svn commit: r367404 - in head/security: . webshag webshag/files
clutton
clutton at zoho.com
Sat Sep 6 10:03:32 UTC 2014
On Sat, 2014-09-06 at 19:32 +1000, Kubilay Kocak wrote:
> On 6/09/2014 5:46 PM, Carlo Strub wrote:
> > Author: cs
> > Date: Sat Sep 6 07:46:57 2014
> > New Revision: 367404
> > URL: http://svnweb.freebsd.org/changeset/ports/367404
> > QAT: https://qat.redports.org/buildarchive/r367404/
> >
> > Log:
> > Webshag is a multi-threaded, multi-platform web server audit tool. Written in
> > Python, it gathers commonly useful functionalities for web server auditing like
> > website crawling, URL scanning or file fuzzing.
> >
> > WWW: http://www.scrt.ch/en/attack/downloads/webshag
> >
> > PR: ports/187676
> > Submitted by: clutton at zoho.com
> >
> > Added:
> > head/security/webshag/
> > head/security/webshag/Makefile (contents, props changed)
> > head/security/webshag/distinfo (contents, props changed)
> > head/security/webshag/files/
> > head/security/webshag/files/patch-setup_linux_py (contents, props changed)
> > head/security/webshag/pkg-descr (contents, props changed)
> > head/security/webshag/pkg-plist (contents, props changed)
> > Modified:
> > head/security/Makefile
> >
> > Modified: head/security/Makefile
> > ==============================================================================
> > --- head/security/Makefile Sat Sep 6 06:16:50 2014 (r367403)
> > +++ head/security/Makefile Sat Sep 6 07:46:57 2014 (r367404)
> > @@ -1005,6 +1005,7 @@
> > SUBDIR += wapiti
> > SUBDIR += webfwlog
> > SUBDIR += webscarab
> > + SUBDIR += webshag
> > SUBDIR += whatweb
> > SUBDIR += wipe
> > SUBDIR += xca
> >
> > Added: head/security/webshag/Makefile
> > ==============================================================================
> > --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> > +++ head/security/webshag/Makefile Sat Sep 6 07:46:57 2014 (r367404)
> > @@ -0,0 +1,55 @@
> > +# $FreeBSD$
> > +
> > +PORTNAME= webshag
> > +PORTVERSION= 1.10
> > +CATEGORIES= security www
> > +MASTER_SITES= http://www.scrt.ch/outils/webshag/
> > +DISTNAME= ws110
> > +
> > +MAINTAINER= clutton at zoho.com
> > +COMMENT= Multi-threaded, multi-platform web server audit tool
> > +
> > +LICENSE= GPLv3
>
> LICENSE_FILE
Will fix.
>
> > +USES= python:2.7 dos2unix
> > +USE_PYTHON=distutils
>
> - Is 'autoplist' usable here given distutils is in use?
> - Tab align
Probably not. The main executables, was renamed because of their
script.py nature. And according to another fixes and the nature of the
the software, it's not supposed to be installed by author.
>
> > +PYSETUP= setup.linux.py
> > +
> > +NO_WRKSUBDIR= yes
> > +
> > +OPTIONS_DEFINE= NMAP WXGTK
> > +OPTIONS_DEFAULT=NMAP
> > +OPTIONS_SUB= yes
>
> Tab alignment
Yes. I've just looked, it has tab alagnment...
>
> > +.include <bsd.port.options.mk>
> > +
> > +.if ${PORT_OPTIONS:MNMAP}
> > +BUILD_DEPENDS+= ${LOCALBASE}/bin/nmap:${PORTSDIR}/security/nmap
> > +.endif
>
> - OPTIONS helpers: NMAP_BUILD_DEPENDS=
> - Its definitely a BUILD not RUN_DEPENDS?
Yes, it's BUILD_DEPENDS, because configure script checks nmap existence
and etc. But in that case it's RUN_DEPENDS also... Should I add both?
