Re: [W3af-develop] [W3af-users] Kali packaging for w3af - Automated and unittested
Christian, On Sat, Apr 5, 2014 at 10:05 PM, Christian Heinrich christian.heinr...@cmlh.id.au wrote: Andres, As far as I am aware there no tests specific to Python and Kali Linux i.e. https://wiki.debian.org/Python/Packaging#Example_2:_Python_application The workflow I use is to create the Kali package then install it on a new Kali VM (I use snapshots under VMWare so the test is repeatable) and execute all the w3af tests within the Kali Linux terminal itself i.e. not executed as part of the package installation itself. The above might not be clear so I will put a wiki page with screenshots together and publish it on GitHub. It was clear, thanks. No need for that wiki with screenshots. Were you able to test the latest w3af in Kali? We packaged 1.6.0.1 Regards, On Fri, Apr 4, 2014 at 10:34 PM, Andres Riancho andres.rian...@gmail.com wrote: Christian, Did you review the changes in the w3af package? What can we improve? Could you test the package in a vanilla Kali? I believe that running all tests is not an option for testing the deb package, running all packages simply takes a lot of time. We could write one or two tests, with a target of a local webserver, and run a simple scan against that... but as with everything I'm doing these days, I would like it to be automated. The tool to use in this case seems to be auto-pkg-test: any experience with that? [0] http://packaging.ubuntu.com/html/auto-pkg-test.html Regards, On Thu, Apr 3, 2014 at 9:27 PM, Christian Heinrich christian.heinr...@cmlh.id.au wrote: Andres, The w3af nose tests, etc should be executed within the ./DEBIAN/rules file i.e. https://github.com/andresriancho/w3af-kali/blob/master/debian/rules. As far as I am aware there is no Continuous Integration (CI) for Kali Linux however CI should be possible with Tox and Jenkins. You have also raised Tox in the past within https://github.com/andresriancho/w3af/issues/1048 On Fri, Apr 4, 2014 at 1:33 AM, Andres Riancho andres.rian...@gmail.com wrote: How do you believe we can improve the package? Could you run some tests over it to make sure it works well? Do you believe we could add some type of automated build + test to the process to make sure it doesn't break? -- Regards, Christian Heinrich http://cmlh.id.au/contact -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- Regards, Christian Heinrich http://cmlh.id.au/contact -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- Put Bad Developers to Shame Dominate Development with Jenkins Continuous Integration Continuously Automate Build, Test Deployment Start a new project now. Try Jenkins in the cloud. http://p.sf.net/sfu/13600_Cloudbees ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] [W3af-users] Kali packaging for w3af - Automated and unittested
Andres, As far as I am aware there no tests specific to Python and Kali Linux i.e. https://wiki.debian.org/Python/Packaging#Example_2:_Python_application The workflow I use is to create the Kali package then install it on a new Kali VM (I use snapshots under VMWare so the test is repeatable) and execute all the w3af tests within the Kali Linux terminal itself i.e. not executed as part of the package installation itself. The above might not be clear so I will put a wiki page with screenshots together and publish it on GitHub. On Fri, Apr 4, 2014 at 10:34 PM, Andres Riancho andres.rian...@gmail.com wrote: Christian, Did you review the changes in the w3af package? What can we improve? Could you test the package in a vanilla Kali? I believe that running all tests is not an option for testing the deb package, running all packages simply takes a lot of time. We could write one or two tests, with a target of a local webserver, and run a simple scan against that... but as with everything I'm doing these days, I would like it to be automated. The tool to use in this case seems to be auto-pkg-test: any experience with that? [0] http://packaging.ubuntu.com/html/auto-pkg-test.html Regards, On Thu, Apr 3, 2014 at 9:27 PM, Christian Heinrich christian.heinr...@cmlh.id.au wrote: Andres, The w3af nose tests, etc should be executed within the ./DEBIAN/rules file i.e. https://github.com/andresriancho/w3af-kali/blob/master/debian/rules. As far as I am aware there is no Continuous Integration (CI) for Kali Linux however CI should be possible with Tox and Jenkins. You have also raised Tox in the past within https://github.com/andresriancho/w3af/issues/1048 On Fri, Apr 4, 2014 at 1:33 AM, Andres Riancho andres.rian...@gmail.com wrote: How do you believe we can improve the package? Could you run some tests over it to make sure it works well? Do you believe we could add some type of automated build + test to the process to make sure it doesn't break? -- Regards, Christian Heinrich http://cmlh.id.au/contact -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- Regards, Christian Heinrich http://cmlh.id.au/contact -- ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] [W3af-users] Kali packaging for w3af - Automated and unittested
Christian, Did you review the changes in the w3af package? What can we improve? Could you test the package in a vanilla Kali? I believe that running all tests is not an option for testing the deb package, running all packages simply takes a lot of time. We could write one or two tests, with a target of a local webserver, and run a simple scan against that... but as with everything I'm doing these days, I would like it to be automated. The tool to use in this case seems to be auto-pkg-test: any experience with that? [0] http://packaging.ubuntu.com/html/auto-pkg-test.html Regards, On Thu, Apr 3, 2014 at 9:27 PM, Christian Heinrich christian.heinr...@cmlh.id.au wrote: Andres, The w3af nose tests, etc should be executed within the ./DEBIAN/rules file i.e. https://github.com/andresriancho/w3af-kali/blob/master/debian/rules. As far as I am aware there is no Continuous Integration (CI) for Kali Linux however CI should be possible with Tox and Jenkins. You have also raised Tox in the past within https://github.com/andresriancho/w3af/issues/1048 On Fri, Apr 4, 2014 at 1:33 AM, Andres Riancho andres.rian...@gmail.com wrote: How do you believe we can improve the package? Could you run some tests over it to make sure it works well? Do you believe we could add some type of automated build + test to the process to make sure it doesn't break? -- Regards, Christian Heinrich http://cmlh.id.au/contact -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
Re: [W3af-develop] [W3af-users] Kali packaging for w3af - Automated and unittested
Christian, That's great, thanks! I've been talking with muts at the #kali-linux channel about packaging the latest w3af version and we've done some great progress. I believe that we're almost there :) If you're already used to how Kali packages stuff, this [0] should be a good starting point for you. How do you believe we can improve the package? Could you run some tests over it to make sure it works well? Do you believe we could add some type of automated build + test to the process to make sure it doesn't break? [0] http://git.kali.org/gitweb/?p=packages/w3af.git;a=summary Regards, On Wed, Apr 2, 2014 at 12:30 AM, Christian Heinrich christian.heinr...@cmlh.id.au wrote: Andres, I can assist and have maintained a package for Kali Linux since December 2012. On Wed, Apr 2, 2014 at 2:47 AM, Andres Riancho andres.rian...@gmail.com wrote: List, Anyone with experience packaging software for Debian/Ubuntu who wants to help out? I would like to create a set of scripts which are run each time I push to the repository, that will create the .deb file, install it in a chroot and test that it works by running a scan. Volunteers? Regards, -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- ___ W3af-users mailing list w3af-us...@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-users -- Regards, Christian Heinrich http://cmlh.id.au/contact -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 -- ___ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop