diff options
Diffstat (limited to 'wapiti')
-rw-r--r-- | wapiti/.SRCINFO | 31 | ||||
-rw-r--r-- | wapiti/ChangeLog | 398 | ||||
-rw-r--r-- | wapiti/PKGBUILD | 41 |
3 files changed, 470 insertions, 0 deletions
diff --git a/wapiti/.SRCINFO b/wapiti/.SRCINFO new file mode 100644 index 0000000..2dfd12f --- /dev/null +++ b/wapiti/.SRCINFO | |||
@@ -0,0 +1,31 @@ | |||
1 | pkgbase = wapiti | ||
2 | pkgdesc = Comprehensive web app vulnerability scanner written in Python | ||
3 | pkgver = 3.1.3 | ||
4 | pkgrel = 1 | ||
5 | url = https://wapiti-scanner.github.io | ||
6 | changelog = ChangeLog | ||
7 | arch = any | ||
8 | license = GPL | ||
9 | makedepends = python-setuptools | ||
10 | depends = python | ||
11 | depends = python-requests | ||
12 | depends = python-beautifulsoup4 | ||
13 | depends = python-lxml | ||
14 | depends = python-yaswfp | ||
15 | depends = python-browser-cookie3 | ||
16 | depends = python-mako | ||
17 | depends = python-python-socks | ||
18 | depends = python-tld | ||
19 | depends = python-httpx | ||
20 | depends = python-aiocache | ||
21 | depends = python-aiosqlite | ||
22 | depends = python-sqlalchemy | ||
23 | depends = python-loguru | ||
24 | depends = python-cryptography | ||
25 | optdepends = python-requests-kerberos: Kerberos authentication | ||
26 | optdepends = python-requests-ntlm: NTLM authentication | ||
27 | options = zipman | ||
28 | source = https://github.com/wapiti-scanner/wapiti/releases/download/3.1.3/wapiti3-3.1.3.tar.gz | ||
29 | sha256sums = 83ffef39199f92f530f7de7b47dbfb93ab2c9c97d3bbee93473084cba5796c61 | ||
30 | |||
31 | pkgname = wapiti | ||
diff --git a/wapiti/ChangeLog b/wapiti/ChangeLog new file mode 100644 index 0000000..ff8f2a5 --- /dev/null +++ b/wapiti/ChangeLog | |||
@@ -0,0 +1,398 @@ | |||
1 | 09/07/2022 | ||
2 | Wapiti 3.1.3 | ||
3 | Reports: Add a new --detailed-report option that will put HTTP responses (headers and bodies) in the report. | ||
4 | Crawler: Add a new --mitm-port option that will replace the crawler with an intercepting proxy (mitmproxy) | ||
5 | Core: Dropped support of Python 3.7 | ||
6 | |||
7 | 13/05/2022 | ||
8 | Wapiti 3.1.2 | ||
9 | mod_http_headers: Deprecate X-XSS-Protection header | ||
10 | mod_drupal_enum: Reduce false positives | ||
11 | mod_csp: Rework some WSTG categories | ||
12 | Crawler: Fix crash caused by unclosed async httpx responses | ||
13 | |||
14 | 23/02/2022 | ||
15 | Wapiti 3.1.1 | ||
16 | Crawler: Fix a bug preventing Wapiti to scan websites with bad ciphers (SSL 3, TLS 1.0 for example) | ||
17 | Report: Add some unicode emojis in the HTML report to indicate the criticality of each vulnerability | ||
18 | XXE: more payloads to target non-PHP applications + raise a warning when the DTD file was reached by the target but exfiltration didn't succeed | ||
19 | CLI: --update option will only update chosen modules | ||
20 | CLI: New --data option allows to launch attacks on a single POST request. This option expect a url-encoded string. | ||
21 | |||
22 | 06/02/2022 | ||
23 | Wapiti 3.1.0 | ||
24 | Crawler: Fix passing named "button" tags in HTML forms | ||
25 | Modules: Skip modules that fails to load properly (missing dependencies, code error, etc) | ||
26 | Log4Shell: Attack POST parameters too, support for attacks on VMWare vSphere and some Apache products (Struts, Druid and Solr) | ||
27 | CSRF: Django anti-CSRF token added to the whitelist | ||
28 | Modules: Added references to WSTG code for each supported attack, separate Reflected XSS from Stored XSS in reports | ||
29 | Crawler: Improved the parsing of HTML redirections (meta refresh) | ||
30 | HashThePlanet: Added a new module to detect technologies and software versions based on the hashes of files. | ||
