Andres, it is strange but now everything is fine... I see normal tree in KB Browser.
30.03.2014 20:27, Andres Riancho пишет: > Taras, > > Can't repro (see screenshot). If you see the console where you're > running w3af_gui , is there anything there that could be useful? > Traceback? Error? > > Regards, > > On Sun, Mar 30, 2014 at 12:45 PM, Taras <ox...@oxdef.info> wrote: >> Any. KB Browser is empty in all. >> >> 30.03.2014 19:35, Andres Riancho пишет: >> >>> Any random vulns, or just of some specific type? >>> >>> On Sun, Mar 30, 2014 at 12:24 PM, Taras <ox...@oxdef.info> wrote: >>>> >>>> I have found another issue. During the scan using w3af_gui I see some >>>> vulns >>>> in Log tab but "Results -> KB Browser" is empty. >>>> >>>> 30.03.2014 19:02, Taras пишет: >>>> >>>>> Andres, >>>>> >>>>> workaround with "--system-site-packages" has helped, thanks. >>>>> P.S. I also had to delete some installed system packages like pdfminer >>>>> because of version conflicts. >>>>> >>>>> 30.03.2014 18:00, Andres Riancho пишет: >>>>>> >>>>>> >>>>>> This might help: >>>>>> >>>>>> cd ~ >>>>>> apt-get install -y python-pip # This step might change in your OS >>>>>> pip install virtualenv >>>>>> mkdir w3af-release >>>>>> cd w3af-release >>>>>> virtualenv --system-site-packages venv >>>>>> . venv/bin/activate >>>>>> git clone https://github.com/andresriancho/w3af.git >>>>>> cd w3af >>>>>> git checkout develop >>>>>> ./w3af_gui >>>>>> . /tmp/w3af_dependency_install.sh >>>>>> >>>>>> Note the added "--system-site-packages" >>>>>> >>>>>> On Sun, Mar 30, 2014 at 10:57 AM, Andres Riancho >>>>>> <andres.rian...@gmail.com> wrote: >>>>>>> >>>>>>> >>>>>>> You might be hitting something like this [0], where your virtualenv >>>>>>> doesn't have access to the package installed using "apt-get" >>>>>>> >>>>>>> [0] >>>>>>> http://stackoverflow.com/questions/3580520/python-virtualenv-gtk-2-0 >>>>>>> >>>>>>> On Sun, Mar 30, 2014 at 10:40 AM, Andres Riancho >>>>>>> <andres.rian...@gmail.com> wrote: >>>>>>>> >>>>>>>> >>>>>>>> And if inside the virtualenv you run: >>>>>>>> >>>>>>>> pip freeze | grep gtk >>>>>>>> >>>>>>>> You get something? >>>>>>>> >>>>>>>> On Sun, Mar 30, 2014 at 10:26 AM, Taras <ox...@oxdef.info> wrote: >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> Ok, install them all. Try ./w3af_gui >>>>>>>>>>> >>>>>>>>>>> Actual result: >>>>>>>>>>> >>>>>>>>>>> $ ./w3af_gui >>>>>>>>>>> The GTK package requirements are not met, please make sure your >>>>>>>>>>> system >>>>>>>>>>> meets >>>>>>>>>>> these requirements: >>>>>>>>>>> - PyGTK >= 2.12 >>>>>>>>>>> - GTK >= 2.12 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> OS? What do you get when running: >>>>>>>>>> >>>>>>>>>> import pygtk >>>>>>>>>> pygtk.require('2.0') >>>>>>>>>> import gtk >>>>>>>>>> import gobject >>>>>>>>>> print gtk.gtk_version >= (2, 12) >>>>>>>>>> print gtk.pygtk_version >= (2, 12) >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> Ops, sorry I forget about this information. >>>>>>>>> >>>>>>>>> $ lsb_release -a >>>>>>>>> No LSB modules are available. >>>>>>>>> Distributor ID: Ubuntu >>>>>>>>> Description: Ubuntu 13.10 >>>>>>>>> Release: 13.10 >>>>>>>>> Codename: saucy >>>>>>>>> >>>>>>>>> *Inside* virtualenv: >>>>>>>>> >>>>>>>>> $ python -c 'import gtk' >>>>>>>>> Traceback (most recent call last): >>>>>>>>> File "<string>", line 1, in <module> >>>>>>>>> ImportError: No module