ports/116873: New Port: security/wapiti - a tool to audit your web applications

Philippe Audeoud jadawin at tuxaco.net
Wed Oct 3 15:10:02 UTC 2007 

>Number:         116873
>Category:       ports
>Synopsis:       New Port: security/wapiti - a tool to audit your web applications
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Wed Oct 03 15:10:01 GMT 2007
>Closed-Date:
>Last-Modified:
>Originator:     Philippe Audeoud
>Release:        FreeBSD 6.2-RELEASE i386
>Organization:
>Environment:
System: FreeBSD huppa.tuxaco.net 6.2-RELEASE FreeBSD 6.2-RELEASE #0: Tue Mar 20 16:05:42 CET 2007 root@:/usr/obj/usr/src/sys/GENERIC i386


	
>Description:
	Wapiti allows you to audit the security of your web applications. It's written in Python and acts like a fuzzer. It can inject data, too.
>How-To-Repeat:
	
>Fix:

	

--- shar-wapiti-1.sh begins here ---
# This is a shell archive.  Save it in a file, remove anything before
# this line, and then unpack it by entering "sh file".  Note, it may
# create directories; files and directories will be owned by you and
# have default permissions.
#
# This archive contains:
#
#	wapiti/
#	wapiti/Makefile
#	wapiti/distinfo
#	wapiti/pkg-descr
#
echo c - wapiti/
mkdir -p wapiti/ > /dev/null 2>&1
echo x - wapiti/Makefile
sed 's/^X//' >wapiti/Makefile << 'END-of-wapiti/Makefile'
X# New ports collection makefile for:	wapiti
X# Date created:                3 October 2007
X# Whom:                        Philippe Audeoud <jadawin at tuxaco.net>
X# $FreeBSD$
X
XPORTNAME=	wapiti
XPORTVERSION=	1.1.6
XCATEGORIES=	security
XMASTER_SITES=	${MASTER_SITE_SOURCEFORGE_EXTENDED}
XMASTER_SITE_SUBDIR=	wapiti
X
XMAINTAINER=	jadawin at tuxaco.net
XCOMMENT=	Wapiti is a vulnerability scanner for web applications
X
XRUN_DEPENDS=	${PYTHON_SITELIBDIR}/tidy:${PORTSDIR}/www/py-utidy
X
XUSE_PYTHON=	2.3+
XNO_BUILD=	yes
XPORTDOCS=	README
X
XPLIST_FILES=	bin/wapiti.py \
X		bin/lswww.py \
X		bin/getcookie.py \
X		bin/cookie.py \
X		bin/BeautifulSoup.py
X
Xdo-install:
X.for i in wapiti.py lswww.py getcookie.py cookie.py BeautifulSoup.py
X	${INSTALL_SCRIPT} ${WRKSRC}/${i} ${PREFIX}/bin/
X.endfor
X.if !defined(NOPORTDOCS)
X	${MKDIR} ${DOCSDIR}
X	${INSTALL_DATA} ${WRKSRC}/README ${DOCSDIR}
X.endif
X
X.include <bsd.port.mk>
END-of-wapiti/Makefile
echo x - wapiti/distinfo
sed 's/^X//' >wapiti/distinfo << 'END-of-wapiti/distinfo'
XMD5 (wapiti-1.1.6.tar.gz) = 8b6067b64c16b575da43aa2dbfaeea23
XSHA256 (wapiti-1.1.6.tar.gz) = cb9fb6b969d01e84e953235f7e7554fee62916aaf3215a1abd4455a0efecbaed
XSIZE (wapiti-1.1.6.tar.gz) = 51200
END-of-wapiti/distinfo
echo x - wapiti/pkg-descr
sed 's/^X//' >wapiti/pkg-descr << 'END-of-wapiti/pkg-descr'
XWapiti allows you to audit the security of your web applications.
XIt performs "black-box" scans, i.e. it does not study the source code of
Xthe application but will scans the webpages of the deployed webapp,
Xlooking for scripts and forms where it can inject data.
XOnce it gets this list, Wapiti acts like a fuzzer, injecting payloads to
Xsee if a script is vulnerable.
X
XWWW: http://wapiti.sourceforge.net/
END-of-wapiti/pkg-descr
exit
--- shar-wapiti-1.sh ends here ---


>Release-Note:
>Audit-Trail:
>Unformatted:

More information about the freebsd-ports-bugs mailing list