Date: Sat, 06 Sep 2014 13:03:16 +0300 From: clutton <clutton@zoho.com> To: koobs@FreeBSD.org Cc: svn-ports-head@freebsd.org, svn-ports-all@freebsd.org, Carlo Strub <cs@FreeBSD.org>, ports-committers@freebsd.org Subject: Re: svn commit: r367404 - in head/security: . webshag webshag/files Message-ID: <1409997796.8237.11.camel@eva02> In-Reply-To: <540AD4A8.4050705@FreeBSD.org> References: <201409060746.s867kwJ4038485@svn.freebsd.org> <540AD4A8.4050705@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2014-09-06 at 19:32 +1000, Kubilay Kocak wrote: > On 6/09/2014 5:46 PM, Carlo Strub wrote: > > Author: cs > > Date: Sat Sep 6 07:46:57 2014 > > New Revision: 367404 > > URL: http://svnweb.freebsd.org/changeset/ports/367404 > > QAT: https://qat.redports.org/buildarchive/r367404/ > > > > Log: > > Webshag is a multi-threaded, multi-platform web server audit tool. Written in > > Python, it gathers commonly useful functionalities for web server auditing like > > website crawling, URL scanning or file fuzzing. > > > > WWW: http://www.scrt.ch/en/attack/downloads/webshag > > > > PR: ports/187676 > > Submitted by: clutton@zoho.com > > > > Added: > > head/security/webshag/ > > head/security/webshag/Makefile (contents, props changed) > > head/security/webshag/distinfo (contents, props changed) > > head/security/webshag/files/ > > head/security/webshag/files/patch-setup_linux_py (contents, props changed) > > head/security/webshag/pkg-descr (contents, props changed) > > head/security/webshag/pkg-plist (contents, props changed) > > Modified: > > head/security/Makefile > > > > Modified: head/security/Makefile > > ============================================================================== > > --- head/security/Makefile Sat Sep 6 06:16:50 2014 (r367403) > > +++ head/security/Makefile Sat Sep 6 07:46:57 2014 (r367404) > > @@ -1005,6 +1005,7 @@ > > SUBDIR += wapiti > > SUBDIR += webfwlog > > SUBDIR += webscarab > > + SUBDIR += webshag > > SUBDIR += whatweb > > SUBDIR += wipe > > SUBDIR += xca > > > > Added: head/security/webshag/Makefile > > ============================================================================== > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/security/webshag/Makefile Sat Sep 6 07:46:57 2014 (r367404) > > @@ -0,0 +1,55 @@ > > +# $FreeBSD$ > > + > > +PORTNAME= webshag > > +PORTVERSION= 1.10 > > +CATEGORIES= security www > > +MASTER_SITES= http://www.scrt.ch/outils/webshag/ > > +DISTNAME= ws110 > > + > > +MAINTAINER= clutton@zoho.com > > +COMMENT= Multi-threaded, multi-platform web server audit tool > > + > > +LICENSE= GPLv3 > > LICENSE_FILE Will fix. > > > +USES= python:2.7 dos2unix > > +USE_PYTHON=distutils > > - Is 'autoplist' usable here given distutils is in use? > - Tab align Probably not. The main executables, was renamed because of their script.py nature. And according to another fixes and the nature of the the software, it's not supposed to be installed by author. > > > +PYSETUP= setup.linux.py > > + > > +NO_WRKSUBDIR= yes > > + > > +OPTIONS_DEFINE= NMAP WXGTK > > +OPTIONS_DEFAULT=NMAP > > +OPTIONS_SUB= yes > > Tab alignment Yes. I've just looked, it has tab alagnment... > > > +.include <bsd.port.options.mk> > > + > > +.if ${PORT_OPTIONS:MNMAP} > > +BUILD_DEPENDS+= ${LOCALBASE}/bin/nmap:${PORTSDIR}/security/nmap > > +.endif > > - OPTIONS helpers: NMAP_BUILD_DEPENDS= > - Its definitely a BUILD not RUN_DEPENDS? Yes, it's BUILD_DEPENDS, because configure script checks nmap existence and etc. But in that case it's RUN_DEPENDS also... Should I add both? > > > +.if ${PORT_OPTIONS:MWXGTK} > > +USE_WX= 2.6+ > > +WX_COMPS= python:run > > +.endif > > + > > +post-patch: > > + @${MV} ${WRKSRC}/config ${WRKSRC}/etc > > + @${REINPLACE_CMD} -e 's|#!/usr/bin/python|#!/usr/bin/env python|g' \ > > + ${WRKSRC}/webshag_cli.py > > + @${REINPLACE_CMD} -e 's|#!/usr/bin/python|#!/usr/bin/env python|g' \ > > + ${WRKSRC}/webshag_gui.py > > - USES=shebangfix? > - Use ${PYTHON_CMD} ? 