31 | Crawler: Removed httpx-socks dependencies in favor of builtin SOCKS support in httpx. SOCKS support is fixed. | ||
32 | Crawler: Upgraded httpcore to latest version in order to fix the ValueError exception that could occur on modules with high concurrency (buster, nikto) | ||
33 | Core: Load correctly resources if Wapiti is running from an egg file. | ||
34 | |||
35 | 15/12/2021 | ||
36 | Wapiti 3.0.9 | ||
37 | CLI: New "passive" module option allows to use less aggressives modules only | ||
38 | WP_ENUM: Improve detection of Wordpress | ||
39 | SSL: New module to check TLS/SSL configuration, powered by SSLyze | ||
40 | Log4Shell: New attack module to detect the infamous vulnerability | ||
41 | |||
42 | 18/11/2021 | ||
43 | Wapiti 3.0.8 | ||
44 | CLI: prevent users from using -a without specifying --auth-type (and vice versa) | ||
45 | Crawler: Upgrade HTTP related dependencies (httpx, httpcore, httpx-socks) | ||
46 | |||
47 | 14/10/2021 | ||
48 | Wapiti 3.0.7 | ||
49 | Crawler: Extract URLs from AngularJS based websites | ||
50 | Crawler: Support HTTP responses compressed with Brotli | ||
51 | Crawler: Fix handling of upload forms (due to moving to httpx), handling of button fields having a value | ||
52 | CLI: Added option to log output to a file | ||
53 | Modules: Increased speed of modules Nikto, buster, drupal_enum, brute_login_form thank to concurrency | ||
54 | Modules: Added a module to detect subdomain takeovers | ||
55 | XSS: Removed references to wapiti3.ovh for XSS payloads | ||
56 | Modules: Fixed some false positives in modules backup, Nikto and SQL | ||
57 | Modules: Upgrade Wappalyzer module | ||
58 | Crawler: Upgrade HTTP related dependencies (httpx, httpcore) | ||
59 | |||
60 | 13/05/2021 | ||
61 | Wapiti 3.0.5 | ||
62 | SQL: boolean based blind SQL injection support added | ||
63 | Report: added CSV as output format | ||
64 | Cookie: you can drop cookies from HTTP responses with --drop-set-cookie | ||
65 | Cookie: you can load cookies from your browser with -c <chrome or firefox> | ||
66 | Session: fixed an issue that could cause URLs being rescanned when resuming a session | ||
67 | CMS: New modules to detect versions and installed modules for Wordpress and Drupal | ||
68 | Fingerprinting: several issues fixed on mod_wapp | ||
69 | Crawler: HTTP requests are processed concurrently for faster crawling. Check the new --tasks option. | ||
70 | |||
71 | 20/02/2021 | ||
72 | Wapiti 3.0.4 | ||
73 | XSS: improved context awareness of HTML webpage, payloads can now use the existing HTML tags without closing them | ||
74 | XSS: greatly reduced number of false negatives while slightly reducing false positives | ||
75 | XSS: the module will also check for the CSP header and warn if reflection was found while a strong CSP seems present | ||
76 | XSS: reduced memory and CPU consumption | ||
77 | XSS: added more payloads to bypass filters and WAF | ||
78 | Exec: added a few more payloads | ||
79 | SQL: more heuristics to detect DBMS used on the target | ||
80 | Wappalyzer module allows to detect software used by a website, along with versions | ||
81 | New module to check the security settings of Cookies (HttpOnly, secure, etc) | ||
82 | New module to check the security settings for HTTP headers (Strict-Transport-Security, X-Frame-Options, etc) | ||
83 | New module to check the security settings for Content-Security-Policy | ||
84 | New module to check for forms vulnerable to CSRF (either no anti-CSRF token is present or it is not well implemented) | ||
85 | New module to brute-force found login forms with known default credentials (admin/admin, demo/demo, etc) | ||
86 | New --update option allows to get last updates for detections databases (Wappalyzer and Nikto) | ||
