Taras,
Can't repro (see screenshot). If you see the console where you're
running w3af_gui , is there anything there that could be useful?
Traceback? Error?Regards, On Sun, Mar 30, 2014 at 12:45 PM, Taras <ox...@oxdef.info> wrote: > Any. KB Browser is empty in all. > > 30.03.2014 19:35, Andres Riancho пишет: > >> Any random vulns, or just of some specific type? >> >> On Sun, Mar 30, 2014 at 12:24 PM, Taras <ox...@oxdef.info> wrote: >>> >>> I have found another issue. During the scan using w3af_gui I see some >>> vulns >>> in Log tab but "Results -> KB Browser" is empty. >>> >>> 30.03.2014 19:02, Taras пишет: >>> >>>> Andres, >>>> >>>> workaround with "--system-site-packages" has helped, thanks. >>>> P.S. I also had to delete some installed system packages like pdfminer >>>> because of version conflicts. >>>> >>>> 30.03.2014 18:00, Andres Riancho пишет: >>>>> >>>>> >>>>> This might help: >>>>> >>>>> cd ~ >>>>> apt-get install -y python-pip # This step might change in your OS >>>>> pip install virtualenv >>>>> mkdir w3af-release >>>>> cd w3af-release >>>>> virtualenv --system-site-packages venv >>>>> . venv/bin/activate >>>>> git clone https://github.com/andresriancho/w3af.git >>>>> cd w3af >>>>> git checkout develop >>>>> ./w3af_gui >>>>> . /tmp/w3af_dependency_install.sh >>>>> >>>>> Note the added "--system-site-packages" >>>>> >>>>> On Sun, Mar 30, 2014 at 10:57 AM, Andres Riancho >>>>> <andres.rian...@gmail.com> wrote: >>>>>> >>>>>> >>>>>> You might be hitting something like this [0], where your virtualenv >>>>>> doesn't have access to the package installed using "apt-get" >>>>>> >>>>>> [0] >>>>>> http://stackoverflow.com/questions/3580520/python-virtualenv-gtk-2-0 >>>>>> >>>>>> On Sun, Mar 30, 2014 at 10:40 AM, Andres Riancho >>>>>> <andres.rian...@gmail.com> wrote: >>>>>>> >>>>>>> >>>>>>> And if inside the virtualenv you run: >>>>>>> >>>>>>> pip freeze | grep gtk >>>>>>> >>>>>>> You get something? >>>>>>> >>>>>>> On Sun, Mar 30, 2014 at 10:26 AM, Taras <ox...@oxdef.info> wrote: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Ok, install them all. Try ./w3af_gui >>>>>>>>>> >>>>>>>>>> Actual result: >>>>>>>>>> >>>>>>>>>> $ ./w3af_gui >>>>>>>>>> The GTK package requirements are not met, please make sure your >>>>>>>>>> system >>>>>>>>>> meets >>>>>>>>>> these requirements: >>>>>>>>>> - PyGTK >= 2.12 >>>>>>>>>> - GTK >= 2.12 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> OS? What do you get when running: >>>>>>>>> >>>>>>>>> import pygtk >>>>>>>>> pygtk.require('2.0') >>>>>>>>> import gtk >>>>>>>>> import gobject >>>>>>>>> print gtk.gtk_version >= (2, 12) >>>>>>>>> print gtk.pygtk_version >= (2, 12) >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> Ops, sorry I forget about this information. >>>>>>>> >>>>>>>> $ lsb_release -a >>>>>>>> No LSB modules are available. >>>>>>>> Distributor ID: Ubuntu >>>>>>>> Description: Ubuntu 13.10 >>>>>>>> Release: 13.10 >>>>>>>> Codename: saucy >>>>>>>> >>>>>>>> *Inside* virtualenv: >>>>>>>> >>>>>>>> $ python -c 'import gtk' >>>>>>>> Traceback (most recent call last): >>>>>>>> File "<string>", line 1, in <module> >>>>>>>> ImportError: No module named gtk >>>>>>>> >>>>>>>> Outside: >>>>>>>> $ python -c 'import gtk;print gtk.pygtk_version' >>>>>>>> (2, 24, 0) >>>>>>>> >>>>>>>> pygtk is installed as system package >>>>>>>> >>>>>>>> $ dpkg -l | grep python-gtk >>>>>>>> ii python-gtk2 2.24.0-3ubuntu1 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>> 28.03.2014 01:18, Andres Riancho пишет: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> List, >>>>>>>>>>> >>>>>>>>>>> Every now and then I ask for a favor, nd... well... now >>>>>>>>>>> I'm >>>>>>>>>>> >>>>>>>>>>> asking for one! The next release will be on Monday, and I need >>>>>>>>>>> you >>>>>>>>>>> to >>>>>>>>>>> test w3af to make sure it doesn't have any critical bugs before I >>>>>>>>>>> merge into develop into master. >>>>>>>>>>> >>>>>>>>>>> I've been working hard on fixing a ton of bugs, >>>>>>>>>>> improving >>>>>>>>>>> performance, continuous integration and many other things. >>>>>>>>>>> >>>>>>>>>>> All 1300+ unittests PASS in the continuous integration >>>>>>>>>>> system, but >>>>>>>>>>> there's nothing like real-user testing. If you have a couple of >>>>>>>>>>> minutes to help, please follow these steps to install a >>>>>>>>>>> virtualenv >>>>>>>>>>> with w3af inside: >>>>>>>>>>> >>>>>>>>>>> cd ~ >>>>>>>>>>> apt-get install -y python-pip # This step might change in your OS >>>>>>>>>>> pip install virtualenv >>>>>>>>>>> mkdir w3af-release >>>>>>>>>>> cd w3af-release >>>>>>>>>>> virtualenv venv >>>>>>>>>>> . venv/bin/activate >>>>>>>>>>> git clone https://github.com/andresriancho/w3af.git >>>>>>>>>>> cd w3af >>>>>>>>>>> git checkout develop >>>>>>>>>>> ./w3af_gui >>>>>>>>>>> . /tmp/w3af_dependency_install.sh >>>>>>>>>>> >>>>>>>>>>> Please report any installation bugs here [0]. >>>>>>>>>>> >>>>>>>>>>> Now the fun part :) Scan a site! In the same console >>>>>>>>>>> (where >>>>>>>>>>> virtualenv is enabled) run: >>>>>>>>>>> >>>>>>>>>>> ./w3af_gui >>>>>>>>>>> >>>>>>>>>>> Configure w3af [1] and run a scan. Please report any >>>>>>>>>>> tracebacks, >>>>>>>>>>> false positives, false negatives, etc. here [0]. All your bug >>>>>>>>>>> reports >>>>>>>>>>> will be much appreciated! >>>>>>>>>>> >>>>>>>>>>> Thanks! >>>>>>>>>>> >>>>>>>>>>> [0] https://github.com/andresriancho/w3af/issues/new >>>>>>>>>>> [1] >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> http://docs.w3af.org/en/develop/gui/scanning.html#configuring-the-scan >>>>>>>>>>> >>>>>>>>>>> Regards, >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Taras >>>>>>>>>> https://www.oxdef.info >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Taras >>>>>>>> https://www.oxdef.info >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Andrés Riancho >>>>>>> Project Leader at w3af - http://w3af.org/ >>>>>>> Web Application Attack and Audit Framework >>>>>>> Twitter: @w3af >>>>>>> GPG: 0x93C344F3 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Andrés Riancho >>>>>> Project Leader at w3af - http://w3af.org/ >>>>>> Web Application Attack and Audit Framework >>>>>> Twitter: @w3af >>>>>> GPG: 0x93C344F3 >>>>> >>>>> >>>>> >>>>> >>>>> >>>> >>> >>> -- >>> Taras >>> https://www.oxdef.info >> >> >> >> > > -- > Taras > https://www.oxdef.info -- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3
<<attachment: xss.png>>
------------------------------------------------------------------------------
_______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
