svn commit: r428087 - in head/security: . dotdotpwn dotdotpwn/files
Kurt Jaeger
pi at FreeBSD.org
Wed Dec 7 21:29:37 UTC 2016
Author: pi
Date: Wed Dec 7 21:29:35 2016
New Revision: 428087
URL: https://svnweb.freebsd.org/changeset/ports/428087
Log:
New port: security/dotdotpwn
DotDotPwn - The Directory Traversal Fuzzer
It's a very flexible intelligent
fuzzer to discover traversal directory
vulnerabilities in software such as HTTP/FTP/TFTP
servers, Web platforms such as CMSs,
ERPs, Blogs, etc.
Also, it has a protocol-independent
module to send the desired payload to
the host and port specified. On the
other hand, it also could be used in
a scripting way using the STDOUT module.
It's written in perl programming
language and can be run either under
*NIX or Windows platforms.
WWW: https://github.com/wireghoul/dotdotpwn
PR: 209323
Submitted by: Rihaz Jerrin <rihaz.jerrin at gmail.com>
Added:
head/security/dotdotpwn/
head/security/dotdotpwn/Makefile (contents, props changed)
head/security/dotdotpwn/distinfo (contents, props changed)
head/security/dotdotpwn/files/
head/security/dotdotpwn/files/patch-DotDotPwn_HTTP.pm (contents, props changed)
head/security/dotdotpwn/files/patch-DotDotPwn_HTTP__Url.pm (contents, props changed)
head/security/dotdotpwn/pkg-descr (contents, props changed)
head/security/dotdotpwn/pkg-plist (contents, props changed)
Modified:
head/security/Makefile
Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile Wed Dec 7 20:38:28 2016 (r428086)
+++ head/security/Makefile Wed Dec 7 21:29:35 2016 (r428087)
@@ -115,6 +115,7 @@
SUBDIR += doas
SUBDIR += doorman
SUBDIR += doscan
+ SUBDIR += dotdotpwn
SUBDIR += dradis
SUBDIR += dropbear
SUBDIR += dsniff
Added: head/security/dotdotpwn/Makefile
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/dotdotpwn/Makefile Wed Dec 7 21:29:35 2016 (r428087)
@@ -0,0 +1,48 @@
+# $FreeBSD$
+
+PORTNAME= dotdotpwn
+PORTVERSION= 3.0.2
+CATEGORIES= security
+MASTER_SITES= GH
+
+MAINTAINER= rihaz.jerrin at gmail.com
+COMMENT= Fuzzer to discover traversal directory vulnerabilities
+
+LICENSE= LGPL21
+
+RUN_DEPENDS= p5-Time-HiRes>=0:devel/p5-Time-HiRes \
+ p5-Switch>=0:lang/p5-Switch \
+ p5-libwww>=0:www/p5-libwww \
+ p5-TFTP>=0:net/p5-TFTP
+
+USE_GITHUB= yes
+GH_ACCOUNT= wireghoul
+
+OPTIONS_DEFINE= NMAP
+OPTIONS_SUB= yes
+NMAP_DESC= ENABLE OS DETECTION FEATURE - REQUIRES NMAP
+OPTIONS_DEFAULT= NMAP
+
+OSDETECTION_RUN_DEPENDS= nmap:${PORTSDIR}/security/nmap
+
+USES= perl5 shebangfix
+
+SHEBANG_FILES= ${WRKSRC}/dotdotpwn.pl ${WRKSRC}/DotDotPwn/BisectionAlgorithm.pm ${WRKSRC}/DotDotPwn/FTP.pm ${WRKSRC}/DotDotPwn/File.pm ${WRKSRC}/DotDotPwn/Fingerprint.pm ${WRKSRC}/DotDotPwn/HTTP.pm ${WRKSRC}/DotDotPwn/HTTP_Url.pm ${WRKSRC}/DotDotPwn/Payload.pm ${WRKSRC}/DotDotPwn/STDOUT.pm ${WRKSRC}/DotDotPwn/TFTP.pm ${WRKSRC}/DotDotPwn/TraversalEngine.pm
+
+NO_BUILD= yes
+NO_ARCH= yes
+
+PORTDOCS= README.txt TODO.txt CHANGELOG.txt LICENSE.txt AUTHORS.txt EXAMPLES.txt
+
+do-install:
+ ${INSTALL_SCRIPT} ${WRKSRC}/dotdotpwn.pl ${STAGEDIR}${PREFIX}/bin/dotdotpwn
+ ${MKDIR} ${STAGEDIR}${PREFIX}/${SITE_PERL_REL}/DotDotPwn
+ ${MKDIR} ${STAGEDIR}${DATADIR}/DotDotPwn
+ (cd ${WRKSRC}/DotDotPwn && ${COPYTREE_SHARE} \* ${STAGEDIR}${PREFIX}/${SITE_PERL_REL}/DotDotPwn)
+ ${MKDIR} ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
+ ${INSTALL_DATA} ${WRKSRC}/DotDotPwn/User-Agents.txt ${STAGEDIR}${DATADIR}
+ ${INSTALL_DATA} ${WRKSRC}/payload_sample_1.txt ${STAGEDIR}${DATADIR}
+ ${INSTALL_DATA} ${WRKSRC}/payload_sample_2.txt ${STAGEDIR}${DATADIR}
+
+.include <bsd.port.mk>
Added: head/security/dotdotpwn/distinfo
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/dotdotpwn/distinfo Wed Dec 7 21:29:35 2016 (r428087)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1480965191
+SHA256 (wireghoul-dotdotpwn-3.0.2_GH0.tar.gz) = a74b4010a6171cc58d9881b0f2b1b0ac1f4f637386a0cbc62463e7ae227981d5
+SIZE (wireghoul-dotdotpwn-3.0.2_GH0.tar.gz) = 50440
Added: head/security/dotdotpwn/files/patch-DotDotPwn_HTTP.pm
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/dotdotpwn/files/patch-DotDotPwn_HTTP.pm Wed Dec 7 21:29:35 2016 (r428087)
@@ -0,0 +1,11 @@
+--- DotDotPwn/HTTP.pm.orig 2016-05-05 08:37:25 UTC
++++ DotDotPwn/HTTP.pm
+@@ -21,7 +21,7 @@ sub FuzzHTTP{
+ my $foo = 0; # Used as an auxiliary variable in quiet mode (see below)
+ my $UserAgent;
+
+- open(AGENTS, "DotDotPwn/User-Agents.txt") or die "[-] Cannot open User-Agents.txt file: $!";
++ open(AGENTS, "/usr/local/share/dotdotpwn/User-Agents.txt") or die "[-] Cannot open User-Agents.txt file: $!";
+ my @UserAgents = <AGENTS>;
+ close(AGENTS);
+
Added: head/security/dotdotpwn/files/patch-DotDotPwn_HTTP__Url.pm
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/dotdotpwn/files/patch-DotDotPwn_HTTP__Url.pm Wed Dec 7 21:29:35 2016 (r428087)
@@ -0,0 +1,11 @@
+--- DotDotPwn/HTTP_Url.pm.orig 2016-05-05 08:38:21 UTC
++++ DotDotPwn/HTTP_Url.pm
+@@ -29,7 +29,7 @@ sub FuzzHTTP_Url{
+ my $foo = 0; # Used as an auxiliary variable in quiet mode (see below)
+ my $UserAgent;
+
+- open(AGENTS, "DotDotPwn/User-Agents.txt") or die "[-] Cannot open User-Agents.txt file: $!";
++ open(AGENTS, "/usr/local/share/dotdotpwn/User-Agents.txt") or die "[-] Cannot open User-Agents.txt file: $!";
+ my @UserAgents = <AGENTS>;
+ close(AGENTS);
+
Added: head/security/dotdotpwn/pkg-descr
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/dotdotpwn/pkg-descr Wed Dec 7 21:29:35 2016 (r428087)
@@ -0,0 +1,19 @@
+DotDotPwn - The Directory Traversal Fuzzer
+
+It's a very flexible intelligent
+fuzzer to discover traversal directory
+vulnerabilities in software such as HTTP/FTP/TFTP
+servers, Web platforms such as CMSs,
+ERPs, Blogs, etc.
+
+Also, it has a protocol-independent
+module to send the desired payload to
+the host and port specified. On the
+other hand, it also could be used in
+a scripting way using the STDOUT module.
+
+It's written in perl programming
+language and can be run either under
+*NIX or Windows platforms.
+
+WWW: https://github.com/wireghoul/dotdotpwn
Added: head/security/dotdotpwn/pkg-plist
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/security/dotdotpwn/pkg-plist Wed Dec 7 21:29:35 2016 (r428087)
@@ -0,0 +1,16 @@
+bin/dotdotpwn
+%%SITE_PERL%%/DotDotPwn/BisectionAlgorithm.pm
+%%SITE_PERL%%/DotDotPwn/FTP.pm
+%%SITE_PERL%%/DotDotPwn/File.pm
+%%SITE_PERL%%/DotDotPwn/Fingerprint.pm
+%%SITE_PERL%%/DotDotPwn/HTTP.pm
+%%SITE_PERL%%/DotDotPwn/HTTP_Url.pm
+%%SITE_PERL%%/DotDotPwn/Payload.pm
+%%SITE_PERL%%/DotDotPwn/STDOUT.pm
+%%SITE_PERL%%/DotDotPwn/TFTP.pm
+%%SITE_PERL%%/DotDotPwn/TraversalEngine.pm
+%%DATADIR%%/User-Agents.txt
+%%DATADIR%%/payload_sample_1.txt
+%%DATADIR%%/payload_sample_2.txt
+%%SITE_PERL%%/DotDotPwn/User-Agents.txt
+ at dir %%DATADIR%%/DotDotPwn
More information about the svn-ports-head
mailing list