LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 03-20-2012, 10:55 AM   #1
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Rep: Reputation: 21
Wapiti security tool fails to run with Openvas


I recently installed Wapiti in order to run with Openvas Greenbone Security Desktop on Ubuntu 10.04:
http://www.openvas.org/integrated-tools.html

Download page:
http://www.ict-romulus.eu/web/wapiti/home

Although not listed there, there is a section in the Openvas "Full and Ulimate Deep" scan reports related to Wapiti and it gives this error message:

"wapiti could not be found in your system path.
OpenVAS was unable to execute wapiti and to perform the scan you
requested.
Please make sure that wapiti is installed and that wapiti is
available in the PATH variable defined for your environment."

Based on this I then symlinked the wapiti.py script to both /usr/bin and /usr/sbin but got the same error message.

Next based on another suggestion I created a small shellscript to run in $PATH:
Code:
#!/bin/sh
cd //usr/local/src/Wapiti/wapiti-2.2.1/src/
python wapiti.py $*

and adding this line to the end of ~/.profile
#run wapiti script
:/user/scripts/wapiti.sh

Still I get a similar error message in the report about Wapiti.

"wapiti report filename is empty. that could mean that
wrong version of wapiti is used or tmp dir is not accessible.
Make sure to have wapiti 2.x as wapiti 1.x is not supported.
In short: check installation of wapiti and OpenVAS"

I changed the /tmp directory to be user accessible also.

user@user:~$ ls -ld /tmp/
drwxrwxrwt 15 user user 53248 2012-03-20 14:36 /tmp/

In this guide, it explains about running wapiti.py:
http://www.ict-romulus.eu/web/wapiti.../Users%20Guide
-------------------------------------------------------
Examples
python wapiti.py http://server.com/base/url/ -o my_report_folder -f html
python wapiti.py http://server.com/base/url/ -v 2

This examples works if python executable is in the PATH environment variable and you are in the root directory of Wapiti. In other case you cannot execute the application like in the examples and you have to put all the path to Python executable.
For example:
Windows:
C:\Python25\python C:\Wapiti\wapiti.py http://server.com/base/url/ -o my_report_folder -f html

Linux:
/usr/bin/python /home/user/wapiti.py http://server.com/base/url/ -o my_report_folder -f html
-------------------------------------------------------------

Any help would be appreciated!

Last edited by shayno90; 03-20-2012 at 11:18 AM.
 
Old 03-20-2012, 11:50 AM   #2
craigl123
LQ Newbie
 
Registered: Mar 2012
Location: UK
Distribution: Debian
Posts: 5

Rep: Reputation: Disabled
To get around this problem I created a file /usr/bin/wapiti and entered the following:

#!/bin/sh

cd /usr/local/wapiti/src/
./wapiti.py $*

chmod +x it, and ensure wapiti.py is also executable.

Hope this helps
 
1 members found this post helpful.
Old 03-20-2012, 04:06 PM   #3
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by craigl123 View Post
To get around this problem I created a file /usr/bin/wapiti and entered the following:

#!/bin/sh

cd /usr/local/wapiti/src/
./wapiti.py $*

chmod +x it, and ensure wapiti.py is also executable.

Hope this helps
Great, forgot to make it executable:

user@localhost:~$ ls -ld scripts/wapiti.sh
-rw-r--r-- 1 user user 167 2012-03-20 15:28 scripts/wapiti.sh
user@localost:~$ chmod +x scripts/wapiti.sh
user@localhost:~$ ls -ld scripts/wapiti.sh
-rwxr-xr-x 1 user user 167 2012-03-20 15:28 scripts/wapiti.sh

Also where did you make the script executable in .bashrc or .profile or both?

I will run it now to see if it works.
 
Old 03-20-2012, 04:46 PM   #4
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Original Poster
Rep: Reputation: 21
It didn't work unfortunately:

"wapiti report filename is empty. that could mean that
wrong version of wapiti is used or tmp dir is not accessible.
Make sure to have wapiti 2.x as wapiti 1.x is not supported.
In short: check installation of wapiti and OpenVAS"

Do you have Wapiti working with Openvas?

If so, can you be more verbose about the wapiti installation, path and directory setup?
 
Old 03-21-2012, 03:59 AM   #5
craigl123
LQ Newbie
 
Registered: Mar 2012
Location: UK
Distribution: Debian
Posts: 5

Rep: Reputation: Disabled
I can certainly try and help, I'm not the strongest person on Linux issues and maybe some of my ways to get things working are "bodged" but when I learn I improve!

Yes, I have a working OV install, well, currently Arachni isn't working but that is an RVM issue which I am working on today, I have had it working previously.