'python' may or may not exist Sure, will fix. > > > +do-install: > > +.if ${PORT_OPTIONS:MWXGTK} > > + ${INSTALL_SCRIPT} ${WRKSRC}/webshag_gui.py \ > > + ${STAGEDIR}${PREFIX}/bin/webshag_gui > > +.endif > > + ${INSTALL_SCRIPT} ${WRKSRC}/webshag_cli.py \ > > + ${STAGEDIR}${PREFIX}/bin/webshag_cli > > + @${INSTALL_DATA} ${WRKSRC}/etc/webshag.conf ${STAGEDIR}${PREFIX}/etc > > + (cd ${WRKSRC}/database && ${COPYTREE_SHARE} . \ > > + ${STAGEDIR}${PREFIX}/share/webshag) > > + (cd ${WRKSRC}/webshag && ${COPYTREE_SHARE} . \ > > + ${STAGEDIR}${PYTHON_SITELIBDIR}/webshag) > > + > > +.include <bsd.port.mk> > > > > Added: head/security/webshag/distinfo > > ============================================================================== > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/security/webshag/distinfo Sat Sep 6 07:46:57 2014 (r367404) > > @@ -0,0 +1,2 @@ > > +SHA256 (ws110.tar.gz) = a1ea1cc0c87e44a19fad7edc1658c6c57705aa1fc3ff3304f1e4a669b523a049 > > +SIZE (ws110.tar.gz) = 1512389 > > > > Added: head/security/webshag/files/patch-setup_linux_py > > ============================================================================== > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/security/webshag/files/patch-setup_linux_py Sat Sep 6 07:46:57 2014 (r367404) > > @@ -0,0 +1,99 @@ > > +--- /tmp/setup.linux.py 2014-08-29 20:27:32.000000000 +0300 > > ++++ setup.linux.py 2014-08-29 20:57:35.000000000 +0300 > > +@@ -24,21 +24,21 @@ > > + ## INIT ## > > + ## ################################################################# ## > > + > > +-path_prefix = os.path.abspath(os.path.curdir) + '/' > > ++path_prefix = '/usr/local/' > > + > > + ## ################################################################# ## > > + ## CONSTANTS ## > > + ## ################################################################# ## > > + > > +-NMAP = u'/usr/bin/nmap' > > ++NMAP = u'/usr/local/bin/nmap' > > + CORE_FILE = u'webshag/core/core_file.py' > > +-CFG_FILE = u'config/webshag.conf' > > +-FUZZ_DIRS = path_prefix + u'/database/fuzzer/directory-list-2.3-small.txt' > > +-FUZZ_FILES = path_prefix + u'/database/fuzzer/directory-list-1.0.txt' > > +-FUZZ_EXT = path_prefix + u'/database/fuzzer/extensions.txt' > > +-CUSTOM_DB = path_prefix + u'/database/custom' > > +-NIKTO_DB = path_prefix + u'/database/nikto' > > +-IDS_PROXIES = path_prefix + u'/database/proxies/proxies.txt' > > ++CFG_FILE = u'etc/webshag.conf' > > ++FUZZ_DIRS = path_prefix + u'share/webshag/fuzzer/directory-list-2.3-small.txt' > > ++FUZZ_FILES = path_prefix + u'share/webshag/fuzzer/directory-list-1.0.txt' > > ++FUZZ_EXT = path_prefix + u'share/webshag/fuzzer/extensions.txt' > > ++CUSTOM_DB = path_prefix + u'share/webshag/custom' > > ++NIKTO_DB = path_prefix + u'share/webshag/nikto' > > ++IDS_PROXIES = path_prefix + u'share/webshag/proxies/proxies.txt' > > + > > + CORE_CFG_RE = re.compile(ur'CFG_FILE\s=\s(?P<path>.*)') > > + > > +@@ -55,7 +55,7 @@ > > + > > + else: > > + print u'Not Found!' > > +- user_nmap = raw_input(u'[#] Please specify Nmap (nmap.exe) location (blank to skip): ') > > ++ user_nmap = '' > > + if user_nmap != '': > > + if os.path.isfile(user_nmap): > > + nmap = 'True' > > +@@ -73,13 +73,8 @@ > > + ## LIVE SEARCH APPID ## > > + ## ################################################################# ## > > + > > +-user_live = raw_input(u'[#] Enter your Live Search AppID (blank to skip): ') > > +-if user_live != '': > > +- live_id = user_live > > +- print u'[*] Live Search AppID: ' + user_live + u'\t Done!' > > +-else: > > +- live_id = '' > > +- print u'[!] AppID missing. Domain information module will not be functional.' > > ++live_id = 'False' > > ++print u'[!] AppID missing. Insert your LiveID into etc/webshag.conf.' > > + > > + ## ################################################################# ## > > + ## ALTERING FILES ## > > +@@ -92,14 +87,14 @@ > > + # core_file.py > > + print u'[*] Patching source code (configuration file location)...\t', > > + # reading file > > +-core_file_handler = codecs.open(core_file, u'r', u'utf-8') > > ++core_file_handler = codecs.open(u'webshag/core/core_file.py', u'r', u'utf-8') > > + core_file_contents = core_file_handler.read() > > + core_file_handler.close() > > + # replacing path value > > + old_path = CORE_CFG_RE.findall(core_file_contents)[-1] > > + core_file_contents = core_file_contents.replace(old_path, '\'' + cfg_file + '\'') > > + # writing file back > > +-core_file_handler = codecs.open(core_file, u'w', u'utf-8') > > ++core_file_handler = codecs.open(u'webshag/core/core_file.py', u'w', u'utf-8') > > + core_file_handler.write(core_file_contents) > > + core_file_handler.close() > > + print u'Done!' > > +@@ -107,7 +102,7 @@ > > + # webshag.conf > > + print u'[*] Fixing configuration file settings...