>
> > +.if ${PORT_OPTIONS:MWXGTK}
> > +USE_WX= 2.6+
> > +WX_COMPS= python:run
> > +.endif
> > +
> > +post-patch:
> > + @${MV} ${WRKSRC}/config ${WRKSRC}/etc
> > + @${REINPLACE_CMD} -e 's|#!/usr/bin/python|#!/usr/bin/env python|g' \
> > + ${WRKSRC}/webshag_cli.py
> > + @${REINPLACE_CMD} -e 's|#!/usr/bin/python|#!/usr/bin/env python|g' \
> > + ${WRKSRC}/webshag_gui.py
>
> - USES=shebangfix?
> - Use ${PYTHON_CMD} ? 'python' may or may not exist
Sure, will fix.
>
> > +do-install:
> > +.if ${PORT_OPTIONS:MWXGTK}
> > + ${INSTALL_SCRIPT} ${WRKSRC}/webshag_gui.py \
> > + ${STAGEDIR}${PREFIX}/bin/webshag_gui
> > +.endif
> > + ${INSTALL_SCRIPT} ${WRKSRC}/webshag_cli.py \
> > + ${STAGEDIR}${PREFIX}/bin/webshag_cli
> > + @${INSTALL_DATA} ${WRKSRC}/etc/webshag.conf ${STAGEDIR}${PREFIX}/etc
> > + (cd ${WRKSRC}/database && ${COPYTREE_SHARE} . \
> > + ${STAGEDIR}${PREFIX}/share/webshag)
> > + (cd ${WRKSRC}/webshag && ${COPYTREE_SHARE} . \
> > + ${STAGEDIR}${PYTHON_SITELIBDIR}/webshag)
> > +
> > +.include <bsd.port.mk>
> >
> > Added: head/security/webshag/distinfo
> > ==============================================================================
> > --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> > +++ head/security/webshag/distinfo Sat Sep 6 07:46:57 2014 (r367404)
> > @@ -0,0 +1,2 @@
> > +SHA256 (ws110.tar.gz) = a1ea1cc0c87e44a19fad7edc1658c6c57705aa1fc3ff3304f1e4a669b523a049
> > +SIZE (ws110.tar.gz) = 1512389
> >
> > Added: head/security/webshag/files/patch-setup_linux_py
> > ==============================================================================
> > --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> > +++ head/security/webshag/files/patch-setup_linux_py Sat Sep 6 07:46:57 2014 (r367404)
> > @@ -0,0 +1,99 @@
> > +--- /tmp/setup.linux.py 2014-08-29 20:27:32.000000000 +0300
> > ++++ setup.linux.py 2014-08-29 20:57:35.000000000 +0300
> > +@@ -24,21 +24,21 @@
> > + ## INIT ##
> > + ## ################################################################# ##
> > +
> > +-path_prefix = os.path.abspath(os.path.curdir) + '/'
> > ++path_prefix = '/usr/local/'
> > +
> > + ## ################################################################# ##
> > + ## CONSTANTS ##
> > + ## ################################################################# ##
> > +
> > +-NMAP = u'/usr/bin/nmap'
> > ++NMAP = u'/usr/local/bin/nmap'
> > + CORE_FILE = u'webshag/core/core_file.py'
> > +-CFG_FILE = u'config/webshag.conf'
> > +-FUZZ_DIRS = path_prefix + u'/database/fuzzer/directory-list-2.3-small.txt'
> > +-FUZZ_FILES = path_prefix + u'/database/fuzzer/directory-list-1.0.txt'
> > +-FUZZ_EXT = path_prefix + u'/database/fuzzer/extensions.txt'
> > +-CUSTOM_DB = path_prefix + u'/database/custom'
> > +-NIKTO_DB = path_prefix + u'/database/nikto'
> > +-IDS_PROXIES = path_prefix + u'/database/proxies/proxies.txt'
> > ++CFG_FILE = u'etc/webshag.conf'
> > ++FUZZ_DIRS = path_prefix + u'share/webshag/fuzzer/directory-list-2.3-small.txt'
> > ++FUZZ_FILES = path_prefix + u'share/webshag/fuzzer/directory-list-1.0.txt'
> > ++FUZZ_EXT = path_prefix + u'share/webshag/fuzzer/extensions.txt'
> > ++CUSTOM_DB = path_prefix + u'share/webshag/custom'
> > ++NIKTO_DB = path_prefix + u'share/webshag/nikto'
> > ++IDS_PROXIES = path_prefix + u'share/webshag/proxies/proxies.txt'
> > +
> > + CORE_CFG_RE = re.compile(ur'CFG_FILE\s=\s(?P<path>.*)')
> > +
> > +@@ -55,7 +55,7 @@
> > +
> > + else:
> > + print u'Not Found!'