87 | New --max-attack-time options allows to limit the execution time of each attack module | ||
88 | New --store-config options allows to set the path for Wapiti configuration files (detection databases) | ||
89 | Combining the new "-a post" authentication option along with -s allows to login on the target without using wapiti-getcookie | ||
90 | Removed jQuery dependency | ||
91 | Fixed several issues with endpoints | ||
92 | |||
93 | 20/02/2020 | ||
94 | Wapiti 3.0.3 | ||
95 | An important work was made to reduce false positives in XSS detections. | ||
96 | That research involved scanning more than 1 million websites to discover those issues. | ||
97 | More details here: http://devloop.users.sourceforge.net/index.php?article217/one-crazy-month-of-web-vulnerability-scanning | ||
98 | |||
99 | 02/09/2019 | ||
100 | Wapiti 3.0.2 | ||
101 | New XXE module cans end payloads in parameters, query string, file uploads and raw body. | ||
102 | New module for detection Open Redirect vulnerabilities (header based our HTML meta based or JS based). | ||
103 | Fixed domain scope scanning. | ||
104 | Reduced false positives in attack modules (specially time based ones). | ||
105 | Reduced invalid links generated by js analysis and ignore obviously malformed HTML links. | ||
106 | Do not crawl CSS files and remove query strings from JS files when crawling. | ||
107 | Improved and changed existing payloads. | ||
108 | Improved extracting forms from HTML pages (radio buttons / select, ...) | ||
109 | Support for more POST enctypes (sending XML or JSON for example, currently only leveraged by mod_xxe) | ||
110 | --store-session option allow to specify a path where .db and .pkl files are stored. | ||
111 | --endpoint --internal-endpoint --external-endpoint options to set your own endpoint and receive requests from target | ||
112 | Authentications options can now be used with wapiti-getcookie. | ||
113 | Js parser can now deal with HTML comments. | ||
114 | More comprehensive choices when doing Ctrl+C during scan (eg: 'c' to continue, 'q' to quit) | ||
115 | Fixed lot of bugs thank to received crash dumps. | ||
116 | |||
117 | 11/05/2018 | ||
118 | Wapiti 3.0.1 | ||
119 | New module mod_methods to detect interesting methods which might be allowed by scripts (PUT, PROPFIND, etc) | ||
120 | New module mod_ssrf to detect Server Side Request Forgery vulnerabilities (requires Internet access) | ||
121 | Improved mod_xss and mod_permanentxss modules to reduce false positives. | ||
122 | Changed some XSS payloads for something more visual (banner at top the the webpage). | ||
123 | Changed bug reporting URL. | ||
124 | Fixed issue #54 in lamejs JS parser. | ||
125 | Removed lxml and libxml2 as a dependency. That parser have difficulties to parse exotic encodings. | ||
126 | |||
127 | 03/01/2017 | ||
128 | Release of Wapiti 3.0.0 | ||
129 | |||
130 | 02/01/2018 | ||
131 | Added --list-modules and --resume-crawl options. | ||
132 | |||
133 | 23/12/2017 | ||
134 | Ported to Python3. | ||
135 | Persister rewritten to use sqlite3 databases (for session management). | ||
136 | Added ascii-art because you know... it's an attack tool so it's required feature. | ||
137 | Changed output format (stdout) to something more like sqlmap output. | ||
138 | python-lxml and libxml2 are required dependencies unless you opt-out with --with-html5lib at setup. | ||
139 | SOCKS5 proxy support is back. | ||
140 | New -u mandatory option must be use to specify the base URL. | ||
141 | Added -d (--depth) option to limit the maximum depth of links following. | ||
142 | Added -H (--header) option to add HTTP headers to every request. | ||
143 | Added -A (--user-agent) option to set the User-Agent string. | ||
144 | Added --skip option to skip parameters during attacks. | ||
145 | Added -S (--scan-force) option to control the ammount of requests sent for attacks. | ||
146 | Added --max-parameters to not attack URLs anf forms having more than X input parameters. | ||
147 | Added -l (--level) option to allow attacking query strings without parameters. | ||
148 | Added --max-scan-time option to stop the scan after the given amount of minutes. | ||
149 | Added a buster module for directory and file busting. | ||
150 | Added a Shellshock detection module. | ||
151 | Added buitin list of well known parameters to skip during attack. | ||
152 | More control on execution flow when KeyboardInterrupt is triggered. | ||
153 | Reduced false-positives situations on time-based attacks (mainly blind_sql) | ||
154 | Replace getopt for argparse. | ||
155 | Fixed bugs related to obtaining user's locale (issue #20). | ||
156 | Enhancement to support new CVE notation [issue 37). | ||
157 | Can now report minor issues (notices) besides anomalies and vulnerabilities. | ||
158 | Added mod_delay module to report time consuming webpages. | ||
159 | Renamed some options (should be easier to remember). | ||
160 | More exec, file, xss payloads. | ||
161 | Fixed a bug with JSON cookie management for IPv6 addresses and custom ports. | ||
162 | XSS attack module can escape HTML comments for payload generation. | ||
163 | Fixed -r issue on URLs having only one parameter. | ||
164 | No SSL/TLS check by default (--verify-ssl behavior). | ||
165 | Added a Mutator class for easy payload injection in parameters. | ||
166 | Rewrote report generators, added Mako as a dependency for HTML reports. Less JS. | ||
167 | Crash report are send to a website, opt-out with --no-bugreport. | ||
168 | Improvements on backup, sql and exec modules submitted by Milan Bartos. | ||
169 | Payload files can now include special flags that will be interpreted by Wapiti. | ||
170 | wapiti-cookie and wapiti-getcookie were merged in a new wapiti-getcookie tool. | ||
171 | |||
172 | |||
173 | 20/10/2013 | ||
174 | Version 2.3.0 | ||
175 | Fixed a colosseum of bugs, especially related to unicode. | ||
176 | Software is much more stable. | ||
177 | New report template for HTML (using Kube CSS). | ||
178 | Using v2.1.5 of Nikto database for mod_nikto. | ||
179 | Replaced httplib2 with (python-)requests for everything related to HTTP. | ||
180 | Remove BeautifulSoup from package. It is still required however. | ||
181 | Core rewrite (PEP8 + more Pythonic) | ||
182 | New payloads for the backup, XSS, blind SQL, exec and file modules + more | ||
183 | detection rules. | ||
184 | So many improvements on lswww (crawler) that I can't make a list here. But | ||
185 | Wapiti reached 48% on Wivet. | ||
186 | Wapiti cookie format is now based on JSON. | ||
187 | Removed SOCKS proxy support (you will have to use a HTTP to SOCKS proxy). | ||
188 | Added a HTTPResource class for easier module creation. | ||
189 | Code restructuration for better setup. | ||
190 | Attack of parameters in query string even for HTTP POST requests. | ||
191 | Attack on file uploads (injection in file names). | ||
192 | Simpler (and less buggy) colored output with -c. | ||
193 | A CURL PoC is given for each vulnerability/anomaly found + raw HTTP | ||
194 | request representation in reports. | ||
195 | No more parameter reordering + can handle parameters repetition. | ||
196 | Added a JSON report generator + fixed the HTML report generator. | ||
197 | Added an option to not check SSL certificates. | ||
198 | mod_xss : noscipt tag escaping. | ||
199 | Can work on parameters that don't have a value in query string. | ||