\t', > > + configParser = SafeConfigParser() > > +-configParser.readfp(codecs.open(cfg_file, u'r', u'utf-8')) > > ++configParser.readfp(codecs.open(u'etc/webshag.conf', u'r', u'utf-8')) > > + configParser.set(u'core_file', u'fuzzer_file_list', FUZZ_FILES) > > + configParser.set(u'core_file', u'fuzzer_dir_list', FUZZ_DIRS) > > + configParser.set(u'core_file', u'fuzzer_ext_list', FUZZ_EXT) > > +@@ -117,7 +112,7 @@ > > + configParser.set(u'module_info', u'live_id', live_id) > > + configParser.set(u'module_portscan', u'nmap', nmap) > > + configParser.set(u'module_portscan', u'nmap_location', nmap_location) > > +-cfg_file_handler = codecs.open(cfg_file, u'w', u'utf-8') > > ++cfg_file_handler = codecs.open(u'etc/webshag.conf', u'w', u'utf-8') > > + configParser.write(cfg_file_handler) > > + cfg_file_handler.close() > > + print u'Done!' > > +@@ -129,5 +124,3 @@ > > + print '' > > + print 'Thanks for your interest in webshag! It is now ready to be used!' > > + print 'Enjoy! For more information please visit www.scrt.ch' > > +-print '' > > +-raw_input('Press any key to exit.\n') > > > > Added: head/security/webshag/pkg-descr > > ============================================================================== > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/security/webshag/pkg-descr Sat Sep 6 07:46:57 2014 (r367404) > > @@ -0,0 +1,5 @@ > > +Webshag is a multi-threaded, multi-platform web server audit tool. Written in > > +Python, it gathers commonly useful functionalities for web server auditing like > > +website crawling, URL scanning or file fuzzing. > > + > > +WWW: http://www.scrt.ch/en/attack/downloads/webshag > > > > Added: head/security/webshag/pkg-plist > > ============================================================================== > > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > > +++ head/security/webshag/pkg-plist Sat Sep 6 07:46:57 2014 (r367404) > > @@ -0,0 +1,49 @@ > > +bin/webshag_cli > > +%%WXGTK%%bin/webshag_gui > > +%%ETCDIR%%.conf > > Does this need a filename? What do you mean exactly? What should have needed a filename? > > +%%PYTHON_SITELIBDIR%%/webshag/__init__.py > > +%%PYTHON_SITELIBDIR%%/webshag/core/__init__.py > > +%%PYTHON_SITELIBDIR%%/webshag/core/core_error.py > > +%%PYTHON_SITELIBDIR%%/webshag/core/core_file.py > > +%%PYTHON_SITELIBDIR%%/webshag/core/core_http.py > > +%%PYTHON_SITELIBDIR%%/webshag/core/core_utilities.py > > +%%PYTHON_SITELIBDIR%%/webshag/export/__init__.py > > +%%PYTHON_SITELIBDIR%%/webshag/export/export.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/__init__.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_fuzz.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_images.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_info.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_pscan.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_spider.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_uscan.py > > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_widgets.py > > +%%PYTHON_SITELIBDIR%%/webshag/modules/__init__.py > > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_fuzz.py > > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_info.py > > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_pscan.py > > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_spider.py > > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_uscan.py > > +%%PYTHON_SITELIBDIR%%/webshag/update/__init__.py > > +%%PYTHON_SITELIBDIR%%/webshag/update/update.py > > +%%DATADIR%%/custom/banners.db > > +%%DATADIR%%/custom/custom_tests.db > > +%%DATADIR%%/fuzzer/directory-list-1.0.txt > > +%%DATADIR%%/fuzzer/directory-list-2.3-small.txt > > +%%DATADIR%%/fuzzer/extensions.txt > > +%%DATADIR%%/nikto/db_tests > > +%%DATADIR%%/nikto/db_variables > > +%%DATADIR%%/proxies/proxies.txt > > +@dirrmtry %%DATADIR%%/proxies > > +@dirrmtry %%DATADIR%%/nikto > > +@dirrmtry %%DATADIR%%/fuzzer > > +@dirrmtry %%DATADIR%%/custom > > +@dirrmtry %%DATADIR%% > > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/update > > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/modules > > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/gui > > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/export > > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/core > > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag > > +@dirrmtry %%PYTHON_SITELIBDIR%% > > +@dirrmtry %%PYTHON_LIBDIR%% > > Thank you for so good critic. Will fix soon.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1409997796.8237.11.camel>