LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Wapiti security tool fails to run with Openvas (http://www.linuxquestions.org/questions/linux-software-2/wapiti-security-tool-fails-to-run-with-openvas-935495/)

shayno90 03-20-2012 10:55 AM

Wapiti security tool fails to run with Openvas
 
I recently installed Wapiti in order to run with Openvas Greenbone Security Desktop on Ubuntu 10.04:
http://www.openvas.org/integrated-tools.html

Download page:
http://www.ict-romulus.eu/web/wapiti/home

Although not listed there, there is a section in the Openvas "Full and Ulimate Deep" scan reports related to Wapiti and it gives this error message:

"wapiti could not be found in your system path.
OpenVAS was unable to execute wapiti and to perform the scan you
requested.
Please make sure that wapiti is installed and that wapiti is
available in the PATH variable defined for your environment."

Based on this I then symlinked the wapiti.py script to both /usr/bin and /usr/sbin but got the same error message.

Next based on another suggestion I created a small shellscript to run in $PATH:
Code:
#!/bin/sh
cd //usr/local/src/Wapiti/wapiti-2.2.1/src/
python wapiti.py $*

and adding this line to the end of ~/.profile
#run wapiti script
:/user/scripts/wapiti.sh

Still I get a similar error message in the report about Wapiti.

"wapiti report filename is empty. that could mean that
wrong version of wapiti is used or tmp dir is not accessible.
Make sure to have wapiti 2.x as wapiti 1.x is not supported.
In short: check installation of wapiti and OpenVAS"

I changed the /tmp directory to be user accessible also.

user@user:~$ ls -ld /tmp/
drwxrwxrwt 15 user user 53248 2012-03-20 14:36 /tmp/

In this guide, it explains about running wapiti.py:
http://www.ict-romulus.eu/web/wapiti.../Users%20Guide
-------------------------------------------------------
Examples
python wapiti.py http://server.com/base/url/ -o my_report_folder -f html
python wapiti.py http://server.com/base/url/ -v 2

This examples works if python executable is in the PATH environment variable and you are in the root directory of Wapiti. In other case you cannot execute the application like in the examples and you have to put all the path to Python executable.
For example:
Windows:
C:\Python25\python C:\Wapiti\wapiti.py http://server.com/base/url/ -o my_report_folder -f html

Linux:
/usr/bin/python /home/user/wapiti.py http://server.com/base/url/ -o my_report_folder -f html
-------------------------------------------------------------

Any help would be appreciated!

craigl123 03-20-2012 11:50 AM

To get around this problem I created a file /usr/bin/wapiti and entered the following:

#!/bin/sh

cd /usr/local/wapiti/src/
./wapiti.py $*

chmod +x it, and ensure wapiti.py is also executable.

Hope this helps

shayno90 03-20-2012 04:06 PM

Quote:

Originally Posted by craigl123 (Post 4631714)
To get around this problem I created a file /usr/bin/wapiti and entered the following:

#!/bin/sh

cd /usr/local/wapiti/src/
./wapiti.py $*

chmod +x it, and ensure wapiti.py is also executable.

Hope this helps

Great, forgot to make it executable:

user@localhost:~$ ls -ld scripts/wapiti.sh
-rw-r--r-- 1 user user 167 2012-03-20 15:28 scripts/wapiti.sh
user@localost:~$ chmod +x scripts/wapiti.sh
user@localhost:~$ ls -ld scripts/wapiti.sh
-rwxr-xr-x 1 user user 167 2012-03-20 15:28 scripts/wapiti.sh

Also where did you make the script executable in .bashrc or .profile or both?

I will run it now to see if it works.

shayno90 03-20-2012 04:46 PM

It didn't work unfortunately:

"wapiti report filename is empty. that could mean that
wrong version of wapiti is used or tmp dir is not accessible.
Make sure to have wapiti 2.x as wapiti 1.x is not supported.
In short: check installation of wapiti and OpenVAS"

Do you have Wapiti working with Openvas?

