w3af on raspbian (debian 7.0)
Si necesitas versión en español, pídela y la haré.Dreaming about plugging in a tiny box in a free port, wait a few minutes and walk away with a network scan and a vulnerability assessment in your pocket? Perhaps running an automated exploit too? So you are you ready for load average: 2.85, 2.40, 1.72? You are not alone.
Step 0
Install raspbian[1] on your raspberry pi B[2]$> sudo apt-get update
$> sudo apt-get upgrade
First attempt
Install w3af[3] from the repos$> sudo apt-get install w3af
$> w3af_console
/usr/bin/w3af_console: 3: /usr/bin/w3af_console: /usr/bin/python2.5: not found
$> whereis w3af_console
w3af_console: /usr/bin/w3af_console
$> cat /usr/bin/w3af_console
Rename python2.5 to python, bad start.
$> w3af_console
28 seconds later...
w3af>>> profiles
w3af/profiles>>> use fast_scan
The plugins configured by the scan profile have been enabled, and their options configured.
Please set the target URL(s) and start the scan.
w3af/profiles>>> back
w3af>>> target
w3af/config:target>>> set target http://192.168.1.102/
w3af/config:target>>> back
w3af>>> start
Auto-enabling plugin: grep.error500
The thread: <WorkerThread(Thread-9, started daemon -1319824272)> raised an exception while running the request: <bound method fingerprint_404._send_404 of <core.controllers.coreHelpers.fingerprint_404.fingerprint_404 instance at 0x1a8d3c8>>
Exception: w3afMustStopException found by _send_404, someone else will handle it.
The thread: <WorkerThread(Thread-14, started daemon -1361767312)> raised an exception while running the request: <bound method fingerprint_404._send_404 of <core.controllers.coreHelpers.fingerprint_404.fingerprint_404 instance at 0x1a8d3c8>>
try again
w3af>>> version
w3af - Web Application Attack and Audit Framework
Version: 1.1 (from Debian Package 1.0-rc3svn3489-1)
Author: Andres Riancho and the w3af team.
oops! it's too old! but its new! I've just installed it from the repos! I can not ask for help: "Please upgrade to the last version". We have to clean up the mess.
# dependencies.pl
# parses an apt log searching for a package
# and prints all the packages that were
# installed to fullfill it's dependencies.
my $found = 0;
my $stop=0;
my $result='';
while (( $line = <> ) && !$stop) {
chomp;
if ($found==1) {
foreach my $val (split(' ', $line)) {
if (! ( $val =~ m/[()]/ ) and ! ($val =~ /Install/ )) {
my ($name,$arch) = split(':',$val);
$result .= "$name ";
}
}
$stop=1;
} elsif ($line =~ m/Commandline: apt-get install w3af/) {
$found=1;
}
}
print $result . "\n";
Run this script to remove w3af and it's dependencies.
$> sudo apt-get remove $( cat /var/log/apt/history.log | perl dependencies.pl)
Second attempt
Install w3af from github.$> git clone https://github.com/andresriancho/w3af.git
$> ./w3af_console
It will start crying for dependencies, be kind with it and resolve them:
$> sudo apt-get install python-setuptools git libxslt-dev python2.7-dev libsqlite3-dev libxml2-dev python-pip
$> sudo pip install PyGithub GitPython pybloomfiltermmap esmre nltk pdfminer futures pyOpenSSL lxml scapy-real guess-language cluster msgpack-python python-ntlm
$> sudo pip install -e git+git://github.com/ramen/phply.git#egg=phply
Run it again and again
$> ./w3af_console
$> sudo pip install chardet
$> sudo pip install -e git+git://github.com/ramen/phply.git#egg=phply
$> ./w3af_console
Do you accept the terms and conditions? [N|y] y
I'd only tried the console because I don't have an hdmi monitor and did not want to burn my eyes with the tv output, so I used ssh from a "real" computer.
Later, I connected with ssh -X and tried the gui:
$> ssh pi@192.168.1.105 -X
$> ./w3af_gui
Resolve until it runs
$> sudo apt-get install graphviz python-gtk2 python-gtksourceview2
$> sudo pip install xdot
If you are using a 2GB card like me,
rootfs 1838936 1488260 257636 86% /
keep an eye on df. If you are running out of space, remember to purge /var/cache/apt/archives. pip does not keep temporary files, but apt-get installs the packages in the root partition.Remember that 4GB is the recommended size.
I am using an extra pendrive with ext4 to host w3af with no problems.
Some people would say "why didn't you use http://pwnpi.sourceforge.net?[4]"
Well, it's more fun this way and learn about it later and I don't have another sd card.
One way or another, the nerd thing:
Step two
Be careful, don't fry your computerThanks to Andrés Riancho from w3af for the advice on monitoring w3af.
There is a single file [5] to modify.
First you have to import gpio and add some setup code
import RPi.GPIO as GPIO
GPIO.setmode(GPIO.BCM)
GPIO.setup(channel, GPIO.OUT) // for each channel
Then you turn on the leds
GPIO.output(channel, True/False) // for each channel
Event based blinking effect without PWM
GPIO.output(channel, not GPIO.input(channel))
I left this out in order to keep the leds on when the script is over
GPIO.cleanup()
References
[1] http://www.raspbian.org[2] http://www.raspberrypi.org
[3] http://w3af.org
[4] http://pwnpi.sourceforge.net
[5] https://github.com/andresriancho/w3af/blob/master/core/controllers/core_helpers/status.py
[6] http://code.google.com/p/raspberry-gpio-python