Any. KB Browser is empty in all. 30.03.2014 19:35, Andres Riancho пишет: > Any random vulns, or just of some specific type? > > On Sun, Mar 30, 2014 at 12:24 PM, Taras <ox...@oxdef.info> wrote: >> I have found another issue. During the scan using w3af_gui I see some vulns >> in Log tab but "Results -> KB Browser" is empty. >> >> 30.03.2014 19:02, Taras пишет: >> >>> Andres, >>> >>> workaround with "--system-site-packages" has helped, thanks. >>> P.S. I also had to delete some installed system packages like pdfminer >>> because of version conflicts. >>> >>> 30.03.2014 18:00, Andres Riancho пишет: >>>> >>>> This might help: >>>> >>>> cd ~ >>>> apt-get install -y python-pip # This step might change in your OS >>>> pip install virtualenv >>>> mkdir w3af-release >>>> cd w3af-release >>>> virtualenv --system-site-packages venv >>>> . venv/bin/activate >>>> git clone https://github.com/andresriancho/w3af.git >>>> cd w3af >>>> git checkout develop >>>> ./w3af_gui >>>> . /tmp/w3af_dependency_install.sh >>>> >>>> Note the added "--system-site-packages" >>>> >>>> On Sun, Mar 30, 2014 at 10:57 AM, Andres Riancho >>>> <andres.rian...@gmail.com> wrote: >>>>> >>>>> You might be hitting something like this [0], where your virtualenv >>>>> doesn't have access to the package installed using "apt-get" >>>>> >>>>> [0] http://stackoverflow.com/questions/3580520/python-virtualenv-gtk-2-0 >>>>> >>>>> On Sun, Mar 30, 2014 at 10:40 AM, Andres Riancho >>>>> <andres.rian...@gmail.com> wrote: >>>>>> >>>>>> And if inside the virtualenv you run: >>>>>> >>>>>> pip freeze | grep gtk >>>>>> >>>>>> You get something? >>>>>> >>>>>> On Sun, Mar 30, 2014 at 10:26 AM, Taras <ox...@oxdef.info> wrote: >>>>>>>>> >>>>>>>>> Ok, install them all. Try ./w3af_gui >>>>>>>>> >>>>>>>>> Actual result: >>>>>>>>> >>>>>>>>> $ ./w3af_gui >>>>>>>>> The GTK package requirements are not met, please make sure your >>>>>>>>> system >>>>>>>>> meets >>>>>>>>> these requirements: >>>>>>>>> - PyGTK >= 2.12 >>>>>>>>> - GTK >= 2.12 >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> OS? What do you get when running: >>>>>>>> >>>>>>>> import pygtk >>>>>>>> pygtk.require('2.0') >>>>>>>> import gtk >>>>>>>> import gobject >>>>>>>> print gtk.gtk_version >= (2, 12) >>>>>>>> print gtk.pygtk_version >= (2, 12) >>>>>>> >>>>>>> >>>>>>> >>>>>>> Ops, sorry I forget about this information. >>>>>>> >>>>>>> $ lsb_release -a >>>>>>> No LSB modules are available. >>>>>>> Distributor ID: Ubuntu >>>>>>> Description: Ubuntu 13.10 >>>>>>> Release: 13.10 >>>>>>> Codename: saucy >>>>>>> >>>>>>> *Inside* virtualenv: >>>>>>> >>>>>>> $ python -c 'import gtk' >>>>>>> Traceback (most recent call last): >>>>>>> File "<string>", line 1, in <module> >>>>>>> ImportError: No module named gtk >>>>>>> >>>>>>> Outside: >>>>>>> $ python -c 'import gtk;print gtk.pygtk_version' >>>>>>> (2, 24, 0) >>>>>>> >>>>>>> pygtk is installed as system package >>>>>>> >>>>>>> $ dpkg -l | grep python-gtk >>>>>>> ii python-gtk2 2.24.0-3ubuntu1 >>>>>>> >>>>>>> >>>>>>> >>>>>>> >>>>>>>> >>>>>>>>> >>>>>>>>> 28.03.2014 01:18, Andres Riancho пишет: >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> >>>>>>>>>> List, >>>>>>>>>> >>>>>>>>>> Every now and then I ask for a favor, nd... well... now I'm >>>>>>>>>> >>>>>>>>>> asking for one! The next release will be on Monday, and I need you >>>>>>>>>> to >>>>>>>>>> test w3af to make sure it doesn't have any critical bugs before I >>>>>>>>>> merge into develop into master. >>>>>>>>>> >>>>>>>>>> I've been working hard on fixing a ton of bugs, improving >>>>>>>>>> performance, continuous integration and many other things. >>>>>>>>>> >>>>>>>>>> All 1300+ unittests PASS in the continuous integration >>>>>>>>>> system, but >>>>>>>>>> there's nothing like real-user testing. If you have a couple of >>>>>>>>>> minutes to help, please follow these steps to install a virtualenv >>>>>>>>>> with w3af inside: >>>>>>>>>> >>>>>>>>>> cd ~ >>>>>>>>>> apt-get install -y python-pip # This step might change in your OS >>>>>>>>>> pip install virtualenv >>>>>>>>>> mkdir w3af-release >>>>>>>>>> cd w3af-release >>>>>>>>>> virtualenv venv >>>>>>>>>> . venv/bin/activate >>>>>>>>>> git clone https://github.com/andresriancho/w3af.git >>>>>>>>>> cd w3af >>>>>>>>>> git checkout develop >>>>>>>>>> ./w3af_gui >>>>>>>>>> . /tmp/w3af_dependency_install.sh >>>>>>>>>> >>>>>>>>>> Please report any installation bugs here [0]. >>>>>>>>>> >>>>>>>>>> Now the fun part :) Scan a site! In the same console (where >>>>>>>>>> virtualenv is enabled) run: >>>>>>>>>> >>>>>>>>>> ./w3af_gui >>>>>>>>>> >>>>>>>>>> Configure w3af [1] and run a scan. Please report any >>>>>>>>>> tracebacks, >>>>>>>>>> false positives, false negatives, etc. here [0]. All your bug >>>>>>>>>> reports >>>>>>>>>> will be much appreciated! >>>>>>>>>> >>>>>>>>>> Thanks! >>>>>>>>>> >>>>>>>>>> [0] https://github.com/andresriancho/w3af/issues/new >>>>>>>>>> [1] >>>>>>>>>> >>>>>>>>>> http://docs.w3af.org/en/develop/gui/scanning.html#configuring-the-scan >>>>>>>>>> >>>>>>>>>> Regards, >>>>>>>>>> >>>>>>>>> >>>>>>>>> -- >>>>>>>>> Taras >>>>>>>>> https://www.oxdef.info >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>>> >>>>>>> >>>>>>> -- >>>>>>> Taras >>>>>>> https://www.oxdef.info >>>>>> >>>>>> >>>>>> >>>>>> >>>>>> -- >>>>>> Andrés Riancho >>>>>> Project Leader at w3af - http://w3af.org/ >>>>>> Web Application Attack and Audit Framework >>>>>> Twitter: @w3af >>>>>> GPG: 0x93C344F3 >>>>> >>>>> >>>>> >>>>> >>>>> -- >>>>> Andrés Riancho >>>>> Project Leader at w3af - http://w3af.org/ >>>>> Web Application Attack and Audit Framework >>>>> Twitter: @w3af >>>>> GPG: 0x93C344F3 >>>> >>>> >>>> >>>> >>> >> >> -- >> Taras >> https://www.oxdef.info > > >
-- Taras https://www.oxdef.info ------------------------------------------------------------------------------ _______________________________________________ W3af-develop mailing list W3af-develop@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/w3af-develop
