Any random vulns, or just of some specific type? On Sun, Mar 30, 2014 at 12:24 PM, Taras <ox...@oxdef.info> wrote: > I have found another issue. During the scan using w3af_gui I see some vulns > in Log tab but "Results -> KB Browser" is empty. > > 30.03.2014 19:02, Taras пишет: > >> Andres, >> >> workaround with "--system-site-packages" has helped, thanks. >> P.S. I also had to delete some installed system packages like pdfminer >> because of version conflicts. >> >> 30.03.2014 18:00, Andres Riancho пишет: >>> >>> This might help: >>> >>> cd ~ >>> apt-get install -y python-pip # This step might change in your OS >>> pip install virtualenv >>> mkdir w3af-release >>> cd w3af-release >>> virtualenv --system-site-packages venv >>> . venv/bin/activate >>> git clone https://github.com/andresriancho/w3af.git >>> cd w3af >>> git checkout develop >>> ./w3af_gui >>> . /tmp/w3af_dependency_install.sh >>> >>> Note the added "--system-site-packages" >>> >>> On Sun, Mar 30, 2014 at 10:57 AM, Andres Riancho >>> <andres.rian...@gmail.com> wrote: >>>> >>>> You might be hitting something like this [0], where your virtualenv >>>> doesn't have access to the package installed using "apt-get" >>>> >>>> [0] http://stackoverflow.com/questions/3580520/python-virtualenv-gtk-2-0 >>>> >>>> On Sun, Mar 30, 2014 at 10:40 AM, Andres Riancho >>>> <andres.rian...@gmail.com> wrote: >>>>> >>>>> And if inside the virtualenv you run: >>>>> >>>>> pip freeze | grep gtk >>>>> >>>>> You get something? >>>>> >>>>> On Sun, Mar 30, 2014 at 10:26 AM, Taras <ox...@oxdef.info> wrote: >>>>>>>> >>>>>>>> Ok, install them all. Try ./w3af_gui >>>>>>>> >>>>>>>> Actual result: >>>>>>>> >>>>>>>> $ ./w3af_gui >>>>>>>> The GTK package requirements are not met, please make sure your >>>>>>>> system >>>>>>>> meets >>>>>>>> these requirements: >>>>>>>> - PyGTK >= 2.12 >>>>>>>> - GTK >= 2.12 >>>>>>> >>>>>>> >>>>>>> >>>>>>> OS? What do you get when running: >>>>>>> >>>>>>> import pygtk >>>>>>> pygtk.require('2.0') >>>>>>> import gtk >>>>>>> import gobject >>>>>>> print gtk.gtk_version >= (2, 12) >>>>>>> print gtk.pygtk_version >= (2, 12) >>>>>> >>>>>> >>>>>> >>>>>> Ops, sorry I forget about this information. >>>>>> >>>>>> $ lsb_release -a >>>>>> No LSB modules are available. >>>>>> Distributor ID: Ubuntu >>>>>> Description: Ubuntu 13.10 >>>>>> Release: 13.10 >>>>>> Codename: saucy >>>>>> >>>>>> *Inside* virtualenv: >>>>>> >>>>>> $ python -c 'import gtk' >>>>>> Traceback (most recent call last): >>>>>> File "<string>", line 1, in <module> >>>>>> ImportError: No module named gtk >>>>>> >>>>>> Outside: >>>>>> $ python -c 'import gtk;print gtk.pygtk_version' >>>>>> (2, 24, 0) >>>>>> >>>>>> pygtk is installed as system package >>>>>> >>>>>> $ dpkg -l | grep python-gtk >>>>>> ii python-gtk2 2.24.0-3ubuntu1 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>>> >>>>>>>> >>>>>>>> 28.03.2014 01:18, Andres Riancho пишет: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> List, >>>>>>>>> >>>>>>>>> Every now and then I ask for a favor, nd... well... now I'm >>>>>>>>> >>>>>>>>> asking for one! The next release will be on Monday, and I need you >>>>>>>>> to >>>>>>>>> test w3af to make sure it doesn't have any critical bugs before I >>>>>>>>> merge into develop into master. >>>>>>>>> >>>>>>>>> I've been working hard on fixing a ton of bugs, improving >>>>>>>>> performance, continuous integration and many other things. >>>>>>>>> >>>>>>>>> All 1300+ unittests PASS in the continuous integration >>>>>>>>> system, but >>>>>>>>> there's nothing like real-user testing. If you have a couple of >>>>>>>>> minutes to help, please follow these steps to install a virtualenv >>>>>>>>> with w3af inside: >>>>>>>>> >>>>>>>>> cd ~ >>>>>>>>> apt-get install -y python-pip # This step might change in your OS >>>>>>>>> pip install virtualenv >>>>>>>>> mkdir w3af-release >>>>>>>>> cd w3af-release >>>>>>>>> virtualenv venv >>>>>>>>> . venv/bin/activate >>>>>>>>> git clone https://github.com/andresriancho/w3af.git >>>>>>>>> cd w3af >>>>>>>>> git checkout develop >>>>>>>>> ./w3af_gui >>>>>>>>> . /tmp/w3af_dependency_install.sh >>>>>>>>> >>>>>>>>> Please report any installation bugs here [0]. >>>>>>>>> >>>>>>>>> Now the fun part :) Scan a site! In the same console (where >>>>>>>>> virtualenv is enabled) run: >>>>>>>>> >>>>>>>>> ./w3af_gui >>>>>>>>> >>>>>>>>> Configure w3af [1] and run a scan. Please report any >>>>>>>>> tracebacks, >>>>>>>>> false positives, false negatives, etc. here [0]. All your bug >>>>>>>>> reports >>>>>>>>> will be much appreciated! >>>>>>>>> >>>>>>>>> Thanks! >>>>>>>>> >>>>>>>>> [0] https://github.com/andresriancho/w3af/issues/new >>>>>>>>> [1] >>>>>>>>> >>>>>>>>> http://docs.w3af.org/en/develop/gui/scanning.html#configuring-the-scan >>>>>>>>> >>>>>>>>> Regards, >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Taras >>>>>>>> https://www.oxdef.info >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>>> -- >>>>>> Taras >>>>>> https://www.oxdef.info >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Andrés Riancho >>>>> Project Leader at w3af - http://w3af.org/ >>>>> Web Application Attack and Audit Framework >>>>> Twitter: @w3af >>>>> GPG: 0x93C344F3 >>>> >>>> >>>> >>>> >>>> -- >>>> Andrés Riancho >>>> Project Leader at w3af - http://w3af.org/ >>>> Web Application Attack and Audit Framework >>>> Twitter: @w3af >>>> GPG: 0x93C344F3 >>> >>> >>> >>> >> > > -- > Taras > https://www.oxdef.info
-- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