> > +- user_nmap = raw_input(u'[#] Please specify Nmap (nmap.exe) location (blank to skip): ')
> > ++ user_nmap = ''
> > + if user_nmap != '':
> > + if os.path.isfile(user_nmap):
> > + nmap = 'True'
> > +@@ -73,13 +73,8 @@
> > + ## LIVE SEARCH APPID ##
> > + ## ################################################################# ##
> > +
> > +-user_live = raw_input(u'[#] Enter your Live Search AppID (blank to skip): ')
> > +-if user_live != '':
> > +- live_id = user_live
> > +- print u'[*] Live Search AppID: ' + user_live + u'\t Done!'
> > +-else:
> > +- live_id = ''
> > +- print u'[!] AppID missing. Domain information module will not be functional.'
> > ++live_id = 'False'
> > ++print u'[!] AppID missing. Insert your LiveID into etc/webshag.conf.'
> > +
> > + ## ################################################################# ##
> > + ## ALTERING FILES ##
> > +@@ -92,14 +87,14 @@
> > + # core_file.py
> > + print u'[*] Patching source code (configuration file location)...\t',
> > + # reading file
> > +-core_file_handler = codecs.open(core_file, u'r', u'utf-8')
> > ++core_file_handler = codecs.open(u'webshag/core/core_file.py', u'r', u'utf-8')
> > + core_file_contents = core_file_handler.read()
> > + core_file_handler.close()
> > + # replacing path value
> > + old_path = CORE_CFG_RE.findall(core_file_contents)[-1]
> > + core_file_contents = core_file_contents.replace(old_path, '\'' + cfg_file + '\'')
> > + # writing file back
> > +-core_file_handler = codecs.open(core_file, u'w', u'utf-8')
> > ++core_file_handler = codecs.open(u'webshag/core/core_file.py', u'w', u'utf-8')
> > + core_file_handler.write(core_file_contents)
> > + core_file_handler.close()
> > + print u'Done!'
> > +@@ -107,7 +102,7 @@
> > + # webshag.conf
> > + print u'[*] Fixing configuration file settings...\t',
> > + configParser = SafeConfigParser()
> > +-configParser.readfp(codecs.open(cfg_file, u'r', u'utf-8'))
> > ++configParser.readfp(codecs.open(u'etc/webshag.conf', u'r', u'utf-8'))
> > + configParser.set(u'core_file', u'fuzzer_file_list', FUZZ_FILES)
> > + configParser.set(u'core_file', u'fuzzer_dir_list', FUZZ_DIRS)
> > + configParser.set(u'core_file', u'fuzzer_ext_list', FUZZ_EXT)
> > +@@ -117,7 +112,7 @@
> > + configParser.set(u'module_info', u'live_id', live_id)
> > + configParser.set(u'module_portscan', u'nmap', nmap)
> > + configParser.set(u'module_portscan', u'nmap_location', nmap_location)
> > +-cfg_file_handler = codecs.open(cfg_file, u'w', u'utf-8')
> > ++cfg_file_handler = codecs.open(u'etc/webshag.conf', u'w', u'utf-8')
> > + configParser.write(cfg_file_handler)
> > + cfg_file_handler.close()
> > + print u'Done!'
> > +@@ -129,5 +124,3 @@
> > + print ''
> > + print 'Thanks for your interest in webshag! It is now ready to be used!'
