Updated w3af and ZAP. v1.4.5

0a6be898 · Zitnik, Anze · 96d0b134 · 0a6be898 · 0a6be898 · 0a6be898
Commit 0a6be898 authored 2 years ago by Zitnik, Anze
--- a/MANIFEST
+++ b/MANIFEST
-VERSION=v1.4.4
+VERSION=v1.4.5
 SERVICE=vat-genscan

--- a/install/base.sh
+++ b/install/base.sh
@@ -3,10 +3,21 @@
 set -e

 apt update
-apt install -y wget unzip git python3-dev python3-pip python2.7-dev curl vim
+apt install -y wget unzip git python3-dev python3-pip python2.7-dev curl vim build-essential
 cd /tmp
 mkdir -p /service
 #newer version of pip2 than through apt
 wget -nv https://bootstrap.pypa.io/pip/2.7/get-pip.py
 python2.7 get-pip.py

+# openssl 1.1.1
+cd /tmp
+wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/openssl/1.1.1-1ubuntu1/openssl_1.1.1.orig.tar.gz
+tar xf openssl_1.1.1.orig.tar.gz
+cd openssl-1.1.1
+./config
+make
+make install
+
+# make wget use proper root CA certs
+printf "\nca_directory=/etc/ssl/certs" | tee -a /etc/wgetrc
--- a/install/cscan.sh
+++ b/install/cscan.sh
@@ -4,7 +4,7 @@ set -e

 cd /tmp

-apt install -y libpq-dev
+apt install -y libpq-dev libjpeg-dev zlib1g-dev

 #rust (needed for cryptography)
 curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y
@@ -22,4 +22,3 @@ patch /service/cscan/plugin/w3af.py /tmp/w3af-plugin.patch
 patch /service/cscan/cscan.py /tmp/cscan.patch
 echo "" > /service/cscan/ips.txt
 echo "" > /service/cscan/websites.txt
-
--- a/install/requirements.txt
+++ b/install/requirements.txt
@@ -5,7 +5,7 @@ backports-abc==0.5
 biplist==1.0.3
 blinker==1.4
 bravado==9.2.2
-bravado-core==5.12.1
+bravado-core==5.15.0
 certifi==2018.11.29
 cffi==1.12.2
 chardet==3.0.4
@@ -24,7 +24,7 @@ future==0.17.1
 futures==3.2.0
 gitdb==0.6.4
 gitdb2==2.0.5
-GitPython==2.1.3
+GitPython==2.1.15
 guess-language==0.2
 halberd==0.2.4
 hpack==3.0.0
@@ -91,6 +91,7 @@ tblib==0.2.0
 termcolor==1.1.0
 tldextract==1.7.2
 tornado==5.1.1
+typing==3.10.0.0
 urllib3==1.24.1
 urwid==2.0.1
 vulndb==0.1.1

--- a/install/w3af.sh
+++ b/install/w3af.sh
@@ -3,7 +3,7 @@
 set -e

 #requirements for w3af
-apt install -y build-essential libxml2-dev libxslt1-dev zlib1g-dev libssl-dev
+apt install -y libxml2-dev libxslt1-dev zlib1g-dev
 #w3af_api_client for python3
 wget -nv https://github.com/andresriancho/w3af-api-client/archive/master.zip
 unzip master.zip
@@ -17,16 +17,17 @@ cd /tmp
 #pip (again) only because strict w3af dependency checks
 apt install -y python-pip
 pip2 install -r /tmp/requirements.txt
-pip2 install git+git://github.com/hay/xml2json.git@3a674efad91e0f1e978babc41a72f297d5e5144b
+pip2 install https://github.com/hay/xml2json/zipball/master
 #node and retire
 apt install -y npm
-npm install -g retire
+npm install -g retire@2.0.3
+npm update -g retire
 #W3AF
 apt install -y libffi-dev libsqlite3-dev libyaml-dev
 cd /tmp
-wget -nv https://github.com/andresriancho/w3af/archive/1910600684c22c767a1105fbfcb051db73ad1280.zip
-unzip -q 1910600684c22c767a1105fbfcb051db73ad1280.zip
-mv w3af-1910600684c22c767a1105fbfcb051db73ad1280 /service/w3af
+wget -nv https://github.com/andresriancho/w3af/archive/cd22e5252243a87aaa6d0ddea47cf58dacfe00a9.zip
+unzip -q cd22e5252243a87aaa6d0ddea47cf58dacfe00a9.zip
+mv w3af-cd22e5252243a87aaa6d0ddea47cf58dacfe00a9 /service/w3af

 ## for authenticated scans
 #cp ~/extended_generic.py w3af/plugins/auth/

--- a/install/zap.sh
+++ b/install/zap.sh
@@ -2,9 +2,8 @@

 set -e

-apt install -y openjdk-8-jre
+apt install -y openjdk-11-jre
 cd /tmp
-wget -nv https://github.com/zaproxy/zaproxy/releases/download/v2.9.0/ZAP_2.9.0_Linux.tar.gz
-tar xzf ZAP_2.9.0_Linux.tar.gz
-mv ZAP_2.9.0 /service/ZAP
-
+wget -nv https://github.com/zaproxy/zaproxy/releases/download/v2.12.0/ZAP_2.12.0_Linux.tar.gz
+tar xzf ZAP_2.12.0_Linux.tar.gz
+mv ZAP_2.12.0 /service/ZAP