With regards the error from Wapiti in the report about it being empty, I have seen this issue crop up on the IRC channel, I believe it is a time out issue, OV, hasn't given the Wapiti long enough to complete so it is empty.

Does wapiti run from terminal now and are you using v2.21? If so, see how long a scan on the webserver take? This should give you an idea on setting the time out, I have seen reports of 45 minutes, the default for plugins is set to 320 seconds.
 
Old 03-21-2012, 04:05 AM   #6
craigl123
LQ Newbie
 
Registered: Mar 2012
Location: UK
Distribution: Debian
Posts: 5

Rep: Reputation: Disabled
FYI - My OV installation (v4) is on a Debian squeeze box, default install via the OBS.
 
Old 03-21-2012, 04:13 AM   #7
craigl123
LQ Newbie
 
Registered: Mar 2012
Location: UK
Distribution: Debian
Posts: 5

Rep: Reputation: Disabled
Quote:
Originally Posted by shayno90 View Post

Also where did you make the script executable in .bashrc or .profile or both?

I will run it now to see if it works.
I haven't added anything to .bashrc, nor .profile, I just added my script to /usr/bin/ and made it executable, see below:

OpenVAS:~# cat /usr/bin/wapiti
#!/bin/sh

cd /usr/local/wapiti/src/
./wapiti.py $*

OpenVAS:~# chmod +x /usr/bin/wapiti


I see from your other posts that we have been installing the supporting apps in the same way! (http://www.hacktoolrepository.com)

Last edited by craigl123; 03-21-2012 at 04:17 AM. Reason: Note on http://www.hacktoolrepository.com
 
Old 03-21-2012, 06:58 AM   #8
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Original Poster
Rep: Reputation: 21
Ok I ran a scan on local web server I set up on the same machine where wapiti is installed but it does not output anything in the index.html.

user@user:/usr/local/wapiti/src$ sudo python wapiti.py http://127.0.1.1 -o my_report_folder -f html
[sudo] password for user:
Wapiti-2.2.1 (wapiti.sourceforge.net)
.
Notice
========
This scan has been saved in the file /usr/local/wapiti/src/scans/127.0.1.1.xml
You can use it to perform attacks without scanning again the web site with the "-k" parameter[*] Loading modules :
mod_crlf, mod_exec, mod_file, mod_sql, mod_xss, mod_backup, mod_htaccess, mod_blindsql, mod_permanentxss, mod_nikto

[+] Launching module crlf

[+] Launching module exec

[+] Launching module file

[+] Launching module sql

[+] Launching module xss

[+] Launching module blindsql

[+] Launching module permanentxss

Report
------
A report has been generated in the file my_report_folder
Open my_report_folder/index.html with a browser to see this report
--------------------------------------------------------------------------------------
I use sudo as otherwise, it states there is a "Problem with local nikto database."

I have apache listening on 0.0.0.0 but have tried scanning 127.0.0.1 and 127.0.1.1
user@user:/usr/local/wapiti/src$ sudo netstat -tlpn | grep apache
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 2040/apache2

The scan only lasts 5 seconds so something is wrong when it is this quick and doesn't detect anything. So I cannot change the default timeout to a suitable time.

I will also add the script to /usr/bin but I need to correct this first before proceeding.

I have been successful with setting up the other tools with Openvas but this one is problematic.

http://imageshack.us/photo/my-images...portcheck.png/

I notice also each scan is saved as index.html which automatically overwrites the previous scan index.html which is not helpful to review past scans.

Last edited by shayno90; 03-21-2012 at 07:14 AM. Reason: index.html addition
 
Old 03-21-2012, 06:05 PM   #9
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Original Poster
Rep: Reputation: 21
I saved the wapiti script to /usr/bin
user@user:~$ ls -ld /usr/bin/wapiti
-rwxr--r-- 1 root root 53 2012-03-21 15:14 /usr/bin/wapiti

Also made the wapiti.py and vulnerability.py executable:
user@user:~$ ls -ld /usr/local/wapiti/src/wapiti.py
-rwxr--r-- 1 root root 14632 2012-03-17 21:47 /usr/local/wapiti/src/wapiti.py
user@user:~$ ls -ld /usr/local/wapiti/src/vulnerability.py
-rwxr--r-- 1 root root 1053 2012-03-17 21:47 /usr/local/wapiti/src/vulnerability.py

No change in the Openvas report with the same empty report name error.

How did you configure your scan in Openvas (I am using Greenbone security desktop)?

I created a new scan config and edited the wapiti plugin to a default timeout of 900 seconds.

This did not work either.

Can you provide more information on this as it is becoming less clear what the issue is?
 
