svn commit: r428087 - in head/security: . dotdotpwn dotdotpwn/files

Kurt Jaeger pi at FreeBSD.org
Wed Dec 7 21:29:37 UTC 2016 

Author: pi
Date: Wed Dec  7 21:29:35 2016
New Revision: 428087
URL: https://svnweb.freebsd.org/changeset/ports/428087

Log:
  New port: security/dotdotpwn
  
  DotDotPwn - The Directory Traversal Fuzzer
  
  It's a very flexible intelligent
  fuzzer to discover traversal directory
  vulnerabilities in software such as HTTP/FTP/TFTP
  servers, Web platforms such as CMSs,
  ERPs, Blogs, etc.
  
  Also, it has a protocol-independent
  module to send the desired payload to
  the host and port specified. On the
  other hand, it also could be used in
  a scripting way using the STDOUT module.
  
  It's written in perl programming
  language and can be run either under
  *NIX or Windows platforms.
  
  WWW: https://github.com/wireghoul/dotdotpwn
  
  PR:		209323
  Submitted by:	Rihaz Jerrin <rihaz.jerrin at gmail.com>

Added:
  head/security/dotdotpwn/
  head/security/dotdotpwn/Makefile   (contents, props changed)
  head/security/dotdotpwn/distinfo   (contents, props changed)
  head/security/dotdotpwn/files/
  head/security/dotdotpwn/files/patch-DotDotPwn_HTTP.pm   (contents, props changed)
  head/security/dotdotpwn/files/patch-DotDotPwn_HTTP__Url.pm   (contents, props changed)
  head/security/dotdotpwn/pkg-descr   (contents, props changed)
  head/security/dotdotpwn/pkg-plist   (contents, props changed)
Modified:
  head/security/Makefile

Modified: head/security/Makefile
==============================================================================
--- head/security/Makefile	Wed Dec  7 20:38:28 2016	(r428086)
+++ head/security/Makefile	Wed Dec  7 21:29:35 2016	(r428087)
@@ -115,6 +115,7 @@
     SUBDIR += doas
     SUBDIR += doorman
     SUBDIR += doscan
+    SUBDIR += dotdotpwn
     SUBDIR += dradis
     SUBDIR += dropbear
     SUBDIR += dsniff

Added: head/security/dotdotpwn/Makefile
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/dotdotpwn/Makefile	Wed Dec  7 21:29:35 2016	(r428087)
@@ -0,0 +1,48 @@
+# $FreeBSD$
+
+PORTNAME=	dotdotpwn
+PORTVERSION=	3.0.2
+CATEGORIES=	security
+MASTER_SITES=	GH
+
+MAINTAINER=	rihaz.jerrin at gmail.com
+COMMENT=	Fuzzer to discover traversal directory vulnerabilities
+
+LICENSE=	LGPL21
+
+RUN_DEPENDS=	p5-Time-HiRes>=0:devel/p5-Time-HiRes \
+		p5-Switch>=0:lang/p5-Switch	\
+		p5-libwww>=0:www/p5-libwww	\
+		p5-TFTP>=0:net/p5-TFTP
+
+USE_GITHUB=	yes
+GH_ACCOUNT=	wireghoul
+
+OPTIONS_DEFINE=	NMAP
+OPTIONS_SUB=	yes
+NMAP_DESC=	ENABLE OS DETECTION FEATURE - REQUIRES NMAP
+OPTIONS_DEFAULT=	NMAP
+
+OSDETECTION_RUN_DEPENDS=	nmap:${PORTSDIR}/security/nmap
+
+USES=	perl5 shebangfix
+
+SHEBANG_FILES=	${WRKSRC}/dotdotpwn.pl ${WRKSRC}/DotDotPwn/BisectionAlgorithm.pm ${WRKSRC}/DotDotPwn/FTP.pm  ${WRKSRC}/DotDotPwn/File.pm ${WRKSRC}/DotDotPwn/Fingerprint.pm ${WRKSRC}/DotDotPwn/HTTP.pm ${WRKSRC}/DotDotPwn/HTTP_Url.pm ${WRKSRC}/DotDotPwn/Payload.pm ${WRKSRC}/DotDotPwn/STDOUT.pm  ${WRKSRC}/DotDotPwn/TFTP.pm ${WRKSRC}/DotDotPwn/TraversalEngine.pm
+
+NO_BUILD=	yes
+NO_ARCH=	yes
+
+PORTDOCS=	README.txt  TODO.txt  CHANGELOG.txt  LICENSE.txt AUTHORS.txt EXAMPLES.txt
+
+do-install:
+	${INSTALL_SCRIPT}   ${WRKSRC}/dotdotpwn.pl ${STAGEDIR}${PREFIX}/bin/dotdotpwn
+	${MKDIR} 	    ${STAGEDIR}${PREFIX}/${SITE_PERL_REL}/DotDotPwn
+	${MKDIR}	    ${STAGEDIR}${DATADIR}/DotDotPwn
+	(cd ${WRKSRC}/DotDotPwn  && ${COPYTREE_SHARE} \*   ${STAGEDIR}${PREFIX}/${SITE_PERL_REL}/DotDotPwn)
+	${MKDIR}  ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${PORTDOCS:S|^|${WRKSRC}/|} ${STAGEDIR}${DOCSDIR}
+	${INSTALL_DATA} ${WRKSRC}/DotDotPwn/User-Agents.txt ${STAGEDIR}${DATADIR}
+	${INSTALL_DATA} ${WRKSRC}/payload_sample_1.txt      ${STAGEDIR}${DATADIR}
+	${INSTALL_DATA} ${WRKSRC}/payload_sample_2.txt      ${STAGEDIR}${DATADIR}
+
+.include <bsd.port.mk>

