Date: Sat, 06 Sep 2014 19:32:24 +1000 From: Kubilay Kocak <koobs@FreeBSD.org> To: Carlo Strub <cs@FreeBSD.org>, ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Cc: clutton@zoho.com Subject: Re: svn commit: r367404 - in head/security: . webshag webshag/files Message-ID: <540AD4A8.4050705@FreeBSD.org> In-Reply-To: <201409060746.s867kwJ4038485@svn.freebsd.org> References: <201409060746.s867kwJ4038485@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On 6/09/2014 5:46 PM, Carlo Strub wrote: > Author: cs > Date: Sat Sep 6 07:46:57 2014 > New Revision: 367404 > URL: http://svnweb.freebsd.org/changeset/ports/367404 > QAT: https://qat.redports.org/buildarchive/r367404/ > > Log: > Webshag is a multi-threaded, multi-platform web server audit tool. Written in > Python, it gathers commonly useful functionalities for web server auditing like > website crawling, URL scanning or file fuzzing. > > WWW: http://www.scrt.ch/en/attack/downloads/webshag > > PR: ports/187676 > Submitted by: clutton@zoho.com > > Added: > head/security/webshag/ > head/security/webshag/Makefile (contents, props changed) > head/security/webshag/distinfo (contents, props changed) > head/security/webshag/files/ > head/security/webshag/files/patch-setup_linux_py (contents, props changed) > head/security/webshag/pkg-descr (contents, props changed) > head/security/webshag/pkg-plist (contents, props changed) > Modified: > head/security/Makefile > > Modified: head/security/Makefile > ============================================================================== > --- head/security/Makefile Sat Sep 6 06:16:50 2014 (r367403) > +++ head/security/Makefile Sat Sep 6 07:46:57 2014 (r367404) > @@ -1005,6 +1005,7 @@ > SUBDIR += wapiti > SUBDIR += webfwlog > SUBDIR += webscarab > + SUBDIR += webshag > SUBDIR += whatweb > SUBDIR += wipe > SUBDIR += xca > > Added: head/security/webshag/Makefile > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/webshag/Makefile Sat Sep 6 07:46:57 2014 (r367404) > @@ -0,0 +1,55 @@ > +# $FreeBSD$ > + > +PORTNAME= webshag > +PORTVERSION= 1.10 > +CATEGORIES= security www > +MASTER_SITES= http://www.scrt.ch/outils/webshag/ > +DISTNAME= ws110 > + > +MAINTAINER= clutton@zoho.com > +COMMENT= Multi-threaded, multi-platform web server audit tool > + > +LICENSE= GPLv3 LICENSE_FILE > +USES= python:2.7 dos2unix > +USE_PYTHON=distutils - Is 'autoplist' usable here given distutils is in use? - Tab align > +PYSETUP= setup.linux.py > + > +NO_WRKSUBDIR= yes > + > +OPTIONS_DEFINE= NMAP WXGTK > +OPTIONS_DEFAULT=NMAP > +OPTIONS_SUB= yes Tab alignment > +.include <bsd.port.options.mk> > + > +.if ${PORT_OPTIONS:MNMAP} > +BUILD_DEPENDS+= ${LOCALBASE}/bin/nmap:${PORTSDIR}/security/nmap > +.endif - OPTIONS helpers: NMAP_BUILD_DEPENDS= - Its definitely a BUILD not RUN_DEPENDS? > +.if ${PORT_OPTIONS:MWXGTK} > +USE_WX= 2.6+ > +WX_COMPS= python:run > +.endif > + > +post-patch: > + @${MV} ${WRKSRC}/config ${WRKSRC}/etc > + @${REINPLACE_CMD} -e 's|#!/usr/bin/python|#!/usr/bin/env python|g' \ > + ${WRKSRC}/webshag_cli.py > + @${REINPLACE_CMD} -e 's|#!/usr/bin/python|#!/usr/bin/env python|g' \ > + ${WRKSRC}/webshag_gui.py - USES=shebangfix? - Use ${PYTHON_CMD} ? 'python' may or may not exist > +do-install: > +.if ${PORT_OPTIONS:MWXGTK} > + ${INSTALL_SCRIPT} ${WRKSRC}/webshag_gui.py \ > + ${STAGEDIR}${PREFIX}/bin/webshag_gui > +.endif > + ${INSTALL_SCRIPT} ${WRKSRC}/webshag_cli.py \ > + ${STAGEDIR}${PREFIX}/bin/webshag_cli > + @${INSTALL_DATA} ${WRKSRC}/etc/webshag.conf ${STAGEDIR}${PREFIX}/etc > + (cd ${WRKSRC}/database && ${COPYTREE_SHARE} . \ > + ${STAGEDIR}${PREFIX}/share/webshag) > + (cd ${WRKSRC}/webshag && ${COPYTREE_SHARE} . \ > + ${STAGEDIR}${PYTHON_SITELIBDIR}/webshag) > + > +.include <bsd.port.mk> > > Added: head/security/webshag/distinfo > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/webshag/distinfo Sat Sep 6 07:46:57 2014 (r367404) > @@ -0,0 +1,2 @@ > +SHA256 (ws110.tar.gz) = a1ea1cc0c87e44a19fad7edc1658c6c57705aa1fc3ff3304f1e4a669b523a049 > +SIZE (ws110.tar.gz) = 1512389 > > Added: head/security/webshag/files/patch-setup_linux_py > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/webshag/files/patch-setup_linux_py Sat Sep 6 07:46:57 2014 (r367404) > @@ -0,0 +1,99 @@ > +--- /tmp/setup.linux.py 2014-08-29 20:27:32.000000000 +0300 > ++++ setup.linux.py 2014-08-29 20:57:35.000000000 +0300 > +@@ -24,21 +24,21 @@ > + ## INIT ## > + ## ################################################################# ## > + > +-path_prefix = os.path.abspath(os.path.curdir) + '/' > ++path_prefix = '/usr/local/' > + > + ## ################################################################# ## > + ## CONSTANTS ## > + ## ################################################################# ## > + > +-NMAP = u'/usr/bin/nmap' > ++NMAP = u'/usr/local/bin/nmap' > + CORE_FILE = u'webshag/core/core_file.py' > +-CFG_FILE = u'config/webshag.conf' > +-FUZZ_DIRS = path_prefix + u'/database/fuzzer/directory-list-2.3-small.txt' > +-FUZZ_FILES = path_prefix + u'/database/fuzzer/directory-list-1.0.txt' > +-FUZZ_EXT = path_prefix + u'/database/fuzzer/extensions.txt' > +-CUSTOM_DB = path_prefix + u'/database/custom' > +-NIKTO_DB = path_prefix + u'/database/nikto' > +-IDS_PROXIES = path_prefix + u'/database/proxies/proxies.txt' > ++CFG_FILE = u'etc/webshag.conf' > ++FUZZ_DIRS = path_prefix + u'share/webshag/fuzzer/directory-list-2.3-small.txt' > ++FUZZ_FILES = path_prefix + u'share/webshag/fuzzer/directory-list-1.0.txt' > ++FUZZ_EXT = path_prefix + u'share/webshag/fuzzer/extensions.txt' > ++CUSTOM_DB = path_prefix + u'share/webshag/custom' > ++NIKTO_DB = path_prefix + u'share/webshag/nikto' > ++IDS_PROXIES = path_prefix + u'share/webshag/proxies/proxies.txt' > + > + CORE_CFG_RE = re.compile(ur'CFG_FILE\s=\s(?P<path>.*)') > + > +@@ -55,7 +55,7 @@ > + > + else: > + print u'Not Found!' > +- user_nmap = raw_input(u'[#] Please specify Nmap (nmap.exe) location (blank to skip): ') > ++ user_nmap = '' > + if user_nmap != '': > + if os.path.isfile(user_nmap): > + nmap = 'True' > +@@ -73,13 +73,8 @@ > + ## LIVE SEARCH APPID ## > + ## ################################################################# ## > + > +-user_live = raw_input(u'[#] Enter your Live Search AppID (blank to skip): ') > +-if user_live != '': > +- live_id = user_live > +- print u'[*] Live Search AppID: ' + user_live + u'\t Done!' > +-else: > +- live_id = '' > +- print u'[!] AppID missing. Domain information module will not be functional.' > ++live_id = 'False' > ++print u'[!] AppID missing. Insert your LiveID into etc/webshag.conf.' > + > + ## ################################################################# ## > + ## ALTERING FILES ## > +@@ -92,14 +87,14 @@ > + # core_file.py > + print u'[*] Patching source code (configuration file location)...\t', > + # reading file > +-core_file_handler = codecs.open(core_file, u'r', u'utf-8') > ++core_file_handler = codecs.open(u'webshag/core/core_file.py', u'r', u'utf-8') > + core_file_contents = core_file_handler.read() > + core_file_handler.close() > + # replacing path value > + old_path = CORE_CFG_RE.findall(core_file_contents)[-1] > + core_file_contents = core_file_contents.replace(old_path, '\'' + cfg_file + '\'') > + # writing file back > +-core_file_handler = codecs.open(core_file, u'w', u'utf-8') > ++core_file_handler = codecs.open(u'webshag/core/core_file.py', u'w', u'utf-8') > + core_file_handler.write(core_file_contents) > + core_file_handler.close() > + print u'Done!' > +@@ -107,7 +102,7 @@ > + # webshag.conf > + print u'[*] Fixing configuration file settings...