> > + print 'Enjoy! For more information please visit www.scrt.ch'
> > +-print ''
> > +-raw_input('Press any key to exit.\n')
> >
> > Added: head/security/webshag/pkg-descr
> > ==============================================================================
> > --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> > +++ head/security/webshag/pkg-descr Sat Sep 6 07:46:57 2014 (r367404)
> > @@ -0,0 +1,5 @@
> > +Webshag is a multi-threaded, multi-platform web server audit tool. Written in
> > +Python, it gathers commonly useful functionalities for web server auditing like
> > +website crawling, URL scanning or file fuzzing.
> > +
> > +WWW: http://www.scrt.ch/en/attack/downloads/webshag
> >
> > Added: head/security/webshag/pkg-plist
> > ==============================================================================
> > --- /dev/null 00:00:00 1970 (empty, because file is newly added)
> > +++ head/security/webshag/pkg-plist Sat Sep 6 07:46:57 2014 (r367404)
> > @@ -0,0 +1,49 @@
> > +bin/webshag_cli
> > +%%WXGTK%%bin/webshag_gui
> > +%%ETCDIR%%.conf
>
> Does this need a filename?
What do you mean exactly? What should have needed a filename?
> > +%%PYTHON_SITELIBDIR%%/webshag/__init__.py
> > +%%PYTHON_SITELIBDIR%%/webshag/core/__init__.py
> > +%%PYTHON_SITELIBDIR%%/webshag/core/core_error.py
> > +%%PYTHON_SITELIBDIR%%/webshag/core/core_file.py
> > +%%PYTHON_SITELIBDIR%%/webshag/core/core_http.py
> > +%%PYTHON_SITELIBDIR%%/webshag/core/core_utilities.py
> > +%%PYTHON_SITELIBDIR%%/webshag/export/__init__.py
> > +%%PYTHON_SITELIBDIR%%/webshag/export/export.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/__init__.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_fuzz.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_images.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_info.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_pscan.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_spider.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_uscan.py
> > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_widgets.py
> > +%%PYTHON_SITELIBDIR%%/webshag/modules/__init__.py
> > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_fuzz.py
> > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_info.py
> > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_pscan.py
> > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_spider.py
> > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_uscan.py
> > +%%PYTHON_SITELIBDIR%%/webshag/update/__init__.py
> > +%%PYTHON_SITELIBDIR%%/webshag/update/update.py
> > +%%DATADIR%%/custom/banners.db
> > +%%DATADIR%%/custom/custom_tests.db
> > +%%DATADIR%%/fuzzer/directory-list-1.0.txt
> > +%%DATADIR%%/fuzzer/directory-list-2.3-small.txt
> > +%%DATADIR%%/fuzzer/extensions.txt
> > +%%DATADIR%%/nikto/db_tests
> > +%%DATADIR%%/nikto/db_variables
> > +%%DATADIR%%/proxies/proxies.txt
> > + at dirrmtry %%DATADIR%%/proxies
> > + at dirrmtry %%DATADIR%%/nikto
> > + at dirrmtry %%DATADIR%%/fuzzer
> > + at dirrmtry %%DATADIR%%/custom
> > + at dirrmtry %%DATADIR%%
> > + at dirrmtry %%PYTHON_SITELIBDIR%%/webshag/update
> > + at dirrmtry %%PYTHON_SITELIBDIR%%/webshag/modules
> > + at dirrmtry %%PYTHON_SITELIBDIR%%/webshag/gui
> > + at dirrmtry %%PYTHON_SITELIBDIR%%/webshag/export
> > + at dirrmtry %%PYTHON_SITELIBDIR%%/webshag/core
> > + at dirrmtry %%PYTHON_SITELIBDIR%%/webshag
> > + at dirrmtry %%PYTHON_SITELIBDIR%%
> > + at dirrmtry %%PYTHON_LIBDIR%%
> >
Thank you for so good critic. Will fix soon.
More information about the svn-ports-head
mailing list