Johannes, On Sun, Apr 28, 2013 at 8:33 AM, <jweberho...@weberhofer.at> wrote: > Dear all! > > After some pause, I'm working on RPM packages of the current master > branch, which looks very promising. Still I have two issues:
That sounds great, totally recommend building from it. > 1) On startup, I always see the warning "WARNING: Failed to execute > tcpdump. Check it is installed and in the PATH"; that doesn't stop the > execution, but it should be possibly rewritten to something like that: > "INFO: tcpdump is not installed or you don't have enough permission to > run. Try to run as root in case you need tcpdump's features". This comes from scapy, which uses some annoying logging for those errors: $ wget http://hg.secdev.org/scapy/archive/tip.zip $ unzip tip.zip $ cd scapy-d02d7e7b0989/ $ find . -name '*.py' | xargs grep 'Failed to execute' ./scapy/arch/linux.py: log_loading.warning("Failed to execute tcpdump. Check it is installed and in the PATH") ./scapy/arch/linux.py: log_interactive.warning("Failed to execute tcpdump: (%s)") I think the problem can be solved by disabling the warnings before loading scapy in dependency_check.py and then re-enabling warnings. Please see http://docs.python.org/2/library/warnings.html , pull-requests are welcome :) > 2) The second problem causes a regular user to not be able to run w3af > in case he does not own the installation directory. The only appearing > message is: "Error while reading plugin options: "Invalid file option > value "output-w3af.csv", the user doesn't have enough permissions to > write to the specified directory." > > Strace shows the following lines: > > ------------- > open("/usr/share/w3af/plugins/output/itertools.pyc", O_RDONLY) = -1 > ENOENT (No such file or directory) > close(3) = 0 > getcwd("/usr/share/w3af", 1024) = 16 > stat("/usr/share/w3af", {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > access("/usr/share/w3af", W_OK) = -1 EACCES (Permission denied) > futex(0x7f11480012e0, FUTEX_WAKE_PRIVATE, 1) = 1 > ------------- > > In case the user is the owner of /usr/share/s3af, the strace continues > with: > ------------- > open("/usr/share/w3af/plugins/bruteforce/itertools.pyc", O_RDONLY) = -1 > ENOENT (No such file or directo > ry) > close(3) = 0 > getcwd("/usr/share/w3af", 1024) = 16 > stat("/usr/share/w3af/core/controllers/bruteforce", > {st_mode=S_IFDIR|0755, st_size=4096, ...}) = 0 > access("/usr/share/w3af/core/controllers/bruteforce", R_OK) = 0 > ------------- > > I hope, that can help you improve w3af, so that it can pacakged for > installation on opensuse and fedora... Hmmm, that's something I wasn't expecting actually... have you checked in the packages repository [0] to see if some other packager solved this issue without modifying w3af? If nobody did this with a "cd" to the current directory or something similar, let me know and I'll think about a solution. [0] https://github.com/andresriancho/w3af-packages > Best regards, > Johannes > > > ------------------------------------------------------------------------------ > Try New Relic Now & We'll Send You this Cool Shirt > New Relic is the only SaaS-based application performance monitoring service > that delivers powerful full stack analytics. Optimize and monitor your > browser, app, & servers with just a few lines of code. Try New Relic > and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr > _______________________________________________ > W3af-develop mailing list > W3af-develop@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/w3af-develop -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ Try New Relic Now & We'll Send You this Cool Shirt New Relic is the only SaaS-based application performance monitoring service that delivers powerful full stack analytics. Optimize and monitor your browser, app, & servers with just a few lines of code. Try New Relic and get this awesome Nerd Life shirt! http://p.sf.net/sfu/newrelic_d2d_apr _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