200 | mod_crlf is not activated by default anymore (must call it with -m). | ||
201 | Startings URLs (-s) will be fetched even if out of scope. | ||
202 | Proxy support for wapiti-getcookie. and wapiti-cookie. | ||
203 | Attempt to bring an OpenVAS report generator. | ||
204 | Added an home-made SWF parser to extract URLs from flash files. | ||
205 | Added an home-made (and more than basic) JS interpreter based on the | ||
206 | pynarcissus parser. Lot of work still needs to be done on this. | ||
207 | New logo and webpage at wapiti.sf.net. | ||
208 | Added german and malaysian translations. | ||
209 | Added a script to create standalone archive for Windows (with py2exe). | ||
210 | |||
211 | 29/12/2009 | ||
212 | Version 2.2.1 (already) | ||
213 | Bugfixes only | ||
214 | Fixed a bug in lswww if root url is not given complete. | ||
215 | Fixed a bug in lswww with a call to BeautifulSoup made on non text files. | ||
216 | Fixed a bug that occured when verbosity = 2. Unicode error on stderr. | ||
217 | Check the document's content-type and extension before attacking files on | ||
218 | the query string. | ||
219 | Added a timeout check in the nikto module when downloading the database. | ||
220 | |||
221 | 28/12/2009 | ||
222 | Version 2.2.0 | ||
223 | Added a manpage. | ||
224 | Internationalization : translations of Wapiti in spanish and french. | ||
225 | Options -k and -i allow the scan to be saved and restored later. | ||
226 | Added option -b to set the scope of the scan based on the root url given. | ||
227 | Wrote a library to save handle cookies and save them in XML format. | ||
228 | Modules are now loaded dynamically with a dependency system. | ||
229 | Rewrote the -m option used to activate / deactivate attack modules. | ||
230 | New module to search for backup files of scripts on the target webserver. | ||
231 | New module to search for weakly configured .htaccess. | ||
232 | New module to search dangerous files based on the Nikto database. | ||
233 | Differ "raw" XSS from "urlencoded" XSS. | ||
234 | Updated BeautifulSoup to version 3.0.8. | ||
235 | Better encoding support for webpages (convert to Unicode) | ||
236 | Added "resource consumption" as a vulnerability type. | ||
237 | Fixed bug ID 2779441 "Python Version 2.5 required?" | ||
238 | Fixed bug with special characters in HTML reports. | ||
239 | |||
240 | 05/04/2008 | ||
241 | Added more patterns for file handling vulnerabilities in PHP. | ||
242 | Added GET_SQL and POST_SQL as modules (-m) for attacks. | ||
243 | Modifier getcookie.py and cookie.py so they try to get the cookies | ||
244 | even if cookielib fails. | ||
245 | |||
246 | 27/03/2007 | ||
247 | Updated ChangeLogs | ||
248 | |||
249 | 26/03/2009 | ||
250 | Fixed bug ID 2433127. Comparison was made with HTTP error codes | ||
251 | on numeric values but httplib2 return the status code as a string. | ||
252 | Forbid httplib2 to handle HTTP redirections. Wapiti and lswww will | ||
253 | take care of this (more checks on urls...) | ||
254 | Fixed a bug with Blind SQL attacks (the same attack could be launched | ||
255 | several times) | ||
256 | Fixed an error in blindSQLPayloads.txt. | ||
257 | Changed the error message when Wapiti don't get any data from lswww. | ||
258 | Verifications to be sure blind SQL attacks won't be launched if "standard" | ||
259 | SQL attacks works. | ||
260 | |||
261 | 25/03/2009 | ||
262 | Exported blind SQL payloads from the code. Now in config file | ||
263 | blindSQLPayloads.txt. | ||
264 | Set timeout for time-based BSQL attacks to timetout used for HTTP | ||
265 | requests + 1 second. | ||
266 | Added Blind SQL as a type of vulnerability in the report generator. | ||
267 | More verbosity for permanent XSS scan. | ||