Old 03-22-2012, 11:10 AM   #10
craigl123
LQ Newbie
 
Registered: Mar 2012
Location: UK
Distribution: Debian
Posts: 5

Rep: Reputation: Disabled
I have only been using GSA, not a big fan of the desktop application, TB, this is all I have done to get this working, sadly I'm not sure what issues you are running into, maybe someone on the IRC channel can help? atomicturtle and minivanmegafun are usually pretty active + very knowledgeable on OV

IRC Channel can be accessed here http://www.linux.hr/openvas/ or via a IRC client connected to OFTC #openvas

Last edited by craigl123; 03-22-2012 at 11:12 AM. Reason: Added IRC Channel info
 
1 members found this post helpful.
Old 03-22-2012, 08:28 PM   #11
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Original Poster
Rep: Reputation: 21
Thanks craig!123, I will ask on the chat forum for openvas.

I was curious to see how you setup your scan config for wapiti on Greenbone security desktop esp. the timeout option for the wapiti plugin.

Also the directory setup and permissions for /usr/local/wapiti and /usr/bin/wapiti.

If you can assist by showing this, it should help to solve my own wapiti setup.
 
Old 03-30-2012, 03:49 AM   #12
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Original Poster
Rep: Reputation: 21
Quote:
Originally Posted by craigl123 View Post
I have only been using GSA, not a big fan of the desktop application, TB, this is all I have done to get this working, sadly I'm not sure what issues you are running into, maybe someone on the IRC channel can help? atomicturtle and minivanmegafun are usually pretty active + very knowledgeable on OV

IRC Channel can be accessed here http://www.linux.hr/openvas/ or via a IRC client connected to OFTC #openvas
The IRC channel hasn't proved to be of much use, it is quite inactive and very few comments on integrating wapiti.
Ideally, the more information you can provide the better as you seem to be one of a very few to have gotten this working.
Essentially, the directory permissions/owner and locations of wapiti package plus any changes you made on Openvas GSAD scan configs/wapiti plugin timeout.

The more verbose you can be will remove any current issues I have, i.e. show your exact setup step by step.
(I am sure some wapiti install/setup information is missing on my side)
 
Old 04-10-2012, 08:30 AM   #13
shayno90
Member
 
Registered: Oct 2009
Distribution: Debian Lenny 2.6.26 Ubuntu Lucid Lynx 10.04 Windows 7
Posts: 177
Blog Entries: 1

Original Poster
Rep: Reputation: 21
Ok, I successfully integrated Wapiti-2.2.1 into Openvas as follows:

1.
Download wapiti from sourceforge:
http://sourceforge.net/projects/wapi...test=nocounter

2.
Extract to /usr/local/

3.
Change owner of wapiti directory to root:
root@localhost:~# chown -R root:root /usr/local/wapiti-2.2.1/

4.
Make wapiti.py and vulnerability.py executable:
root@localhost:~# chmod 755 /usr/local/wapiti-2.2.1/src/wapiti.py
root@localhost:~# chmod 755 /usr/local/wapiti-2.2.1/src/vulnerability.py

5.
Create wapiti script in /usr/bin
root@localhost:~# touch /usr/bin/wapiti
root@localhost:~# nano /usr/bin/wapiti

6.
Add this to the script:
Code:
#!/bin/sh
cd /usr/local/wapiti-2.2.1/src/
./wapiti.py $*
7.
Check permissions and owner:
root@localhost:~# ls -ld /usr/bin/wapiti
-rwxr-xr-x 1 root root 59 2012-04-10 10:42 /usr/bin/wapiti

8.
Now when you run a relevant Openvas scan, you should see the following in the report (note my scan detected no wapiti vulnerabilities):
Low
NVT: wapiti (NASL wrapper)
Here is the wapiti report:
Vulnerabilities report -- Wapiti
http://wapiti.sourceforge.net/
This report has been generated by Wapiti Web Application Scanner
--- End of report ---
OID of test routine: 1.3.6.1.4.1.25623.1.0.80110


My own wapiti setup issue was with the permissions and owner of the wapiti script and wapiti source directory as all the advice given to me on this setup neglected to provide this.

Last edited by shayno90; 04-10-2012 at 08:32 AM.
 
1 members found this post helpful.
  


Reply

Tags
path, python, script, security, user


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
[SOLVED] Wapiti install script issue shayno90 Linux - Software 10 03-19-2012 10:43 AM
Openvas-manager & openvas-cli Minky Linux - Software 1 04-26-2010 06:59 AM
LXer: Network Security Scanner OpenVAS 2.0.0 Released LXer Syndicated Linux News 0 12-18-2008 06:42 PM
LXer: Security scans with OpenVAS LXer Syndicated Linux News 0 10-09-2008 05:00 PM


All times are GMT -5. The time now is 10:45 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration