Johannes , On Wed, Feb 22, 2012 at 9:07 PM, Johannes Weberhofer <jweberho...@weberhofer.at> wrote: > Andres, > > Am 22.02.12 21:20, schrieb Andres Riancho: >> >> Johannes, >> >> On Wed, Feb 22, 2012 at 4:48 PM, Johannes Weberhofer >> <jweberho...@weberhofer.at> wrote: >>> >>> Andres, >>> >>> can this file be complied from the files that are coming with an >>> installed >>> nikto rpm? It is allowed to distribute the files with nikto, so I could >>> write a script to copy/compile/link the file in case the lines can be >>> selected by a rule!? >> >> >> I'm not sure what you're saying. w3af uses 100% of the lines in scan >> database not only a few of them. >> > > In nikto/plugins I find the following databases: > > db_httpoptions > db_subdomains > db_404_strings > db_multiple_index > db_tests > db_embedded > db_outdated > db_variables > > It is allowed to distribute those with the nikto rpm-package, as the > copyright says: "This file may only be distributed and used with the full > Nikto package." > > My idea is, to combine those to the scan_database.db file in the > setup-script. But I do not know, if that will result in the lines contained > in scan_database.db, as I do not really know, how this has been assembled...
Nope, it's not the same stuff. What I would do in your position is fairly simple, the package generation script for Suse should REMOVE the scandatabase and the pykto.py plugin. With that we loose some features, but nothing major. The only issue that this may bring is that some profiles (see profiles/ directory) reference the pykto plugin and might show an error when loading. It would be possible to remove those references as well since the profiles are simply text files. Regards, > > Johannes > >>> >>> Am 20.02.12 23:55, schrieb Andres Riancho: >>> >>>> Johannes, >>>> >>>> On Mon, Feb 20, 2012 at 1:01 PM, Johannes Weberhofer >>>> <jweberho...@weberhofer.at> wrote: >>>>> >>>>> >>>>> Dear all, >>>>> >>>>> there is a licensing issue with the file >>>>> plugins/discovery/pykto/scan_database.db . >>>>> >>>>> Is there a permission to distribute this file? >>>> >>>> >>>> >>>> Sadly no, that's why debian packagers removed the pykto plugin and the >>>> databse >>>> >>>>> It seems to be derived from the nikto tool. There has already been an >>>>> discussion about that: >>>>> http://attrition.org/pipermail/nikto-discuss/2009-March/000140.html >>>>> >>>>> I don't know, which parts of the database are included in the above >>>>> mentioned files. But is there a way, to use the databases from the >>>>> nikto >>>>> packages instead of the included ones? Which databases can be used? >>>>> Upon >>>>> packaging, it would be possible to symlink or compile some of >>>>> the original files... >>>>> >>>>> Best regards, >>>>> Johannes Weberhofer >>>>> >>>>> >>>>> -- >>>>> Johannes Weberhofer >>>>> Weberhofer GmbH, Austria, Vienna >>>>> >>>>> >>>>> >>>>> >>>>> ------------------------------------------------------------------------------ >>>>> Try before you buy = See our experts in action! >>>>> The most comprehensive online learning library for Microsoft developers >>>>> is just $99.99! Visual Studio, SharePoint, SQL - plus HTML5, CSS3, >>>>> MVC3, >>>>> Metro Style Apps, more. Free future releases when you subscribe now! >>>>> http://p.sf.net/sfu/learndevnow-dev2 >>>>> _______________________________________________ >>>>> W3af-develop mailing list >>>>> W3af-develop@lists.sourceforge.net >>>>> https://lists.sourceforge.net/lists/listinfo/w3af-develop >>>> >>>> >>>> >>>> >>>> >>> >>> -- >>> Johannes Weberhofer >>> Weberhofer GmbH, Austria, Vienna >> >> >> >> > > -- > Johannes Weberhofer > Weberhofer GmbH, Austria, Vienna -- Andrés Riancho Director of Web Security at Rapid7 LLC Founder at Bonsai Information Security Project Leader at w3af ------------------------------------------------------------------------------ Virtualization & Cloud Management Using Capacity Planning Cloud computing makes use of virtualization - but cloud computing also focuses on allowing computing to be delivered as a service. http://www.accelacomm.com/jaw/sfnl/114/51521223/ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
