James,
Thanks for your email, comments and questions inline:
On Wed, Sep 18, 2019 at 4:00 PM James Pifer <j...@obrien-pifer.com> wrote:
>
> I came across w3af and have it installed (for the most part). With the
> help of docker I'm able to run the console, but I keep getting this when
> I run the gui:
>
> user1@UbuntuDocker:/opt/w3af/extras/docker/scripts$ sudo ./w3af_gui_docker
> [sudo] password for user1:
> root@172.17.0.2's password:
> w3af's requirements are not met, one or more third-party libraries need
> to be installed.
>
> On Ubuntu 12.04 systems please install the following operating system
> packages before running the pip installer:
> sudo apt-get -y install python-webkit
>
> A script with these commands has been created for you at
> /tmp/w3af_dependency_install.sh
>
> (process:18): Gtk-WARNING **: Locale not supported by C library.
> Using the fallback 'C' locale.
> /usr/lib/python2.7/dist-packages/gtk-2.0/gtk/__init__.py:57: GtkWarning:
> could not open display
> warnings.warn(str(e), _gtk.Warning)
> user1@UbuntuDocker:/opt/w3af/extras/docker/scripts$
>
>
>
> $ sudo apt-get -y install python-webkit
> Reading package lists... Done
> Building dependency tree
> Reading state information... Done
> python-webkit is already the newest version (1.1.8-3.1).
>
>
> Not sure where to go from here. Any suggestions?
Got the same error when trying to run it myself.
Tried to build a new docker version and failed to do it in the time I had.
I recommend you try to install w3af in your OS, most likely using virtualenv:
http://docs.w3af.org/en/latest/advanced-install.html#installing-using-virtualenv
> I've run some scans from the console using the target/set target and
> plugins enable all on several URLs trying to prepare for an audit. I
> really have yet to find anything. Maybe our apps are more secure than I
> think and there really is nothing to find. The scans are also very
> quick, whereas Tenable takes a long time to run scans. Is that normal?
Quick is very relative.
Scan times depend on the site size, number of enabled plugins, the
network connection speed, etc.
> Not sure how to know whether it's really working.
To know if the scan is working I recommend enabling the text_file
output plugin with `debug` set to True. Then `tail -f` the file to see
HTTP requests being sent.
> Anyway, really appreciate what the app is doing. I'm not a security
> expert, just an IT guy, so any help is appreciated.
>
> Thanks!
>
>
>
>
> _______________________________________________
> W3af-users mailing list
> W3af-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/w3af-users
--
Andrés Riancho
Project Leader at w3af - http://w3af.org/
Web Application Attack and Audit Framework
Twitter: @w3af
GPG: 0x93C344F3
_______________________________________________
W3af-users mailing list
W3af-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/w3af-users
