diff --git a/README b/README index 5d1d34edf..3f49a3874 100644 --- a/README +++ b/README @@ -36,9 +36,9 @@ Requirements Installation ------------ -- Kali: if you uncompress owtf on /root/owtf/ (i.e. so that you can run it like this /root/owtf/owtf.py you're done :)) -- Other Linux systems: uncompress wherever and then modify config.cfg and perhaps resources.cfg to suit, you can install missing tools for further testing coverage -- You may also want to run /root/owtf/install/kali_install.sh to install a couple of dependencies needed by 2 plugins +- Clone owtf repo using git => git clone https://github.com/7a/owtf +- You may also want to run install/install.py +- Check out Wiki for more help FAQ --- diff --git a/framework/config/framework_config.cfg b/framework/config/framework_config.cfg index edc3256ce..4570daebc 100644 --- a/framework/config/framework_config.cfg +++ b/framework/config/framework_config.cfg @@ -1,7 +1,7 @@ VERSION: 0.40 RELEASE: Summer Storm III -INSTALL_SCRIPT: @@@FRAMEWORK_DIR@@@/install.sh +INSTALL_SCRIPT: @@@FRAMEWORK_DIR@@@/install/install.py WEB_TEST_GROUPS: @@@FRAMEWORK_DIR@@@/framework/config/web_testgroups.cfg NET_TEST_GROUPS: @@@FRAMEWORK_DIR@@@/framework/config/net_testgroups.cfg PLUGINS_DIR: @@@FRAMEWORK_DIR@@@/plugins/ diff --git a/install/install.py b/install/install.py new file mode 100644 index 000000000..8eb17833f --- /dev/null +++ b/install/install.py @@ -0,0 +1,94 @@ +#!/usr/bin/env python +# +# owtf is an OWASP+PTES-focused try to unite great tools and facilitate pen testing +# Copyright (c) 2011, Abraham Aranguren Twitter: @7a_ http://7-a.org +# All rights reserved. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# * Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# * Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# * Neither the name of the nor the +# names of its contributors may be used to endorse or promote products +# derived from this software without specific prior written permission. +# +# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND +# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED +# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE +# DISCLAIMED. IN NO EVENT SHALL BE LIABLE FOR ANY +# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; +# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON +# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT +# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS +# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# +import os +import ConfigParser + +class Installer(object): + """ + This class takes care of installation of various restricted stuff across various linux distros + """ + def __init__(self, RootDir): + self.RootDir = RootDir + self.owtf_pip = os.path.join(RootDir, "install", "owtf.pip") # OWTF python libraries + self.restricted_cfg = os.path.join(RootDir, "install", "restricted.cfg") # Restricted tools and dictionaries which are distro independent + self.distros_cfg = os.path.join(RootDir, "install", "linux-distributions.cfg") # Various distros and install scripts + + def create_directory(self, directory): + # Create parent directories as necessary + try: + os.makedirs(directory) + return True + except OSError: + return False + + def run_command(self, command): + print("[*] Running following command") + print("%s"%(command)) + os.system(command) + + def install_in_directory(self, directory, command): + if self.create_directory(directory): + print("[*] Switching to %s"%(directory)) + os.chdir(directory) + self.run_command(command) + else: + print("[!] Directory %s already