I have found another issue. During the scan using w3af_gui I see some vulns in Log tab but "Results -> KB Browser" is empty.
30.03.2014 19:02, Taras пишет: > Andres, > > workaround with "--system-site-packages" has helped, thanks. > P.S. I also had to delete some installed system packages like pdfminer > because of version conflicts. > > 30.03.2014 18:00, Andres Riancho пишет: >> This might help: >> >> cd ~ >> apt-get install -y python-pip # This step might change in your OS >> pip install virtualenv >> mkdir w3af-release >> cd w3af-release >> virtualenv --system-site-packages venv >> . venv/bin/activate >> git clone https://github.com/andresriancho/w3af.git >> cd w3af >> git checkout develop >> ./w3af_gui >> . /tmp/w3af_dependency_install.sh >> >> Note the added "--system-site-packages" >> >> On Sun, Mar 30, 2014 at 10:57 AM, Andres Riancho >> <andres.rian...@gmail.com> wrote: >>> You might be hitting something like this [0], where your virtualenv >>> doesn't have access to the package installed using "apt-get" >>> >>> [0] http://stackoverflow.com/questions/3580520/python-virtualenv-gtk-2-0 >>> >>> On Sun, Mar 30, 2014 at 10:40 AM, Andres Riancho >>> <andres.rian...@gmail.com> wrote: >>>> And if inside the virtualenv you run: >>>> >>>> pip freeze | grep gtk >>>> >>>> You get something? >>>> >>>> On Sun, Mar 30, 2014 at 10:26 AM, Taras <ox...@oxdef.info> wrote: >>>>>>> Ok, install them all. Try ./w3af_gui >>>>>>> >>>>>>> Actual result: >>>>>>> >>>>>>> $ ./w3af_gui >>>>>>> The GTK package requirements are not met, please make sure your system >>>>>>> meets >>>>>>> these requirements: >>>>>>> - PyGTK >= 2.12 >>>>>>> - GTK >= 2.12 >>>>>> >>>>>> >>>>>> OS? What do you get when running: >>>>>> >>>>>> import pygtk >>>>>> pygtk.require('2.0') >>>>>> import gtk >>>>>> import gobject >>>>>> print gtk.gtk_version >= (2, 12) >>>>>> print gtk.pygtk_version >= (2, 12) >>>>> >>>>> >>>>> Ops, sorry I forget about this information. >>>>> >>>>> $ lsb_release -a >>>>> No LSB modules are available. >>>>> Distributor ID: Ubuntu >>>>> Description: Ubuntu 13.10 >>>>> Release: 13.10 >>>>> Codename: saucy >>>>> >>>>> *Inside* virtualenv: >>>>> >>>>> $ python -c 'import gtk' >>>>> Traceback (most recent call last): >>>>> File "<string>", line 1, in <module> >>>>> ImportError: No module named gtk >>>>> >>>>> Outside: >>>>> $ python -c 'import gtk;print gtk.pygtk_version' >>>>> (2, 24, 0) >>>>> >>>>> pygtk is installed as system package >>>>> >>>>> $ dpkg -l | grep python-gtk >>>>> ii python-gtk2 2.24.0-3ubuntu1 >>>>> >>>>> >>>>> >>>>> >>>>>> >>>>>>> >>>>>>> 28.03.2014 01:18, Andres Riancho пишет: >>>>>>>> >>>>>>>> >>>>>>>> List, >>>>>>>> >>>>>>>> Every now and then I ask for a favor, nd... well... now I'm >>>>>>>> >>>>>>>> asking for one! The next release will be on Monday, and I need you to >>>>>>>> test w3af to make sure it doesn't have any critical bugs before I >>>>>>>> merge into develop into master. >>>>>>>> >>>>>>>> I've been working hard on fixing a ton of bugs, improving >>>>>>>> performance, continuous integration and many other things. >>>>>>>> >>>>>>>> All 1300+ unittests PASS in the continuous integration system, >>>>>>>> but >>>>>>>> there's nothing like real-user testing. If you have a couple of >>>>>>>> minutes to help, please follow these steps to install a virtualenv >>>>>>>> with w3af inside: >>>>>>>> >>>>>>>> cd ~ >>>>>>>> apt-get install -y python-pip # This step might change in your OS >>>>>>>> pip install virtualenv >>>>>>>> mkdir w3af-release >>>>>>>> cd w3af-release >>>>>>>> virtualenv venv >>>>>>>> . venv/bin/activate >>>>>>>> git clone https://github.com/andresriancho/w3af.git >>>>>>>> cd w3af >>>>>>>> git checkout develop >>>>>>>> ./w3af_gui >>>>>>>> . /tmp/w3af_dependency_install.sh >>>>>>>> >>>>>>>> Please report any installation bugs here [0]. >>>>>>>> >>>>>>>> Now the fun part :) Scan a site! In the same console (where >>>>>>>> virtualenv is enabled) run: >>>>>>>> >>>>>>>> ./w3af_gui >>>>>>>> >>>>>>>> Configure w3af [1] and run a scan. Please report any >>>>>>>> tracebacks, >>>>>>>> false positives, false negatives, etc. here [0]. All your bug reports >>>>>>>> will be much appreciated! >>>>>>>> >>>>>>>> Thanks! >>>>>>>> >>>>>>>> [0] https://github.com/andresriancho/w3af/issues/new >>>>>>>> [1] >>>>>>>> http://docs.w3af.org/en/develop/gui/scanning.html#configuring-the-scan >>>>>>>> >>>>>>>> Regards, >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Taras >>>>>>> https://www.oxdef.info >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>>> -- >>>>> Taras >>>>> https://www.oxdef.info >>>> >>>> >>>> >>>> -- >>>> Andrés Riancho >>>> Project Leader at w3af - http://w3af.org/ >>>> Web Application Attack and Audit Framework >>>> Twitter: @w3af >>>> GPG: 0x93C344F3 >>> >>> >>> >>> -- >>> Andrés Riancho >>> Project Leader at w3af - http://w3af.org/ >>> Web Application Attack and Audit Framework >>> Twitter: @w3af >>> GPG: 0x93C344F3 >> >> >> > -- Taras https://www.oxdef.info ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
