Closed 7a closed 10 years ago
viyatb
commented
10 years ago or that the most important libraries OWTF needs to run without any plugins should be checked at startup.
This could be the same implementation we do for checking the tools installed
dkorzhevin
commented
10 years ago Hi guys,
I use latest available version of kali linux and i'm also have problems with starting and using owtf.
What i done:
./owtf.py
Traceback (most recent call last):
File "./owtf.py", line 42, in <module>
from framework import core
File "/root/owtf/framework/core.py", line 37, in <module>
from framework.http.proxy import proxy, transaction_logger, tor_manager
File "/root/owtf/framework/http/proxy/proxy.py", line 32, in <module>
import tornado.httpserver
ImportError: No module named tornado.httpserverHere also output of install script (second run):
~/owtf/install/kali# ./install.sh
Reading package lists... Done
Building dependency tree
Reading state information... Done
Note, selecting 'libxslt1-dev' instead of 'libxslt-dev'
libxslt1-dev is already the newest version.
python-pip is already the newest version.
python2.7-dev is already the newest version.
xserver-xephyr is already the newest version.
xvfb is already the newest version.
libcurl4-gnutls-dev is already the newest version.
libxml2-dev is already the newest version.
tor is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
[*] Installing LBD, arachni and gnutls-bin from Kali Repos
Reading package lists... Done
Building dependency tree
Reading state information... Done
arachni is already the newest version.
gnutls-bin is already the newest version.
lbd is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
./install.sh: 56: ./install.sh: /install/kali/kali_patch_w3af.sh: not found
./install.sh: 57: ./install.sh: /install/kali/kali_patch_nikto.sh: not found
./install.sh: 58: ./install.sh: /install/kali/kali_patch_tlssled.sh: not found
./install.sh: 59: ./install.sh: /install/kali/kali_patch_openvas.sh: not found
./install.sh: 61: cd: can't cd to /dictionaries/restricted
WARNING: Dirbuster dictionaries are already installed, skippingSeems, my problem was solved, after installing tornado and pycurl modules with pip:
pip install tornado pycurlBut, maby better include this in kali linux install and configure script?
dkorzhevin
commented
10 years ago Here is my output:
pip install tornado pycurl
Downloading/unpacking tornado
Downloading tornado-4.0.2.tar.gz (315Kb): 315Kb downloaded
Running setup.py egg_info for package tornado
Requirement already satisfied (use --upgrade to upgrade): pycurl in /usr/lib/pymodules/python2.7
Downloading/unpacking certifi (from tornado)
Downloading certifi-14.05.14.tar.gz (168Kb): 168Kb downloaded
Running setup.py egg_info for package certifi
Downloading/unpacking backports.ssl-match-hostname (from tornado)
Downloading backports.ssl_match_hostname-3.4.0.2.tar.gz
Running setup.py egg_info for package backports.ssl-match-hostname
Installing collected packages: tornado, certifi, backports.ssl-match-hostname
Running setup.py install for tornado
building 'tornado.speedups' extension
gcc -pthread -fno-strict-aliasing -DNDEBUG -g -fwrapv -O2 -Wall -Wstrict-prototypes -fPIC -I/usr/include/python2.7 -c tornado/speedups.c -o build/temp.linux-x86_64-2.7/tornado/speedups.o
tornado/speedups.c:49:1: warning: function declaration isn’t a prototype [-Wstrict-prototypes]
gcc -pthread -shared -Wl,-O1 -Wl,-Bsymbolic-functions -Wl,-z,relro build/temp.linux-x86_64-2.7/tornado/speedups.o -o build/lib.linux-x86_64-2.7/tornado/speedups.so
Running setup.py install for certifi
Running setup.py install for backports.ssl-match-hostname
Successfully installed tornado certifi backports.ssl-match-hostname
Cleaning up...I can confirm, that now owtf works fine:
./owtf.py
__ ___
/\ \__ /'___\
___ __ __ _\ \ ,_\/\ \__/
/ __`\/\ \/\ \/\ \ \ \/\ \ ,__\
/\ \_\ \ \ \_/ \_/ \ \ \_\ \ \_/
\ \____/\ \___x___/'\ \__\\ \_\
\/___/ \/__//__/ \/__/ \/_/
OWTF Version: 0.45.0, Release: Winter Blizzard
Current Path: ./owtf.py
Syntax: owtf.py [ options ] <target1 target2 target3 ..> where target can be: <target URL / hostname / IP>
NOTE: targets can also be provided via a text file
Examples:
Run all web plugins: owtf.py http://my.website.com
Run only passive + semi_passive plugins: owtf.py -t quiet http://my.website.com
Run only active plugins: owtf.py -t active http://my.website.com
Run all plugins except 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -e 'OWASP-CM-001' http://my.website.com
Run all plugins except 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -e 'Testing_for_SSL-TLS' http://my.website.com
Run only 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -o 'OWASP-CM-001' http://my.website.com
Run only 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -o 'Testing_for_SSL-TLS' http://my.website.com
Run only OWASP-IG-005 and OWASP-WU-VULN: owtf.py -o 'OWASP-IG-005,OWASP-WU-VULN' http://my.website.com
Run using my resources file and proxy: owtf.py -m r:/home/me/owtf_resources.cfg -x 127.0.0.1:8080 http://my.website.com
Run using TOR network: owtf.py -o OWTF-WVS-001 http://my.website.com --tor 127.0.0.1:9050:9051:password:1
Run Botnet-mode using miner: owtf.py -o OWTF-WVS-001 http://my.website.com -b miner
Run Botnet-mode using custom proxy list: owtf.py -o OWTF-WVS-001 http://my.website.com -b list:proxy_list_path.txtI still have problems with plugins/tools:
./owtf.py http://demo.testfire.net
__ ___
/\ \__ /'___\
___ __ __ _\ \ ,_\/\ \__/
/ __`\/\ \/\ \/\ \ \ \/\ \ ,__\
/\ \_\ \ \ \_/ \_/ \ \ \_\ \ \_/
\ \____/\ \___x___/'\ \__\\ \_\
\/___/ \/__//__/ \/__/ \/_/
OWTF Version: 0.45.0, Release: Winter Blizzard
[*] Loading framework please wait..
[*] Loading Config from: /root/owtf/profiles/general/default.cfg ..
[*] Loading Resources from: /root/owtf/profiles/resources/default.cfg ..
[*] Loading net Plugin Order from: /root/owtf/profiles/net_plugin_order/default.cfg ..
[*] Loading web Plugin Order from: /root/owtf/profiles/web_plugin_order/default.cfg ..
[*] The IP address for demo.testfire.net is: '65.61.137.117'
[*] WARNING: Tool path not found for: /root/owtf/tools/restricted/ssl/ssl-cipher-check/ssl-cipher-check.pl
[*] WARNING: Tool path not found for: /root/owtf/tools/restricted/websecurify/Websecurify Scanner 0.9/runner
[*] WARNING: Tool path not found for: /root/owtf/tools/restricted/hoppy-1.8.1/hoppy-1.8.1
[*] WARNING: Tool path not found for: /root/owtf/tools/restricted/cms-explorer/cms-explorer-1.0
[*] WARNING: Tool path not found for: /root/owtf/tools/restricted/Panoptic
[*] WARNING: Tool path not found for: /root/owtf/tools/restricted/lbd/lbd.sh
[*] WARNING: Tool path not found for: /root/owtf/tools/restricted/httprint/httprint_301/linux
[*]
[*] WARNING!!!: 7 tools could not be found. Some suggestions:
[*] - Define where your tools are here: /root/owtf/profiles/general/default.cfg
Continue anyway? [Y/n]y
[*] Loading/Initialising database ..
[*] Aborted by Framework: Files required for SSL MiTM are missing. Please run the install script
[*] Saving DBs
[*] Finishing iteration and assembling report again (with updated run information)
[*] OWTF iteration finished
[*] Stopping inbound proxy processes and cleaning up, Please wait!
[*] Saving DBs before stopping messaging
0xcpu
commented
10 years ago @dkorzhevin Tornado is included in install script: https://github.com/owtf/owtf/blob/lions_2014/install/install.py#L105 https://github.com/owtf/owtf/blob/lions_2014/install/owtf.pip#L2
marioskourtesis
commented
10 years ago Hello dkorzhevin, Thank you for your emails, I would recommend you to try the Lions2014 branch. Kind Regards Marios
On Wed, Oct 1, 2014 at 9:07 PM, dkorzhevin notifications@github.com wrote:
I can confirm, that now owtf works fine:
./owtf.py
__ ___ /\ \__ /'___\\ \ ,\/\ / / `\/\ \/\ \/\ \ \ \/\ \ ,**\ /\ \ \ \ / / \ \ \ \ / \ /\ _x_/'\ \ _\ \/_/ \/__/// \/**/ \/_/
OWTF Version: 0.45.0, Release: Winter Blizzard
Current Path: ./owtf.py Syntax: owtf.py [ options ] <target1 target2 target3 ..> where target can be: <target URL / hostname / IP> NOTE: targets can also be provided via a text file
Examples:
Run all web plugins: owtf.py http://my.website.com Run only passive + semi_passive plugins: owtf.py -t quiet http://my.website.com Run only active plugins: owtf.py -t active http://my.website.com
Run all plugins except 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -e 'OWASP-CM-001' http://my.website.com Run all plugins except 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -e 'Testing_for_SSL-TLS' http://my.website.com
Run only 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -o 'OWASP-CM-001' http://my.website.com Run only 'OWASP-CM-001: Testing_for_SSL-TLS': owtf.py -o 'Testing_for_SSL-TLS' http://my.website.com
Run only OWASP-IG-005 and OWASP-WU-VULN: owtf.py -o 'OWASP-IG-005,OWASP-WU-VULN' http://my.website.com Run using my resources file and proxy: owtf.py -m r:/home/me/owtf_resources.cfg -x 127.0.0.1:8080 http://my.website.com
Run using TOR network: owtf.py -o OWTF-WVS-001 http://my.website.com --tor 127.0.0.1:9050:9051:password:1
Run Botnet-mode using miner: owtf.py -o OWTF-WVS-001 http://my.website.com -b miner
Run Botnet-mode using custom proxy list: owtf.py -o OWTF-WVS-001 http://my.website.com -b list:proxy_list_path.txt
— Reply to this email directly or view it on GitHub https://github.com/owtf/owtf/issues/321#issuecomment-57518485.
0xcpu
commented
10 years ago @dkorzhevin, As @marioskourtesis said, try the lions_2014. Installation and how to use latest features are presented here: http://docs.owtf.org/en/latest/
7a
commented
10 years ago @dkorzhevin sorry about this, we are about to release, so documentation points you to the trunk but the trunk is still using the old version -until we release, hopefully tomorrow night! :)-.
In the meantime, please do this (you can use the latest features this way, before the official release): wget https://raw.githubusercontent.com/owtf/owtf/lions_2014/contrib/bootstrap.sh chmod +x bootstrap.sh ./bootstrap.sh
flabbergastedbd
commented
10 years ago Fixed in e8270f2b26e6846366dda9b622c694fa9342e1bf
Somebody on IRC reported the following (the person was gone before I could answer):