Check for tools before running commands #632

Closed
sachinkamath opened this Issue Mar 25, 2016 · 3 comments

Comments

Projects
None yet
2 participants
@sachinkamath
Contributor

sachinkamath commented Mar 25, 2016

It'd be better to check if a tool exists before running the actual plugin. This will be significantly reduce the run-time in distributions that are not pen-testing oriented. For example, Ubuntu does not have arachni pre-installed but arachni scans seem to run during analysis resulting in errors.

Expected Behavior

OWTF should report that the tool is missing and the test will be skipped.

Current Behavior

OWTF runs the command and returns an error message :
screenshot from 2016-03-25 07-20-48

Possible Solution

Check for installation before scanning.

Steps to Reproduce (for bugs)

  1. Run OWTF without certain tools installed.
  2. Add target
  3. Notice that the tests are done assuming all tools are installed. ( Takes up unnecessary time)

Your Environment

  • Installation method used: Manual
  • Version/branch used: develop
  • Operating System and version (like Kali, Debian, ArchLinux, etc): Ubuntu 15.10
  • pip/setuptools version: pip-8.1.1
  • sudo access: Yes
@viyatb

This comment has been minimized.

Show comment
Hide comment
@viyatb

viyatb Mar 25, 2016

Member

@sachinkamath I don't think it will reduce the time. If a tool is not found, it will result in an error, and OWTF directly skips that plugin.

The install script installs some required tools in Debian (read Ubuntu) and if they are still not installed, OWTF prints out a warning to continue the start process (if some tools are not found):
see https://github.com/owtf/owtf/blob/develop/framework/config/health_check.py#L57.

So this is as intended. If OWTF checks for a certain tool before running the plugin, it could significantly slow it down.

Member

viyatb commented Mar 25, 2016

@sachinkamath I don't think it will reduce the time. If a tool is not found, it will result in an error, and OWTF directly skips that plugin.

The install script installs some required tools in Debian (read Ubuntu) and if they are still not installed, OWTF prints out a warning to continue the start process (if some tools are not found):
see https://github.com/owtf/owtf/blob/develop/framework/config/health_check.py#L57.

So this is as intended. If OWTF checks for a certain tool before running the plugin, it could significantly slow it down.

@sachinkamath

This comment has been minimized.

Show comment
Hide comment
@sachinkamath

sachinkamath Mar 25, 2016

Contributor

@delta24 I did not get any such warning/error message. Strange. An from the log (as in screenshot), it doesn't look like it's skipping the test.

Contributor

sachinkamath commented Mar 25, 2016

@delta24 I did not get any such warning/error message. Strange. An from the log (as in screenshot), it doesn't look like it's skipping the test.

@viyatb

This comment has been minimized.

Show comment
Hide comment
@viyatb

viyatb Mar 29, 2016

Member

@sachinkamath By skipping the test I meant that OWTF will assign a "Failed" status to the work and move on (because the command will fail to run and return some empty object)

Member

viyatb commented Mar 29, 2016

@sachinkamath By skipping the test I meant that OWTF will assign a "Failed" status to the work and move on (because the command will fail to run and return some empty object)

@viyatb viyatb closed this Mar 29, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment