Webshag is a multi-threaded, multi-platform web server audit tool. Written in

Python, it gathers commonly useful functionalities for web server auditing like
website crawling, URL scanning or file fuzzing.

WWW: http://www.scrt.ch/en/attack/downloads/webshag

PR:		ports/187676
Submitted by:	clutton@zoho.com

6 files changed, 211 insertions, 0 deletions

diff --git a/security/Makefile b/security/Makefile
index 16651f19b07f..dc900d8dc697 100644
--- a/security/Makefile
+++ b/security/Makefile
@@ -1005,6 +1005,7 @@
     SUBDIR += wapiti
     SUBDIR += webfwlog
     SUBDIR += webscarab
+    SUBDIR += webshag
     SUBDIR += whatweb
     SUBDIR += wipe
     SUBDIR += xca
diff --git a/security/webshag/Makefile b/security/webshag/Makefile
new file mode 100644
index 000000000000..549131fb5b17
--- /dev/null
+++ b/security/webshag/Makefile
@@ -0,0 +1,55 @@
+# $FreeBSD$
+
+PORTNAME=	webshag
+PORTVERSION=	1.10
+CATEGORIES=	security www
+MASTER_SITES=	http://www.scrt.ch/outils/webshag/
+DISTNAME=	ws110
+
+MAINTAINER=	clutton@zoho.com
+COMMENT=	Multi-threaded, multi-platform web server audit tool
+
+LICENSE=	GPLv3
+
+USES=		python:2.7 dos2unix
+USE_PYTHON=distutils
+PYSETUP=	setup.linux.py
+
+NO_WRKSUBDIR=	yes
+
+OPTIONS_DEFINE=	NMAP WXGTK
+OPTIONS_DEFAULT=NMAP
+OPTIONS_SUB=	yes
+
+.include <bsd.port.options.mk>
+
+.if ${PORT_OPTIONS:MNMAP}
+BUILD_DEPENDS+=	${LOCALBASE}/bin/nmap:${PORTSDIR}/security/nmap
+.endif
+
+.if ${PORT_OPTIONS:MWXGTK}
+USE_WX=		2.6+
+WX_COMPS=	python:run
+.endif
+
+post-patch:
+	@${MV} ${WRKSRC}/config ${WRKSRC}/etc
+	@${REINPLACE_CMD} -e 's|#!/usr/bin/python|#!/usr/bin/env python|g' \
+		${WRKSRC}/webshag_cli.py
+	@${REINPLACE_CMD} -e 's|#!/usr/bin/python|#!/usr/bin/env python|g' \
+		${WRKSRC}/webshag_gui.py
+
+do-install:
+.if ${PORT_OPTIONS:MWXGTK}
+	${INSTALL_SCRIPT} ${WRKSRC}/webshag_gui.py \
+		${STAGEDIR}${PREFIX}/bin/webshag_gui
+.endif
+	${INSTALL_SCRIPT} ${WRKSRC}/webshag_cli.py \
+		${STAGEDIR}${PREFIX}/bin/webshag_cli
+	@${INSTALL_DATA} ${WRKSRC}/etc/webshag.conf ${STAGEDIR}${PREFIX}/etc
+	(cd ${WRKSRC}/database && ${COPYTREE_SHARE} . \
+		${STAGEDIR}${PREFIX}/share/webshag)
+	(cd ${WRKSRC}/webshag && ${COPYTREE_SHARE} . \
+		${STAGEDIR}${PYTHON_SITELIBDIR}/webshag)
+
+.include <bsd.port.mk>
diff --git a/security/webshag/distinfo b/security/webshag/distinfo
new file mode 100644
index 000000000000..19adbbe9467e
--- /dev/null
+++ b/security/webshag/distinfo
@@ -0,0 +1,2 @@
+SHA256 (ws110.tar.gz) = a1ea1cc0c87e44a19fad7edc1658c6c57705aa1fc3ff3304f1e4a669b523a049
+SIZE (ws110.tar.gz) = 1512389
diff --git a/security/webshag/files/patch-setup_linux_py b/security/webshag/files/patch-setup_linux_py
new file mode 100644
index 000000000000..172aa33ad857
--- /dev/null
+++ b/security/webshag/files/patch-setup_linux_py
@@ -0,0 +1,99 @@
+--- /tmp/setup.linux.py	2014-08-29 20:27:32.000000000 +0300
++++ setup.linux.py	2014-08-29 20:57:35.000000000 +0300
+@@ -24,21 +24,21 @@
+ ##                                INIT                               ##
+ ## ################################################################# ##
+ 
+-path_prefix = os.path.abspath(os.path.curdir) + '/'
++path_prefix = '/usr/local/'
+ 
+ ## ################################################################# ##
+ ##                            CONSTANTS                              ##
+ ## ################################################################# ##
+ 
+-NMAP = u'/usr/bin/nmap'
++NMAP = u'/usr/local/bin/nmap'
+ CORE_FILE = u'webshag/core/core_file.py'
+-CFG_FILE = u'config/webshag.conf'
+-FUZZ_DIRS = path_prefix + u'/database/fuzzer/directory-list-2.3-small.txt'
+-FUZZ_FILES = path_prefix + u'/database/fuzzer/directory-list-1.0.txt'
+-FUZZ_EXT = path_prefix + u'/database/fuzzer/extensions.txt'
+-CUSTOM_DB = path_prefix + u'/database/custom'
+-NIKTO_DB = path_prefix + u'/database/nikto'
+-IDS_PROXIES = path_prefix + u'/database/proxies/proxies.txt'
++CFG_FILE = u'etc/webshag.conf'
++FUZZ_DIRS = path_prefix + u'share/webshag/fuzzer/directory-list-2.3-small.txt'
++FUZZ_FILES = path_prefix + u'share/webshag/fuzzer/directory-list-1.0.txt'
++FUZZ_EXT = path_prefix + u'share/webshag/fuzzer/extensions.txt'
++CUSTOM_DB = path_prefix + u'share/webshag/custom'
++NIKTO_DB = path_prefix + u'share/webshag/nikto'
++IDS_PROXIES = path_prefix + u'share/webshag/proxies/proxies.txt'
+ 
+ CORE_CFG_RE = re.compile(ur'CFG_FILE\s=\s(?P<path>.*)')
+ 
+@@ -55,7 +55,7 @@
+ 
+ else:
+     print u'Not Found!'
+-    user_nmap = raw_input(u'[#] Please specify Nmap (nmap.exe) location (blank to skip): ')
++    user_nmap = ''
+     if user_nmap != '':
+         if os.path.isfile(user_nmap):
+             nmap = 'True'
+@@ -73,13 +73,8 @@
+ ##                         LIVE SEARCH APPID                         ##
+ ## ################################################################# ##
+ 
+-user_live = raw_input(u'[#] Enter your Live Search AppID (blank to skip): ')
+-if user_live != '':
+-    live_id = user_live
+-    print u'[*] Live Search AppID: ' + user_live + u'\t Done!'
+-else:
+-    live_id = ''
+-    print u'[!] AppID missing. Domain information module will not be functional.'
++live_id = 'False'
++print u'[!] AppID missing. Insert your LiveID into etc/webshag.conf.'
+ 
+ ## ################################################################# ##
+ ##                          ALTERING FILES                           ##
+@@ -92,14 +87,14 @@
+ # core_file.py
+ print u'[*] Patching source code (configuration file location)...\t',
+ # reading file
+-core_file_handler = codecs.open(core_file, u'r', u'utf-8')
++core_file_handler = codecs.open(u'webshag/core/core_file.py', u'r', u'utf-8')
+ core_file_contents = core_file_handler.read()
+ core_file_handler.close()
+ # replacing path value
+ old_path = CORE_CFG_RE.findall(core_file_contents)[-1]
+ core_file_contents = core_file_contents.replace(old_path, '\'' + cfg_file + '\'')
+ # writing file back
+-core_file_handler = codecs.open(core_file, u'w', u'utf-8')
++core_file_handler = codecs.open(u'webshag/core/core_file.py', u'w', u'utf-8')
+ core_file_handler.write(core_file_contents)
+ core_file_handler.close()
+ print u'Done!'
+@@ -107,7 +102,7 @@
+ # webshag.conf
+ print u'[*] Fixing configuration file settings...\t',
+ configParser = SafeConfigParser()
+-configParser.readfp(codecs.open(cfg_file, u'r', u'utf-8')) 
++configParser.readfp(codecs.open(u'etc/webshag.conf', u'r', u'utf-8')) 
+ configParser.set(u'core_file', u'fuzzer_file_list', FUZZ_FILES)
+ configParser.set(u'core_file', u'fuzzer_dir_list', FUZZ_DIRS)
+ configParser.set(u'core_file', u'fuzzer_ext_list', FUZZ_EXT)
+@@ -117,7 +112,7 @@
+ configParser.set(u'module_info', u'live_id', live_id)
+ configParser.set(u'module_portscan', u'nmap', nmap)