named gtk >>>>>>>>> >>>>>>>>> Outside: >>>>>>>>> $ python -c 'import gtk;print gtk.pygtk_version' >>>>>>>>> (2, 24, 0) >>>>>>>>> >>>>>>>>> pygtk is installed as system package >>>>>>>>> >>>>>>>>> $ dpkg -l | grep python-gtk >>>>>>>>> ii python-gtk2 2.24.0-3ubuntu1 >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> 28.03.2014 01:18, Andres Riancho пишет: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> List, >>>>>>>>>>>> >>>>>>>>>>>> Every now and then I ask for a favor, nd... well... now >>>>>>>>>>>> I'm >>>>>>>>>>>> >>>>>>>>>>>> asking for one! The next release will be on Monday, and I need >>>>>>>>>>>> you >>>>>>>>>>>> to >>>>>>>>>>>> test w3af to make sure it doesn't have any critical bugs before I >>>>>>>>>>>> merge into develop into master. >>>>>>>>>>>> >>>>>>>>>>>> I've been working hard on fixing a ton of bugs, >>>>>>>>>>>> improving >>>>>>>>>>>> performance, continuous integration and many other things. >>>>>>>>>>>> >>>>>>>>>>>> All 1300+ unittests PASS in the continuous integration >>>>>>>>>>>> system, but >>>>>>>>>>>> there's nothing like real-user testing. If you have a couple of >>>>>>>>>>>> minutes to help, please follow these steps to install a >>>>>>>>>>>> virtualenv >>>>>>>>>>>> with w3af inside: >>>>>>>>>>>> >>>>>>>>>>>> cd ~ >>>>>>>>>>>> apt-get install -y python-pip # This step might change in your OS >>>>>>>>>>>> pip install virtualenv >>>>>>>>>>>> mkdir w3af-release >>>>>>>>>>>> cd w3af-release >>>>>>>>>>>> virtualenv venv >>>>>>>>>>>> . venv/bin/activate >>>>>>>>>>>> git clone https://github.com/andresriancho/w3af.git >>>>>>>>>>>> cd w3af >>>>>>>>>>>> git checkout develop >>>>>>>>>>>> ./w3af_gui >>>>>>>>>>>> . /tmp/w3af_dependency_install.sh >>>>>>>>>>>> >>>>>>>>>>>> Please report any installation bugs here [0]. >>>>>>>>>>>> >>>>>>>>>>>> Now the fun part :) Scan a site! In the same console >>>>>>>>>>>> (where >>>>>>>>>>>> virtualenv is enabled) run: >>>>>>>>>>>> >>>>>>>>>>>> ./w3af_gui >>>>>>>>>>>> >>>>>>>>>>>> Configure w3af [1] and run a scan. Please report any >>>>>>>>>>>> tracebacks, >>>>>>>>>>>> false positives, false negatives, etc. here [0]. All your bug >>>>>>>>>>>> reports >>>>>>>>>>>> will be much appreciated! >>>>>>>>>>>> >>>>>>>>>>>> Thanks! >>>>>>>>>>>> >>>>>>>>>>>> [0] https://github.com/andresriancho/w3af/issues/new >>>>>>>>>>>> [1] >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> http://docs.w3af.org/en/develop/gui/scanning.html#configuring-the-scan >>>>>>>>>>>> >>>>>>>>>>>> Regards, >>>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> -- >>>>>>>>>>> Taras >>>>>>>>>>> https://www.oxdef.info >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Taras >>>>>>>>> https://www.oxdef.info >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Andrés Riancho >>>>>>>> Project Leader at w3af - http://w3af.org/ >>>>>>>> Web Application Attack and Audit Framework >>>>>>>> Twitter: @w3af >>>>>>>> GPG: 0x93C344F3 >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Andrés Riancho >>>>>>> Project Leader at w3af - http://w3af.org/ >>>>>>> Web Application Attack and Audit Framework >>>>>>> Twitter: @w3af >>>>>>> GPG: 0x93C344F3 >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> >>>>> >>>> >>>> -- >>>> Taras >>>> https://www.oxdef.info >>> >>> >>> >>> >> >> -- >> Taras >> https://www.oxdef.info > > > -- Taras https://www.oxdef.info ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
