@Taras: That's odd... On Sun, Mar 30, 2014 at 3:58 PM, Taras <ox...@oxdef.info> wrote: > Andres, it is strange but now everything is fine... > I see normal tree in KB Browser. > > 30.03.2014 20:27, Andres Riancho пишет: > >> Taras, >> >> Can't repro (see screenshot). If you see the console where you're >> running w3af_gui , is there anything there that could be useful? >> Traceback? Error? >> >> Regards, >> >> On Sun, Mar 30, 2014 at 12:45 PM, Taras <ox...@oxdef.info> wrote: >>> >>> Any. KB Browser is empty in all. >>> >>> 30.03.2014 19:35, Andres Riancho пишет: >>> >>>> Any random vulns, or just of some specific type? >>>> >>>> On Sun, Mar 30, 2014 at 12:24 PM, Taras <ox...@oxdef.info> wrote: >>>>> >>>>> >>>>> I have found another issue. During the scan using w3af_gui I see some >>>>> vulns >>>>> in Log tab but "Results -> KB Browser" is empty. >>>>> >>>>> 30.03.2014 19:02, Taras пишет: >>>>> >>>>>> Andres, >>>>>> >>>>>> workaround with "--system-site-packages" has helped, thanks. >>>>>> P.S. I also had to delete some installed system packages like pdfminer >>>>>> because of version conflicts. >>>>>> >>>>>> 30.03.2014 18:00, Andres Riancho пишет: >>>>>>> >>>>>>> >>>>>>> >>>>>>> This might help: >>>>>>> >>>>>>> cd ~ >>>>>>> apt-get install -y python-pip # This step might change in your OS >>>>>>> pip install virtualenv >>>>>>> mkdir w3af-release >>>>>>> cd w3af-release >>>>>>> virtualenv --system-site-packages venv >>>>>>> . venv/bin/activate >>>>>>> git clone https://github.com/andresriancho/w3af.git >>>>>>> cd w3af >>>>>>> git checkout develop >>>>>>> ./w3af_gui >>>>>>> . /tmp/w3af_dependency_install.sh >>>>>>> >>>>>>> Note the added "--system-site-packages" >>>>>>> >>>>>>> On Sun, Mar 30, 2014 at 10:57 AM, Andres Riancho >>>>>>> <andres.rian...@gmail.com> wrote: >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> You might be hitting something like this [0], where your virtualenv >>>>>>>> doesn't have access to the package installed using "apt-get" >>>>>>>> >>>>>>>> [0] >>>>>>>> http://stackoverflow.com/questions/3580520/python-virtualenv-gtk-2-0 >>>>>>>> >>>>>>>> On Sun, Mar 30, 2014 at 10:40 AM, Andres Riancho >>>>>>>> <andres.rian...@gmail.com> wrote: >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> And if inside the virtualenv you run: >>>>>>>>> >>>>>>>>> pip freeze | grep gtk >>>>>>>>> >>>>>>>>> You get something? >>>>>>>>> >>>>>>>>> On Sun, Mar 30, 2014 at 10:26 AM, Taras <ox...@oxdef.info> wrote: >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> Ok, install them all. Try ./w3af_gui >>>>>>>>>>>> >>>>>>>>>>>> Actual result: >>>>>>>>>>>> >>>>>>>>>>>> $ ./w3af_gui >>>>>>>>>>>> The GTK package requirements are not met, please make sure your >>>>>>>>>>>> system >>>>>>>>>>>> meets >>>>>>>>>>>> these requirements: >>>>>>>>>>>> - PyGTK >= 2.12 >>>>>>>>>>>> - GTK >= 2.12 >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> OS? What do you get when running: >>>>>>>>>>> >>>>>>>>>>> import pygtk >>>>>>>>>>> pygtk.require('2.0') >>>>>>>>>>> import gtk >>>>>>>>>>> import gobject >>>>>>>>>>> print gtk.gtk_version >= (2, 12) >>>>>>>>>>> print gtk.pygtk_version >= (2, 12) >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> Ops, sorry I forget about this information. >>>>>>>>>> >>>>>>>>>> $ lsb_release -a >>>>>>>>>> No LSB modules are available. >>>>>>>>>> Distributor ID: Ubuntu >>>>>>>>>> Description: Ubuntu 13.10 >>>>>>>>>> Release: 13.10 >>>>>>>>>> Codename: saucy >>>>>>>>>> >>>>>>>>>> *Inside* virtualenv: >>>>>>>>>> >>>>>>>>>> $ python -c 'import gtk' >>>>>>>>>> Traceback (most recent call last): >>>>>>>>>> File "<string>", line 1, in <module> >>>>>>>>>> ImportError: No module named gtk >>>>>>>>>> >>>>>>>>>> Outside: >>>>>>>>>> $ python -c 'import gtk;print gtk.pygtk_version' >>>>>>>>>> (2, 24, 0) >>>>>>>>>> >>>>>>>>>> pygtk is installed as system package >>>>>>>>>> >>>>>>>>>> $ dpkg -l | grep python-gtk >>>>>>>>>> ii python-gtk2 2.24.0-3ubuntu1 >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> 28.03.2014 01:18, Andres Riancho пишет: >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> List, >>>>>>>>>>>>> >>>>>>>>>>>>> Every now and then I ask for a favor, nd... well... >>>>>>>>>>>>> now >>>>>>>>>>>>> I'm >>>>>>>>>>>>> >>>>>>>>>>>>> asking for one! The next release will be on Monday, and I need >>>>>>>>>>>>> you >>>>>>>>>>>>> to >>>>>>>>>>>>> test w3af to make sure it doesn't have any critical bugs before >>>>>>>>>>>>> I >>>>>>>>>>>>> merge into develop into master. >>>>>>>>>>>>> >>>>>>>>>>>>> I've been working hard on fixing a ton of bugs, >>>>>>>>>>>>> improving >>>>>>>>>>>>> performance, continuous integration and many other things. >>>>>>>>>>>>> >>>>>>>>>>>>> All 1300+ unittests PASS in the continuous >>>>>>>>>>>>> integration >>>>>>>>>>>>> system, but >>>>>>>>>>>>> there's nothing like real-user testing. If you have a couple of >>>>>>>>>>>>> minutes to help, please follow these steps to install a >>>>>>>>>>>>> virtualenv >>>>>>>>>>>>> with w3af inside: >>>>>>>>>>>>> >>>>>>>>>>>>> cd ~ >>>>>>>>>>>>> apt-get install -y python-pip # This step might change in your >>>>>>>>>>>>> OS >>>>>>>>>>>>> pip install virtualenv >>>>>>>>>>>>> mkdir w3af-release >>>>>>>>>>>>> cd w3af-release >>>>>>>>>>>>> virtualenv venv >>>>>>>>>>>>> . venv/bin/activate >>>>>>>>>>>>> git clone https://github.com/andresriancho/w3af.git >>>>>>>>>>>>> cd w3af >>>>>>>>>>>>> git checkout develop >>>>>>>>>>>>> ./w3af_gui >>>>>>>>>>>>> . /tmp/w3af_dependency_install.sh >>>>>>>>>>>>> >>>>>>>>>>>>> Please report any installation bugs here [0]. >>>>>>>>>>>>> >>>>>>>>>>>>> Now the fun part :) Scan a site! In the same console >>>>>>>>>>>>> (where >>>>>>>>>>>>> virtualenv is enabled) run: >>>>>>>>>>>>> >>>>>>>>>>>>> ./w3af_gui >>>>>>>>>>>>> >>>>>>>>>>>>> Configure w3af [1] and run a scan. Please report any >>>>>>>>>>>>> tracebacks, >>>>>>>>>>>>> false positives, false negatives, etc. here [0]. All your bug >>>>>>>>>>>>> reports >>>>>>>>>>>>> will be much appreciated! >>>>>>>>>>>>> >>>>>>>>>>>>> Thanks! >>>>>>>>>>>>> >>>>>>>>>>>>> [0] https://github.com/andresriancho/w3af/issues/new >>>>>>>>>>>>> [1] >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> >>>>>>>>>>>>> http://docs.w3af.org/en/develop/gui/scanning.html#configuring-the-scan >>>>>>>>>>>>> >>>>>>>>>>>>> Regards, >>>>>>>>>>>>> >>>>>>>>>>>> >>>>>>>>>>>> -- >>>>>>>>>>>> Taras >>>>>>>>>>>> https://www.oxdef.info >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>>> >>>>>>>>>> >>>>>>>>>> -- >>>>>>>>>> Taras >>>>>>>>>> https://www.oxdef.info >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Andrés Riancho >>>>>>>>> Project Leader at w3af - http://w3af.org/ >>>>>>>>> Web Application Attack and Audit Framework >>>>>>>>> Twitter: @w3af >>>>>>>>> GPG: 0x93C344F3 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> -- >>>>>>>> Andrés Riancho >>>>>>>> Project Leader at w3af - http://w3af.org/ >>>>>>>> Web Application Attack and Audit Framework >>>>>>>> Twitter: @w3af >>>>>>>> GPG: 0x93C344F3 >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>> >>>>> >>>>> -- >>>>> Taras >>>>> https://www.oxdef.info >>>> >>>> >>>> >>>> >>>> >>> >>> -- >>> Taras >>> https://www.oxdef.info >> >> >> >> > > -- > Taras > https://www.oxdef.info
-- Andrés Riancho Project Leader at w3af - http://w3af.org/ Web Application Attack and Audit Framework Twitter: @w3af GPG: 0x93C344F3 ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