Added: head/security/dotdotpwn/distinfo
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/dotdotpwn/distinfo	Wed Dec  7 21:29:35 2016	(r428087)
@@ -0,0 +1,3 @@
+TIMESTAMP = 1480965191
+SHA256 (wireghoul-dotdotpwn-3.0.2_GH0.tar.gz) = a74b4010a6171cc58d9881b0f2b1b0ac1f4f637386a0cbc62463e7ae227981d5
+SIZE (wireghoul-dotdotpwn-3.0.2_GH0.tar.gz) = 50440

Added: head/security/dotdotpwn/files/patch-DotDotPwn_HTTP.pm
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/dotdotpwn/files/patch-DotDotPwn_HTTP.pm	Wed Dec  7 21:29:35 2016	(r428087)
@@ -0,0 +1,11 @@
+--- DotDotPwn/HTTP.pm.orig	2016-05-05 08:37:25 UTC
++++ DotDotPwn/HTTP.pm
+@@ -21,7 +21,7 @@ sub FuzzHTTP{
+ 	my $foo = 0; # Used as an auxiliary variable in quiet mode (see below)
+ 	my $UserAgent;
+ 
+-	open(AGENTS, "DotDotPwn/User-Agents.txt") or die "[-] Cannot open User-Agents.txt file: $!";
++	open(AGENTS, "/usr/local/share/dotdotpwn/User-Agents.txt") or die "[-] Cannot open User-Agents.txt file: $!";
+ 	my @UserAgents = <AGENTS>;
+ 	close(AGENTS);
+ 

Added: head/security/dotdotpwn/files/patch-DotDotPwn_HTTP__Url.pm
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/dotdotpwn/files/patch-DotDotPwn_HTTP__Url.pm	Wed Dec  7 21:29:35 2016	(r428087)
@@ -0,0 +1,11 @@
+--- DotDotPwn/HTTP_Url.pm.orig	2016-05-05 08:38:21 UTC
++++ DotDotPwn/HTTP_Url.pm
+@@ -29,7 +29,7 @@ sub FuzzHTTP_Url{
+ 	my $foo = 0; # Used as an auxiliary variable in quiet mode (see below)
+ 	my $UserAgent;
+ 
+-	open(AGENTS, "DotDotPwn/User-Agents.txt") or die "[-] Cannot open User-Agents.txt file: $!";
++	open(AGENTS, "/usr/local/share/dotdotpwn/User-Agents.txt") or die "[-] Cannot open User-Agents.txt file: $!";
+ 	my @UserAgents = <AGENTS>;
+ 	close(AGENTS);
+ 

Added: head/security/dotdotpwn/pkg-descr
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/dotdotpwn/pkg-descr	Wed Dec  7 21:29:35 2016	(r428087)
@@ -0,0 +1,19 @@
+DotDotPwn - The Directory Traversal Fuzzer
+
+It's a very flexible intelligent 
+fuzzer to discover traversal directory 
+vulnerabilities in software such as HTTP/FTP/TFTP 
+servers, Web platforms such as CMSs, 
+ERPs, Blogs, etc. 
+
+Also, it has a protocol-independent 
+module to send the desired payload to 
+the host and port specified. On the 
+other hand, it also could be used in 
+a scripting way using the STDOUT module.
+
+It's written in perl programming 
+language and can be run either under 
+*NIX or Windows platforms.
+
+WWW: https://github.com/wireghoul/dotdotpwn

Added: head/security/dotdotpwn/pkg-plist
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/security/dotdotpwn/pkg-plist	Wed Dec  7 21:29:35 2016	(r428087)
@@ -0,0 +1,16 @@
+bin/dotdotpwn
+%%SITE_PERL%%/DotDotPwn/BisectionAlgorithm.pm
+%%SITE_PERL%%/DotDotPwn/FTP.pm
+%%SITE_PERL%%/DotDotPwn/File.pm
+%%SITE_PERL%%/DotDotPwn/Fingerprint.pm
+%%SITE_PERL%%/DotDotPwn/HTTP.pm
+%%SITE_PERL%%/DotDotPwn/HTTP_Url.pm
+%%SITE_PERL%%/DotDotPwn/Payload.pm
+%%SITE_PERL%%/DotDotPwn/STDOUT.pm
+%%SITE_PERL%%/DotDotPwn/TFTP.pm
+%%SITE_PERL%%/DotDotPwn/TraversalEngine.pm
+%%DATADIR%%/User-Agents.txt
+%%DATADIR%%/payload_sample_1.txt
+%%DATADIR%%/payload_sample_2.txt
+%%SITE_PERL%%/DotDotPwn/User-Agents.txt
+ at dir %%DATADIR%%/DotDotPwn

More information about the svn-ports-head mailing list