exists, so skipping installation for this"%(directory)) + + def install_using_pip(self, requirements_file): + # Instead of using file directly with pip which can crash because of single library + for line in open(requirements_file, 'r').readlines(): + self.run_command("sudo -E pip install --upgrade %s"%(line)) + + def install_restricted_from_cfg(self, config_file): + cp = ConfigParser.ConfigParser({"RootDir":self.RootDir}) + cp.read(config_file) + for section in cp.sections(): + print("[*] Installing %s"%(section)) + self.install_in_directory(os.path.expanduser(cp.get(section, "directory")), cp.get(section, "command")) + + def install(self): + # First all distro independent stuff is installed + self.install_restricted_from_cfg(self.restricted_cfg) + # User asked to select distro and distro related stuff is installed + cp = ConfigParser.ConfigParser({"RootDir":self.RootDir}) + cp.read(self.distros_cfg) + for i in range(0, len(cp.sections())): + print("(%d) %s"%(i+1, cp.sections()[i])) + distro_num = raw_input("Select a number based on your distribution : ") + self.run_command(cp.get(cp.sections()[int(distro_num)-1], "install")) + # Finally owtf python libraries installed using pip + self.install_using_pip(self.owtf_pip) + +if __name__ == "__main__": + print("[*] Great that your are installing OWTF :D") + print("[!] There will be lot of output, please be patient") + RootDir = os.path.dirname(os.path.dirname(os.path.realpath(__file__))) + installer = Installer(RootDir) + installer.install() + print("[*] Hope everything went fine :)") diff --git a/tools/bt5_patch_nikto.sh b/install/kali/install.sh old mode 100755 new mode 100644 similarity index 60% rename from tools/bt5_patch_nikto.sh rename to install/kali/install.sh index 7fc2ed51b..c8b641b5a --- a/tools/bt5_patch_nikto.sh +++ b/install/kali/install.sh @@ -1,10 +1,4 @@ -#!/usr/bin/env bash -# -# Description: -# Script to fix the nikto config to use a normal-looking User Agent so that we can hopefully bypass simple WAF blacklists -# -# Date: 2012-09-24 -# +#!/usr/bin/env sh # owtf is an OWASP+PTES-focused try to unite great tools and facilitate pen testing # Copyright (c) 2011, Abraham Aranguren Twitter: @7a_ http://7-a.org # All rights reserved. @@ -31,18 +25,44 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # - -NIKTO_CONF_FILE="/pentest/web/nikto/nikto.conf" -NIKTO_CONF_BACKUP="$NIKTO_CONF_FILE.backup" -if [ $(grep 'USERAGENT=Mozilla/5.00 (Nikto' $NIKTO_CONF_FILE|wc -l) -gt 0 ]; then - echo "Nikto is currently set to display a NIKTO USER AGENT, do you want to replace this with a normal looking one? [y/n]" - read a - if [ "$a" == "y" ]; then - echo "Backing up previous $NIKTO_CONF_FILE to $NIKTO_CONF_BACKUP.." - cp $NIKTO_CONF_FILE $NIKTO_CONF_BACKUP - echo "Updating nikto configuration to use a normal-looking user agent.." - cat $NIKTO_CONF_BACKUP | sed 's|^USERAGENT=Mozilla/5\.00 (Nikto.*$|USERAGENT=Mozilla/5.0 (X11; Linux i686; rv:6.0) Gecko/20100101 Firefox/15.0|' > $NIKTO_CONF_FILE +IsInstalled() { + directory=$1 + if [ -d $directory ]; then + return 1 + else + return 0 fi +} + +RootDir=$1 + +########### Pip is the foremost thing that must be installed +sudo -E apt-get install python-pip xvfb xserver-xephyr + +############ Tools missing in Kali +mkdir -p $RootDir/tools/restricted +cd $RootDir/tools/restricted +IsInstalled "w3af" +if [ $? -eq 0 ]; then # Not installed + git clone https://github.com/andresriancho/w3af.git +fi +"$RootDir/install/kali/kali_patch_w3af.sh" + +"$RootDir/install/kali/kali_patch_nikto.sh" +"$RootDir/install/kali/kali_patch_tlssled.sh" + +echo "[*] Installing LBD, arachni and gnutls-bin from Kali Repos" +sudo -E apt-get install lbd gnutls-bin arachni + +###### Dictionaries missing in Kali +cd $RootDir/dictionaries/restricted +IsInstalled "dirbuster" +if [ $? -eq 0 ]; then # Not installed + # Copying dirbuster dicts + echo "\n[*] Copying Dirbuster dictionaries" + mkdir -p dirbuster + cp -r /usr/share/dirbuster/wordlists/. dirbuster/. + echo "[*] Done" else - echo "Nikto configuration is already set to use a normal-looking user agent" + echo "WARNING: Dirbuster dictionaries are already installed, skipping" fi diff --git a/install/install_dependencies.sh b/install/kali/install_dependencies.sh similarity index 100% rename from install/install_dependencies.sh rename to install/kali/install_dependencies.sh diff --git a/install/kali_install.sh b/install/kali/kali_install.sh similarity index 100% rename from install/kali_install.sh rename to install/kali/kali_install.sh diff --git a/tools/kali_patch_nikto.sh b/install/kali/kali_patch_nikto.sh similarity index 100% rename from tools/kali_patch_nikto.sh rename to install/kali/kali_patch_nikto.sh diff --git a/tools/kali_patch_tlssled.sh b/install/kali/kali_patch_tlssled.sh similarity index 100% rename from tools/kali_patch_tlssled.sh rename to install/kali/kali_patch_tlssled.sh diff --git a/tools/kali_patch_w3af.sh b/install/kali/kali_patch_w3af.sh similarity index 87% rename from tools/kali_patch_w3af.sh rename to install/kali/kali_patch_w3af.sh index 437ce6ea0..2e4bf0089 100755 --- a/tools/kali_patch_w3af.sh +++ b/install/kali/kali_patch_w3af.sh @@ -31,6 +31,13 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # + +# Install missing stuff needed for w3af in kali +sudo apt-get install python2.7-dev libsqlite3-dev +sudo pip install clamd PyGithub GitPython pybloomfiltermmap esmre nltk pdfminer futures guess-language cluster msgpack-python python-ntlm +sudo pip install git+git://github.com/ramen/phply.git\#egg=phply +sudo pip install xdot + if [ -f ~/.w3af/startup.conf ] then if ! grep -i "^accepted-disclaimer = true$" ~/.w3af/startup.conf diff --git a/install/linux-distributions.cfg b/install/linux-distributions.cfg new file mode 100644 index 000000000..58d116848 --- /dev/null +++ b/install/linux-distributions.cfg @@ -0,0 +1,2 @@ +[Kali Linux] +install = sh %(RootDir)s/install/kali/install.sh %(RootDir)s diff --git a/install/owtf.pip b/install/owtf.pip new file mode 100644 index 000000000..06001a0c4 --- /dev/null +++ b/install/owtf.pip @@ -0,0 +1,8 @@ +tornado +pycurl +jinja2 +lxml +argparse +selenium +rdflib +pyvirtualdisplay diff --git a/install/install_git.sh b/install/proxy_CA.sh old mode 100755 new mode 100644 similarity index 64% rename from install/install_git.sh rename to install/proxy_CA.sh index a326cfc54..096828171 --- a/install/install_git.sh +++ b/install/proxy_CA.sh @@ -1,7 +1,7 @@ #!/usr/bin/env sh # # owtf is an OWASP+PTES-focused try to unite great tools and facilitate pen testing -# Copyright (c) 2011, Abraham Aranguren Twitter: @7a_ http://7-a.org +# Copyright (c) 2014, Abraham Aranguren Twitter: @7a_ http://7-a.org # All rights reserved. # # Redistribution and use in source and binary forms, with or without @@ -26,18 +26,29 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +RootDir=$1 -echo "[*] This will install the git client for github, you only need this if you are a project contributor!. Continue? [y/N]" -read choice +get_config_value(){ + + parameter=$1 + file=$2 + + echo "$(grep -i $parameter $file | sed "s|$parameter: ||g;s|~|$HOME|g")" +} -if [ "$choice" == "y" ]; then - # install git-core, git-gui, and git-doc - for cmd in $(echo apt-get#install#git-core#git-gui#git-doc); do - cmd=$(echo "$cmd"|tr '#' ' ') - echo "[*] Running: $cmd" - $cmd - done -fi +config_file="$RootDir/profiles/general/default.cfg" +certs_folder=$(get_config_value CERTS_FOLDER $config_file) +ca_cert=$(get_config_value CA_CERT $config_file) +ca_key=$(get_config_value CA_KEY $config_file) -echo "Please have a look at this URL for SSH Key setup instructions: http://help.github.com/linux-set-up-git/" -echo "NOTE: Not brave enough to script that ... for now :)" +if [ ! -d $certs_folder ]; then + mkdir -p $certs_folder +fi +if [ ! -f $ca_cert ]; then + echo "-----------------------------------------------" + echo "[*] Please use \"owtf\" as password for the key" + echo "-----------------------------------------------" + openssl genrsa -des3 -out "$ca_key" 1024 + openssl req -new -x509 -days 3650 -key "$ca_key" -out "$ca_cert" + echo "\n[*] Donot forget to add the $ca_cert as a trusted CA in your browser" +fi diff --git a/install/restricted.cfg b/install/restricted.cfg new file mode 100644 index 000000000..096add60d --- /dev/null +++ b/install/restricted.cfg @@ -0,0 +1,42 @@ +[Httprint] +directory = %(RootDir)s/tools/restricted/httprint +command = wget "http://www.net-square.com/zip folders/httprint_linux_301.zip"; unzip *.zip; rm -f *.zip + cp -rf %(RootDir)s/tools/httprint-signatures.txt %(RootDir)s/tools/restricted/httprint/httprint_301/linux + +[Websecurify] +directory = %(RootDir)s/tools/restricted/websecurify +command = wget "http://websecurify.googlecode.com/files/Websecurify%20Scanner 0.9.tgz"; tar xvfz *; rm -f *.tgz 2> /dev/null; rm -f *.tar.gz 2> /dev/null + +[BIG-IP Decoder] +directory = %(RootDir)s/tools/restricted/decoding/cookies +command = wget http://www.taddong.com/tools/BIG-IP_cookie_decoder.zip; unzip *.zip; rm -f *.zip + +[Hoppy] +directory = %(RootDir)s/tools/restricted/hoppy-1.8.1 +command = wget http://labs.portcullis.co.uk/download/hoppy-1.8.1.tar.bz2; bunzip2 *; tar xvf *; rm -f *.tar 2> /dev/null + +[SSL cipher Check] +directory = %(RootDir)s/tools/restricted/ssl/ssl-cipher-check +command = wget http://unspecific.com/ssl/ssl-cipher-check.pl; chmod 700 * + +[CMS Explorer] +directory = %(RootDir)s/tools/restricted/cms-explorer +command = sh %(RootDir)s/install/update_convert_cms_explorer_dicts.sh %(RootDir)s + +[SVN Digger Dictionaries] +directory = %(RootDir)s/dictionaries/restricted/svndigger +command = wget http://www.mavitunasecurity.com/s/research/SVNDigger.zip; unzip *.zip; rm -f *.zip + +[Raft Dictionaries] +directory = %(RootDir)s/dictionaries/restricted/raft +command = for file in $(ls %(RootDir)s/dictionaries/fuzzdb/fuzzdb-1.09/Discovery/PredictableRes/ | grep raft); do + ln -s %(RootDir)s/dictionaries/fuzzdb/fuzzdb-1.09/Discovery/PredictableRes/$file %(RootDir)s/dictionaries/restricted/raft/$file + done + +[Combined Dictionaries] +directory = %(RootDir)s/dictionaries/restricted/combined +command = python2 %(RootDir)s/dictionaries/dict_merger_svndigger_raft.py + +[Local CA for Inbound Proxy] +directory = ~/.owtf/proxy +command = %(RootDir)s/install/proxy_CA.sh %(RootDir)s diff --git a/dictionaries/update_convert_cms_explorer_dicts.sh b/install/update_convert_cms_explorer_dicts.sh similarity index 92% rename from dictionaries/update_convert_cms_explorer_dicts.sh rename to install/update_convert_cms_explorer_dicts.sh index 21181eac0..28d8b4dc3 100755 --- a/dictionaries/update_convert_cms_explorer_dicts.sh +++ b/install/update_convert_cms_explorer_dicts.sh @@ -27,9 +27,13 @@ # (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS # SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # +RootDir=$1 -CMS_EXPLORER_DIR="$(dirname $0)/cms-explorer/cms-explorer-1.0" -CMS_DICTIONARIES_DIR="$(dirname $0)/restricted/cms" +wget http://cms-explorer.googlecode.com/files/cms-explorer-1.0.tar.bz2; bunzip2 *; tar xvf *; rm -f *.tar 2> /dev/null + +CMS_EXPLORER_DIR="$RootDir/tools/restricted/cms-explorer/cms-explorer-1.0" +CMS_DICTIONARIES_DIR="$RootDir/dictionaries/restricted/cms" +mkdir -p $CMS_DICTIONARIES_DIR DICTIONARIES="$CMS_EXPLORER_DIR/drupal_plugins.txt $CMS_EXPLORER_DIR/joomla_themes.txt diff --git a/tools/bt5_install.sh b/tools/bt5_install.sh deleted file mode 100755 index c042387a1..000000000 --- a/tools/bt5_install.sh +++ /dev/null @@ -1,134 +0,0 @@ -#!/usr/bin/env bash -# -# Description: Installation script for tools not in Backtrack or unreliable in Backtrack -# (i.e. Backtrack chose the development version instead of the stable one) -# -# owtf is an OWASP+PTES-focused try to unite great tools and facilitate pen testing -# Copyright (c) 2011, Abraham Aranguren Twitter: @7a_ http://7-a.org -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the copyright owner nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -IsInstalled() { - directory=$1 - if [ -d $directory ]; then - return 1 - else - return 0 - fi -} - -DecompressTBZ2() { - bunzip2 * - tar xvf * - rm -f *.tar 2> /dev/null -} - -DecompressTGZ() { - tar xvfz * - rm -f *.tar.gz 2> /dev/null - rm -f *.tgz 2> /dev/null -} - -DecompressZIP() { - unzip *.zip - rm -f *.zip -} - -Chmod700() { - chmod 700 * -} - -WgetInstall() { - download_url=$1 - directory=$2 - decompress_method="tar.gz" - if [ $3 ]; then - decompress_method=$3 - fi - - IsInstalled "$directory" - if [ $? -eq 0 ]; then # Not installed - mkdir -p $directory - ( - cd $directory - echo "$directory not found, downloading it.." - wget -A "MSIE 6.0" $download_url - if [ "$decompress_method" == "tar.gz" ]; then - DecompressTGZ - elif [ "$decompress_method" == "tar.bz2" ]; then - DecompressTBZ2 - elif [ "$decompress_method" == "zip" ]; then - DecompressZIP - elif [ "$decompress_method" == "chmod700" ]; then - Chmod700 - fi - ) - else - echo "$directory ($download_url) is already installed, skipping" - fi -} - -# This script needs to be run to download tools with potentially restrictive licensing (cannot be redistributed) -TOOLS_DIRECTORY="$(dirname $0)" -INSTALL_DIR="$TOOLS_DIRECTORY/restricted" -mkdir -p $INSTALL_DIR -( - cd $INSTALL_DIR - # NOTE 2: Even Arachni v.0.4.0.2 HOTFIX doesn't work (infinite loop): https://github.com/Arachni/arachni/issues/290 - # NOTE: Arachni v0.4 is still a bit unstable, it's best to stick with Arachni v0.3 in the meantime - #WgetInstall "https://github.com/downloads/Arachni/arachni/arachni-v0.4.0.2-cde.tar.gz" "arachni-v0.4.0.2-cde" - #The charts for arachni-v0.3 no longer show up, but this is the closest thing to "working": third party JavaScript missing? - #WgetInstall "https://github.com/downloads/Arachni/arachni/arachni-v0.3-cde.tar.gz" "arachni-v0.3-cde" "tar.gz" - - #This is the right Arachni version to use but the shell wrapper script can't handle this structure. TODO: next release - arachni_baseurl="http://downloads.arachni-scanner.com" - #arachni_baseurl="http://downloads.arachni-scanner.com/nightlies" - if [ "$(uname -a | cut -f12 -d' '|cut -f2 -d'_')" == "64" ]; then # Get arachni 64bits - arachni_url="$arachni_baseurl/arachni-0.4.1-linux-x86_64.tar.gz" - else # Get 32 bit version - arachni_url="$arachni_baseurl/arachni-0.4.1-linux-i386.tar.gz" - fi - WgetInstall $arachni_url "arachni-v0.4.1" "tar.gz" - - # We don't need to download whatweb anymore since the Backtrack version is now stable: - #WgetInstall "http://www.morningstarsecurity.com/downloads/whatweb-0.4.7.tar.gz" "whatweb-0.4.7" "tar.gz" - WgetInstall "http://skipfish.googlecode.com/files/skipfish-2.09b.tgz" "skipfish" "tar.gz" - WgetInstall "http://websecurify.googlecode.com/files/Websecurify%20Scanner%200.9.tgz" "websecurify" "tar.gz" - WgetInstall "http://www.taddong.com/tools/BIG-IP_cookie_decoder.zip" "decoding/cookies" "zip" - WgetInstall "http://labs.portcullis.co.uk/download/hoppy-1.8.1.tar.bz2" "hoppy-1.8.1" "tar.bz2" - WgetInstall "http://unspecific.com/ssl/ssl-cipher-check.pl" "ssl/ssl-cipher-check" "chmod700" - WgetInstall "http://www.taddong.com/tools/TLSSLed_v1.2.sh" "ssl/TLSSLed" "chmod700" - TOOL_DIR="wpscan" - if [ ! -d $TOOL_DIR ]; then - echo "wpscan not found, downloading it.." - mkdir -p $TOOL_DIR - ( - cd $TOOL_DIR - svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan-1.1 - ) - fi -) -yes | cp -rf "$TOOLS_DIRECTORY/signatures.txt" "/pentest/enumeration/web/httprint/linux/signatures.txt" -"$TOOLS_DIRECTORY/bt5_patch_nikto.sh" diff --git a/tools/bt5_install_allowed.sh b/tools/bt5_install_allowed.sh deleted file mode 100755 index 544d0aad3..000000000 --- a/tools/bt5_install_allowed.sh +++ /dev/null @@ -1,58 +0,0 @@ -#!/bin/sh -# -# Description: Installation script for tools not in Backtrack or unreliable in Backtrack -# (i.e. Backtrack chose the development version instead of the stable one) -# -# owtf is an OWASP+PTES-focused try to unite great tools and facilitate pen testing -# Copyright (c) 2011, Abraham Aranguren Twitter: @7a_ http://7-a.org -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# * Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# * Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# * Neither the name of the copyright owner nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND -# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED -# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE -# DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY -# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES -# (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; -# LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON -# ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# - -# This script contains installation for tools that can be re-distributed, no need to run this for the most part -INSTALL_DIR="$(dirname $0)" -mkdir -p $INSTALL_DIR -( - cd $INSTALL_DIR - TOOL_DIR="discovery/web/traceroute" - mkdir -p $TOOL_DIR - ( - cd $TOOL_DIR - if [ ! -f HTTP-Traceroute.py ]; then # Redistribution with OWTF allowed by author (Nicolas Gregoire), this file should exist, if not retrieve it - echo "Getting HTTP-Traceroute .." - wget http://www.agarri.fr/docs/HTTP-Traceroute.py - fi - ) - TOOL_DIR="dos/http" - mkdir -p $TOOL_DIR - ( - cd $TOOL_DIR - TOOL_NAME="slowloris.pl" - if [ ! -f $TOOL_NAME ]; then - echo "Getting slowloris .." - wget http://ha.ckers.org/slowloris/$TOOL_NAME - chmod 700 $TOOL_NAME - fi - ) -) diff --git a/tools/signatures.txt b/tools/httprint-signatures.txt similarity index 100% rename from tools/signatures.txt rename to tools/httprint-signatures.txt diff --git a/tools/wpscan.sh b/tools/wpscan.sh deleted file mode 100755 index 21db51668..000000000 --- a/tools/wpscan.sh +++ /dev/null @@ -1,5 +0,0 @@ -#!/bin/sh - -mkdir -p wpscan -cd wpscan -svn checkout http://wpscan.googlecode.com/svn/trunk/ ./wpscan-1.1