+ configParser.set(u'module_portscan', u'nmap_location', nmap_location)
+-cfg_file_handler = codecs.open(cfg_file, u'w', u'utf-8')
++cfg_file_handler = codecs.open(u'etc/webshag.conf', u'w', u'utf-8')
+ configParser.write(cfg_file_handler)
+ cfg_file_handler.close()
+ print u'Done!'
+@@ -129,5 +124,3 @@
+ print ''
+ print 'Thanks for your interest in webshag! It is now ready to be used!'
+ print 'Enjoy! For more information please visit www.scrt.ch'
+-print ''
+-raw_input('Press any key to exit.\n')
diff --git a/security/webshag/pkg-descr b/security/webshag/pkg-descr
new file mode 100644
index 000000000000..fe6d0a5f06bd
--- /dev/null
+++ b/security/webshag/pkg-descr
@@ -0,0 +1,5 @@
+Webshag is a multi-threaded, multi-platform web server audit tool. Written in
+Python, it gathers commonly useful functionalities for web server auditing like
+website crawling, URL scanning or file fuzzing.
+
+WWW: http://www.scrt.ch/en/attack/downloads/webshag
diff --git a/security/webshag/pkg-plist b/security/webshag/pkg-plist
new file mode 100644
index 000000000000..de87b582767b
--- /dev/null
+++ b/security/webshag/pkg-plist
@@ -0,0 +1,49 @@
+bin/webshag_cli
+%%WXGTK%%bin/webshag_gui
+%%ETCDIR%%.conf
+%%PYTHON_SITELIBDIR%%/webshag/__init__.py
+%%PYTHON_SITELIBDIR%%/webshag/core/__init__.py
+%%PYTHON_SITELIBDIR%%/webshag/core/core_error.py
+%%PYTHON_SITELIBDIR%%/webshag/core/core_file.py
+%%PYTHON_SITELIBDIR%%/webshag/core/core_http.py
+%%PYTHON_SITELIBDIR%%/webshag/core/core_utilities.py
+%%PYTHON_SITELIBDIR%%/webshag/export/__init__.py
+%%PYTHON_SITELIBDIR%%/webshag/export/export.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/__init__.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/gui.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/gui_fuzz.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/gui_images.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/gui_info.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/gui_pscan.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/gui_spider.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/gui_uscan.py
+%%PYTHON_SITELIBDIR%%/webshag/gui/gui_widgets.py
+%%PYTHON_SITELIBDIR%%/webshag/modules/__init__.py
+%%PYTHON_SITELIBDIR%%/webshag/modules/module_fuzz.py
+%%PYTHON_SITELIBDIR%%/webshag/modules/module_info.py
+%%PYTHON_SITELIBDIR%%/webshag/modules/module_pscan.py
+%%PYTHON_SITELIBDIR%%/webshag/modules/module_spider.py
+%%PYTHON_SITELIBDIR%%/webshag/modules/module_uscan.py
+%%PYTHON_SITELIBDIR%%/webshag/update/__init__.py
+%%PYTHON_SITELIBDIR%%/webshag/update/update.py
+%%DATADIR%%/custom/banners.db
+%%DATADIR%%/custom/custom_tests.db
+%%DATADIR%%/fuzzer/directory-list-1.0.txt
+%%DATADIR%%/fuzzer/directory-list-2.3-small.txt
+%%DATADIR%%/fuzzer/extensions.txt
+%%DATADIR%%/nikto/db_tests
+%%DATADIR%%/nikto/db_variables
+%%DATADIR%%/proxies/proxies.txt
+@dirrmtry %%DATADIR%%/proxies
+@dirrmtry %%DATADIR%%/nikto
+@dirrmtry %%DATADIR%%/fuzzer
+@dirrmtry %%DATADIR%%/custom
+@dirrmtry %%DATADIR%%
+@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/update
+@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/modules
+@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/gui
+@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/export
+@dirrmtry %%PYTHON_SITELIBDIR%%/webshag/core
+@dirrmtry %%PYTHON_SITELIBDIR%%/webshag
+@dirrmtry %%PYTHON_SITELIBDIR%%
+@dirrmtry %%PYTHON_LIBDIR%%