268 | More docstrings. | ||
269 | Updated the REAME. | ||
270 | |||
271 | 24/03/2009 | ||
272 | Added some docstring to the code. | ||
273 | Removed warnign on alpha code. | ||
274 | First Blind SQL Injection implementation in Wapiti. | ||
275 | Fixed some timeout errors. | ||
276 | |||
277 | 22/03/2009 | ||
278 | Fixed character encoding error in sql injection module. | ||
279 | Changed the md5 and sha1 import in httplib2 to hashlib. | ||
280 | |||
281 | 28/11/2008 | ||
282 | Google Charts API is added to generate the charts of the reports. | ||
283 | |||
284 | 15/11/2008 | ||
285 | Re-integration of standard HTTP proxies in httplib2. | ||
286 | Integration of HTTP CONNECT tunneling in Wapiti. | ||
287 | Fixed bug ID 2257654 "getcookie.py error missing action in html form" | ||
288 | |||
289 | 02/11/2008 | ||
290 | Integraded the proxy implementation of httplib2 in Wapiti. | ||
291 | Can now use SOCKSv5 and SOCKSv4 proxies. | ||
292 | |||
293 | 22/10/2008 | ||
294 | Fixed a bug with Cookie headers. | ||
295 | |||
296 | 19/10/2008 | ||
297 | Remplaced urllib2 by httplib2. | ||
298 | Wapiti now use persistent HTTP connections, speed up the scan. | ||
299 | Included a python SOCKS library. | ||
300 | |||
301 | 09/10/2008 | ||
302 | Version 2.0.0-beta | ||
303 | Added the possibility to generate reports of the vulnerabilities found | ||
304 | in HTML, XML or plain-text format. See options -o and -f. | ||
305 | HTTP authentification now works. | ||
306 | Added the option -n (or --nice) to prevent endless loops during scanning. | ||
307 | More patterns for SQL vulnerability detection | ||
308 | Code refactoring : more clear and more object-oriented | ||
309 | New XSS function is now fully implemented | ||
310 | The payloads have been separated from the code into configuration files. | ||
311 | Updated BeautifulSoup | ||
312 | |||
313 | 15/09/2008 | ||
314 | Version 1.1.7-alpha | ||
315 | Use GET method if not specified in "method" tag | ||
316 | Keep an history of XSS payloads | ||
317 | New XSS engine for GET method using a list of payloads to bypass filters | ||
318 | New module HTTP.py for http requests | ||
319 | Added fpassthru to file handling warnings | ||
320 | Added a new new detection string for MS-SQL, submitted by Joe McCray | ||
321 | |||
322 | 28/01/2007 | ||
323 | Version 1.1.6 | ||
324 | New version of lswww | ||
325 | |||
326 | 24/10/2006 | ||
327 | Version 1.1.5 | ||
328 | Wildcard exclusion with -x (--exclude) option | ||
329 | |||
330 | 22/10/2006 | ||
331 | Fixed a typo in wapiti.py (setAuthCreddentials : one 'd' is enough) | ||
332 | Fixed a bug with set_auth_credentials. | ||
333 | |||
334 | 07/10/2006 | ||
335 | Version 1.1.4 | ||
336 | Some modifications have been made on getccokie.py so it can work | ||
337 | on Webmin (and probably more web applications) | ||
338 | Added -t (--timeout) option to set the timeout in seconds | ||
339 | Added -v (--verbose) option to set the verbosity. Three available | ||
340 | modes : | ||
341 | 0: only print found vulnerabilities | ||
342 | 1: print current attacked urls (existing urls) | ||
343 | 2: print every attack payload and url (very much information... good | ||
344 | for debugging) | ||
345 | Wapiti is much more modular and comes with some functions to set scan | ||
346 | and attack options... look the code ;) | ||
347 | Some defaults options are available as "modules" with option -m | ||
348 | (--module) : | ||
349 | GET_XSS: only scan for XSS with HTTP GET method (no post) | ||
350 | POST_XSS: XSS attacks using POST and not GET | ||
351 | GET_ALL: every attack without POST requests | ||
352 | |||
353 | 12/08/2006 | ||
354 | Version 1.1.3 | ||