\t', > + configParser = SafeConfigParser() > +-configParser.readfp(codecs.open(cfg_file, u'r', u'utf-8')) > ++configParser.readfp(codecs.open(u'etc/webshag.conf', u'r', u'utf-8')) > + configParser.set(u'core_file', u'fuzzer_file_list', FUZZ_FILES) > + configParser.set(u'core_file', u'fuzzer_dir_list', FUZZ_DIRS) > + configParser.set(u'core_file', u'fuzzer_ext_list', FUZZ_EXT) > +@@ -117,7 +112,7 @@ > + configParser.set(u'module_info', u'live_id', live_id) > + configParser.set(u'module_portscan', u'nmap', nmap) > + configParser.set(u'module_portscan', u'nmap_location', nmap_location) > +-cfg_file_handler = codecs.open(cfg_file, u'w', u'utf-8') > ++cfg_file_handler = codecs.open(u'etc/webshag.conf', u'w', u'utf-8') > + configParser.write(cfg_file_handler) > + cfg_file_handler.close() > + print u'Done!' > +@@ -129,5 +124,3 @@ > + print '' > + print 'Thanks for your interest in webshag! It is now ready to be used!' > + print 'Enjoy! For more information please visit www.scrt.ch' > +-print '' > +-raw_input('Press any key to exit.\n') > > Added: head/security/webshag/pkg-descr > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/webshag/pkg-descr Sat Sep 6 07:46:57 2014 (r367404) > @@ -0,0 +1,5 @@ > +Webshag is a multi-threaded, multi-platform web server audit tool. Written in > +Python, it gathers commonly useful functionalities for web server auditing like > +website crawling, URL scanning or file fuzzing. > + > +WWW: http://www.scrt.ch/en/attack/downloads/webshag > > Added: head/security/webshag/pkg-plist > ============================================================================== > --- /dev/null 00:00:00 1970 (empty, because file is newly added) > +++ head/security/webshag/pkg-plist Sat Sep 6 07:46:57 2014 (r367404) > @@ -0,0 +1,49 @@ > +bin/webshag_cli > +%%WXGTK%%bin/webshag_gui > +%%ETCDIR%%.conf Does this need a filename? > +%%PYTHON_SITELIBDIR%%/webshag/__init__.py > +%%PYTHON_SITELIBDIR%%/webshag/core/__init__.py > +%%PYTHON_SITELIBDIR%%/webshag/core/core_error.py > +%%PYTHON_SITELIBDIR%%/webshag/core/core_file.py > +%%PYTHON_SITELIBDIR%%/webshag/core/core_http.py > +%%PYTHON_SITELIBDIR%%/webshag/core/core_utilities.py > +%%PYTHON_SITELIBDIR%%/webshag/export/__init__.py > +%%PYTHON_SITELIBDIR%%/webshag/export/export.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/__init__.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_fuzz.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_images.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_info.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_pscan.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_spider.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_uscan.py > +%%PYTHON_SITELIBDIR%%/webshag/gui/gui_widgets.py > +%%PYTHON_SITELIBDIR%%/webshag/modules/__init__.py > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_fuzz.py > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_info.py > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_pscan.py > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_spider.py > +%%PYTHON_SITELIBDIR%%/webshag/modules/module_uscan.py > +%%PYTHON_SITELIBDIR%%/webshag/update/__init__.py > +%%PYTHON_SITELIBDIR%%/webshag/update/update.py > +%%DATADIR%%/custom/banners.db > +%%DATADIR%%/custom/custom_tests.db > +%%DATADIR%%/fuzzer/directory-list-1.0.txt > +%%DATADIR%%/fuzzer/directory-list-2.3-small.txt > +%%DATADIR%%/fuzzer/extensions.txt > +%%DATADIR%%/nikto/db_tests > +%%DATADIR%%/nikto/db_variables > +%%DATADIR%%/proxies/proxies.txt > +@dirrmtry %%DATADIR%%/proxies > +@dirrmtry %%DATADIR%%/nikto > +@dirrmtry %%DATADIR%%/fuzzer > +@dirrmtry %%DATADIR%%/custom > +@dirrmtry %%DATADIR%% > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/update > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/modules > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/gui > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/export > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/core > +@dirrmtry %%PYTHON_SITELIBDIR%%/webshag > +@dirrmtry %%PYTHON_SITELIBDIR%% > +@dirrmtry %%PYTHON_LIBDIR%% >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?540AD4A8.4050705>