If so, can you be more verbose about the wapiti installation, path and directory setup?

craigl123 03-21-2012 03:59 AM

I can certainly try and help, I'm not the strongest person on Linux issues and maybe some of my ways to get things working are "bodged" but when I learn I improve!

Yes, I have a working OV install, well, currently Arachni isn't working but that is an RVM issue which I am working on today, I have had it working previously.

With regards the error from Wapiti in the report about it being empty, I have seen this issue crop up on the IRC channel, I believe it is a time out issue, OV, hasn't given the Wapiti long enough to complete so it is empty.

Does wapiti run from terminal now and are you using v2.21? If so, see how long a scan on the webserver take? This should give you an idea on setting the time out, I have seen reports of 45 minutes, the default for plugins is set to 320 seconds.

craigl123 03-21-2012 04:05 AM

FYI - My OV installation (v4) is on a Debian squeeze box, default install via the OBS.

craigl123 03-21-2012 04:13 AM

Quote:

Originally Posted by shayno90 (Post 4631925)

Also where did you make the script executable in .bashrc or .profile or both?

I will run it now to see if it works.

I haven't added anything to .bashrc, nor .profile, I just added my script to /usr/bin/ and made it executable, see below:

OpenVAS:~# cat /usr/bin/wapiti
#!/bin/sh

cd /usr/local/wapiti/src/
./wapiti.py $*

OpenVAS:~# chmod +x /usr/bin/wapiti


I see from your other posts that we have been installing the supporting apps in the same way! (http://www.hacktoolrepository.com)

shayno90 03-21-2012 06:58 AM

Ok I ran a scan on local web server I set up on the same machine where wapiti is installed but it does not output anything in the index.html.

user@user:/usr/local/wapiti/src$ sudo python wapiti.py http://127.0.1.1 -o my_report_folder -f html
[sudo] password for user:
Wapiti-2.2.1 (wapiti.sourceforge.net)
.
Notice
========
This scan has been saved in the file /usr/local/wapiti/src/scans/127.0.1.1.xml
You can use it to perform attacks without scanning again the web site with the "-k" parameter[*] Loading modules :
mod_crlf, mod_exec, mod_file, mod_sql, mod_xss, mod_backup, mod_htaccess, mod_blindsql, mod_permanentxss, mod_nikto

[+] Launching module crlf

[+] Launching module exec

[+] Launching module file

[+] Launching module sql

[+] Launching module xss

[+] Launching module blindsql

[+] Launching module permanentxss

Report
------
A report has been generated in the file my_report_folder
Open my_report_folder/index.html with a browser to see this report
--------------------------------------------------------------------------------------
I use sudo as otherwise, it states there is a "Problem with local nikto database."

I have apache listening on 0.0.0.0 but have tried scanning 127.0.0.1 and 127.0.1.1
user@user:/usr/local/wapiti/src$ sudo netstat -tlpn | grep apache
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2040/apache2

The scan only lasts 5 seconds so something is wrong when it is this quick and doesn't detect anything. So I cannot change the default timeout to a suitable time.

I will also add the script to /usr/bin but I need to correct this first before proceeding.

I have been successful with setting up the other tools with Openvas but this one is problematic.

http://imageshack.us/photo/my-images...portcheck.png/

I notice also each scan is saved as index.html which automatically overwrites the previous scan index.html which is not helpful to review past scans.

shayno90 03-21-2012 06:05 PM

I saved the wapiti script to /usr/bin
user@user:~$ ls -ld /usr/bin/wapiti
-rwxr--r-- 1 root root 53 2012-03-21 15:14 /usr/bin/wapiti

Also made the wapiti.py and vulnerability.py executable:
user@user:~$ ls -ld /usr/local/wapiti/src/wapiti.py
-rwxr--r-- 1 root root 14632 2012-03-17 21:47 /usr/local/wapiti/src/wapiti.py
user@user:~$ ls -ld /usr/local/wapiti/src/vulnerability.py
-rwxr--r-- 1 root root 1053 2012-03-17 21:47 /usr/local/wapiti/src/vulnerability.py

No change in the Openvas report with the same empty report name error.

How did you configure your scan in Openvas (I am using Greenbone security desktop)?

I created a new scan config and edited the wapiti plugin to a default timeout of 900 seconds.

This did not work either.

Can you provide more information on this as it is becoming less clear what the issue is?

craigl123 03-22-2012 11:10 AM

I have only been using GSA, not a big fan of the desktop application, TB, this is all I have done to get this working, sadly I'm not sure what issues you are running into, maybe someone on the IRC channel can help? atomicturtle and minivanmegafun are usually pretty active + very knowledgeable on OV

IRC Channel can be accessed here http://www.linux.hr/openvas/ or via a IRC client connected to OFTC #openvas

shayno90 03-22-2012 08:28 PM

Thanks craig!123, I will ask on the chat forum for openvas.

I was curious to see how you setup your scan config for wapiti on Greenbone security desktop esp. the timeout option for the wapiti plugin.

Also the directory setup and permissions for /usr/local/wapiti and /usr/bin/wapiti.

If you can assist by showing this, it should help to solve my own wapiti setup.

shayno90 03-30-2012 03:49 AM

Quote:

Originally Posted by craigl123 (Post 4633684)
I have only been using GSA, not a big fan of the desktop application, TB, this is all I have done to get this working, sadly I'm not sure what issues you are running into, maybe someone on the IRC channel can help? atomicturtle and minivanmegafun are usually pretty active + very knowledgeable on OV

IRC Channel can be accessed here http://www.linux.hr/openvas/ or via a IRC client connected to OFTC #openvas

The IRC channel hasn't proved to be of much use, it is quite inactive and very few comments on integrating wapiti.
Ideally, the more information you can provide the better as you seem to be one of a very few to have gotten this working.
Essentially, the directory permissions/owner and locations of wapiti package plus any changes you made on Openvas GSAD scan configs/wapiti plugin timeout.

The more verbose you can be will remove any current issues I have, i.e. show your exact setup step by step.
(I am sure some wapiti install/setup information is missing on my side)

shayno90 04-10-2012 08:30 AM

Ok, I successfully integrated Wapiti-2.2.1 into Openvas as follows:

1.
Download wapiti from sourceforge:
http://sourceforge.net/projects/wapi...test=nocounter

2.
Extract to /usr/local/

3.
Change owner of wapiti directory to root:
root@localhost:~# chown -R root:root /usr/local/wapiti-2.2.1/

4.
Make wapiti.py and vulnerability.py executable:
root@localhost:~# chmod 755 /usr/local/wapiti-2.2.1/src/wapiti.py
root@localhost:~# chmod 755 /usr/local/wapiti-2.2.1/src/vulnerability.py

5.
Create wapiti script in /usr/bin
root@localhost:~# touch /usr/bin/wapiti
root@localhost:~# nano /usr/bin/wapiti

6.
Add this to the script:
Code:

#!/bin/sh
cd /usr/local/wapiti-2.2.1/src/
./wapiti.py $*

7.
Check permissions and owner:
root@localhost:~# ls -ld /usr/bin/wapiti
-rwxr-xr-x 1 root root 59 2012-04-10 10:42 /usr/bin/wapiti

8.
Now when you run a relevant Openvas scan, you should see the following in the report (note my scan detected no wapiti vulnerabilities):
Low
NVT: wapiti (NASL wrapper)
Here is the wapiti report:
Vulnerabilities report -- Wapiti
http://wapiti.sourceforge.net/
This report has been generated by Wapiti Web Application Scanner
--- End of report ---
OID of test routine: 1.3.6.1.4.1.25623.1.0.80110


My own wapiti setup issue was with the permissions and owner of the wapiti script and wapiti source directory as all the advice given to me on this setup neglected to provide this.


All times are GMT -5. The time now is 11:05 AM.