355 | Fixed the timeout bug with chunked responses | ||
356 | (ID = 1536565 on SourceForge) | ||
357 | |||
358 | 09/08/2006 | ||
359 | Version 1.1.2 | ||
360 | Fixed a bug with HTTP 500 and POST attacks | ||
361 | |||
362 | 05/08/2006 | ||
363 | Version 1.1.1 | ||
364 | Fixed the UnboundLocalError due to socket timeouts | ||
365 | (bug ID = 1534415 on SourceForge) | ||
366 | |||
367 | 27/07/2006 | ||
368 | Version 1.1.0 with urllib2 | ||
369 | Detection string for mysql_error() | ||
370 | Changed the mysql payload (see http://shiflett.org/archive/184 ) | ||
371 | Modification of the README file | ||
372 | |||
373 | 22/07/2006 | ||
374 | Added CRLF Injection. | ||
375 | |||
376 | 20/07/2006 | ||
377 | Added LDAP Injection and Command Execution (eval, system, passthru...) | ||
378 | |||
379 | 11/07/2006 | ||
380 | -r (--remove) option to remove parameters from URLs | ||
381 | Support for Basic HTTP Auth added but don't work with Python 2.4. | ||
382 | Proxy support. | ||
383 | Now use cookie files (option "-c file" or "--cookie file") | ||
384 | -u (--underline) option to highlight vulnerable parameter in URL | ||
385 | Detect more vulnerabilities. | ||
386 | |||
387 | 04/07/2006: | ||
388 | Now attacks scripts using QUERY_STRING as a parameter | ||
389 | (i.e. http://server/script?attackme) | ||
390 | |||
391 | 23/06/2006: | ||
392 | Version 1.0.1 | ||
393 | Can now use cookies !! (use -c var=data or --cookie var=data) | ||
394 | Two utilities added : getcookie.py (interactive) and cookie.py (command line) to get a cookie. | ||
395 | Now on Sourceforge | ||
396 | |||
397 | 25/04/2006: | ||
398 | Version 1.0.0 | ||
diff --git a/wapiti/PKGBUILD b/wapiti/PKGBUILD new file mode 100644 index 0000000..d645313 --- /dev/null +++ b/wapiti/PKGBUILD | |||
@@ -0,0 +1,41 @@ | |||
1 | # Maintainer : Yigit Sever <yigit at yigitsever dot com> | ||
2 | # Contributor : Kr1ss $(echo \<kr1ss+x-yandex+com\>|sed s/\+/./g\;s/\-/@/) | ||
3 | # Contributor : mickael9 <mickael9 at gmail dot com> | ||
4 | |||
5 | pkgname=wapiti | ||
6 | pkgver=3.1.3 | ||
7 | _name="$pkgname${pkgver:0:1}" | ||
8 | pkgrel=1 | ||
9 | pkgdesc='Comprehensive web app vulnerability scanner written in Python' | ||
10 | arch=('any') | ||
11 | url="https://$pkgname-scanner.github.io" | ||
12 | license=('GPL') | ||
13 | makedepends=('python-setuptools') | ||
14 | depends=('python' 'python-requests' 'python-beautifulsoup4' 'python-lxml' 'python-yaswfp' | ||
15 | 'python-browser-cookie3' 'python-mako' 'python-python-socks' 'python-tld' 'python-httpx' | ||
16 | 'python-aiocache' 'python-aiosqlite' 'python-sqlalchemy' 'python-loguru' 'python-cryptography') | ||
17 | optdepends=('python-requests-kerberos: Kerberos authentication' | ||
18 | 'python-requests-ntlm: NTLM authentication') | ||
19 | options=('zipman') | ||
20 | changelog=ChangeLog | ||
21 | source=("https://github.com/$pkgname-scanner/$pkgname/releases/download/$pkgver/$_name-$pkgver.tar.gz") | ||
22 | sha256sums=('83ffef39199f92f530f7de7b47dbfb93ab2c9c97d3bbee93473084cba5796c61') | ||
23 | |||
24 | prepare() { | ||
25 | rm -rf "$_name-$pkgver/tests" | ||
26 | } | ||
27 | |||
28 | build() { | ||
29 | cd "$_name-$pkgver" | ||
30 | sed -i '/mitmproxy==8.0.0/s/==8.0.0/>=8.0.0/' setup.py | ||
31 | sed -i '/dnspython==2.1.0/s/==2.1.0/>=2.1.0/' setup.py | ||
32 | sed -i '/cryptography==36.0.2/s/==36.0.2/>=36.0.2/' setup.py | ||
33 | sed -i '/browser-cookie3==0.11.4/s/==0.11.4/>=0.11.4/' setup.py | ||
34 | sed -i '/importlib_metadata==3.7.2/s/==3.7.2/>=3.7.2/' setup.py | ||
35 | python setup.py build | ||
36 | } | ||
37 | |||
38 | package() { | ||
39 | cd "$_name-$pkgver" | ||
40 | PYTHONHASHSEED=0 python setup.py install --root="$pkgdir" --optimize=1 --skip-build | ||
41 | } | ||