIR%%/server.cert X%%DATADIR%%/server.pkey X@dirrm %%DATADIR%%/PanteraData/http_editor_profiles X@dirrm %%DATADIR%%/PanteraData X@dirrm %%DATADIR%%/data X@dirrm %%DATADIR%%/doc/en/img X@dirrm %%DATADIR%%/doc/en X@dirrm %%DATADIR%%/doc/es X@dirrm %%DATADIR%%/doc/scripts_example/ppa X@dirrm %%DATADIR%%/doc/scripts_example X@dirrm %%DATADIR%%/doc X@dirrm %%DATADIR%%/help/en X@dirrm %%DATADIR%%/help/es X@dirrm %%DATADIR%%/help X@dirrm %%DATADIR%%/img X@dirrm %%DATADIR%%/ntlm X@dirrm %%DATADIR%%/pdoc X@dirrm %%DATADIR%%/plugins X@dirrm %%DATADIR%%/ppa_plugins X@dirrm %%DATADIR%% END-of-./pkg-plist echo x - ./pkg-message sed 's/^X//' >./pkg-message << 'END-of-./pkg-message' XIf this is the first time you use Pantera, and the first time you install XMySQL server, then this shell script can take care of the database installation Xfor you: XSCRIPTDIR/pantera-install.sh Xotherwise, read the script carefully to see what manual steps should be done. XToo, please note for the time being Pantera is not upgrade-safe: XNew versions on the port will surely destroy your configuration file X(panteracfg.xml) and likely will not have easy migration path to data already Xstored in the database. END-of-./pkg-message exit --- pantera.shar ends here --- >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?0J8F002HU49NQXD0>