owtf.py won't launch due to "AttributeError"

[7MinSec]

Expected Behavior

I would love for OWTF to run :-)

Current Behavior

I went through install and didn't get any errors. But when launching owtf.py I get:

Traceback (most recent call last):
File "./owtf.py", line 14, in
verify_dependencies(os.path.dirname(os.path.abspath(sys.argv[0])) or '.')
File "/opt/owtf2/framework/dependency_check.py", line 40, in verify_dependencies
owtf_libraries = [req.req.project_name for req in owtf_reqs]
AttributeError: 'Requirement' object has no attribute 'project_name

...and app fails to run.

Possible Solution

Unknown. I did try just doing an apt-get update/upgrade on the Kali2 box as it hadn't been updated in a while. Then rebooted, tried install/run again, but same result.

Steps to Reproduce (for bugs)

1. Follow instructions for either the bootstrap or git-based download/install.
2. Run owtf.py
3. Become sad.

Logs

Don't have access to machine at time of this writing, but can produce logs in the next day or so.

Context

Can't start the app.

Your Environment

• Installation method used: Both - bootstrap and git-based
• Version/branch used: master
• Operating System and version (like Kali, Debian, ArchLinux, etc): Kali2
• pip/setuptools version: pip: 8.1.2
• sudo access: yes

[pwnfoo]

You could try the following :

• Make sure you are using python2. owtf is not python3 compatible yet. It'd be a good idea to explicitly run OWTF using python2.
• It could be a problem with the pip installations. Did you try a manual sudo pip install -r install/owtf.pip?
• It could also be a problem with pip as such. Can you also try degrading pip to a 8.0.* version and try the manual pip installation again? (If manual pip installation doesn't solve it) .

UPDATE : newer pip version seems to have broken OWTF installation.

If nothing works, we will just wait for your logs :) Happy hacking!

[7MinSec]

Hi there,

Thanks for the super fast reply.

1. I'm running Python2.7 so should be ok there.
2. I did - didn't help unfortunately.
3. I did downgrade to 8.0.2 and BIGGIDY-BAMM!!!

It's working now! I can still send logs at a later time but I'm up and going for the time and REALLY appreciate your help. Is there anything else you'd need me to collect to see if this is something that needs addressing in the future?

Thanks!
Brian

[viyatb]

@braimee I think pip broke Kali python installation again - I will investigate more and commit a patch later tomorrow. :)

[7MinSec]

Holy schnikes this crew moves fast. Thanks so much - can't wait to dive into this tool!

[pwnfoo]

@braimee I'm glad I could be of help :)

@delta24 I think OWTF is not compatible with the most recent versions of pip. It'd be a good idea to explicitly mention the version of pip required for OWTF instead of upgrading it to the latest version during the installation.

Instead of https://github.com/owtf/owtf/blob/develop/install/install.py#L181 , we could explicitly mention the version of pip required. This way we can prevent OWTF from breaking whenever a newer version of pip is released. What do you think?

[anantshri]

@SachinKamath will this also imply that pip will be kept to that specific version. I would prefer we don't do that coz then e are not sure if there is a security update or a feature update we are missing on pip and we are basically rendering everyone's system open to a potential threat. I would prefer we find a fix and identify why the system broke.

[viyatb]

@SachinKamath I concur with @anantshri that pip remains at the latest version. In any case the static pip version solution is at best a hack, until the pip API stabilizes.