cpet/openbsd-ports
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

whisker port

Browse Source
This commit is contained in:
dugsong 1999-11-01 16:10:57 +00:00
parent be7d6a6efb
commit 7c5faefb28
6 changed files with 143 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
security/whisker/Makefile Normal file
View File

@ -0,0 +1,32 @@
# Makefile for: whisker
# Version required: 1.2.0
# Date created: Halloween 1999
# Whom: dugsong@monkey.org
#
# $OpenBSD: Makefile,v 1.1.1.1 1999/11/01 16:10:57 dugsong Exp $
PKGNAME= whisker-1.2.0
DISTNAME= whisker
CATEGORIES= security
MASTER_SITES= http://www.wiretrip.net/rfp/bins/whisker/
MAINTAINER= dugsong@monkey.org
NO_WRKSUBDIR= yes
NO_CONFIGURE= yes
do-build:
(cd ${WRKSRC}; sed "s%y0y0y0%${PREFIX}%g" whisker.pl > whisker)
do-install:
${INSTALL_SCRIPT} ${WRKSRC}/whisker ${PREFIX}/bin
${INSTALL_DATA_DIR} ${PREFIX}/lib/whisker
${INSTALL_DATA} ${WRKSRC}/*.db ${PREFIX}/lib/whisker
${INSTALL_DATA_DIR} ${PREFIX}/share/doc/whisker
${INSTALL_DATA} ${WRKSRC}/whisker.txt ${PREFIX}/share/doc/whisker
.include <bsd.port.mk>

3
security/whisker/files/md5 Normal file
View File

@ -0,0 +1,3 @@
MD5 (whisker.tar.gz) = 0b13a1b32e1a4cbae211e6c4272de5bd
RMD160 (whisker.tar.gz) = 563d48947b987d8c220751e4bcf2cd941c1454a0
SHA1 (whisker.tar.gz) = 861a54ef99fb5a82ae753e0d9fd61ed4696b015f

40
security/whisker/patches/patch-aa Normal file
View File

@ -0,0 +1,40 @@
--- whisker.pl.orig Mon Nov 1 08:40:55 1999
+++ whisker.pl Mon Nov 1 10:46:03 1999
@@ -5,6 +5,8 @@
# (emphasis on massive) -- read the dox for usage infoz
$whisker_version="1.2.0";
+$default_db="y0y0y0/lib/whisker/scan.db";
+
use Socket; use Getopt::Std; # hopefully these are standard :)
getopts("fs:n:vdp:h:l:H:Vu:iINS:EA", \%args);
@@ -33,11 +35,11 @@
wprint("-- whisker / v$whisker_version / rain.forest.puppy / ADM / wiretrip --\n");
-if((!defined $args{n} && !defined $args{h}) && !defined $args{H} || !defined $args{s}){
-print qq~Usage: whisker -s script.file ((-n input.file) | (-h host) | (-H list))
+if((!defined $args{n} && !defined $args{h}) && !defined $args{H}){
+print qq~Usage: whisker (-s script.file) ((-n input.file) | (-h host) | (-H list))
(-l log.file)
- -s specifies the script database file **
+ -s specifies the script database file
-n nmap output (machine format, v2.06+) *
-h scan single host (IP or domain) *
-H host list to scan (file) *
@@ -54,11 +56,11 @@
-S force server version (e.g. -S "Apache/1.3.6")
-A bounce your scans off of altavista.com (using netcraft.com)
- ** required * optional; one must exist
+ * optional; one must exist
~;
exit;}
-$dbfile =$args{s};
+if (defined($args{s})){$dbfile=$args{s};} else {$dbfile=$default_db;}
$nmapfile =$args{n} if defined($args{n});
$singlehost =$args{h} if defined($args{h});
$hostsfile =$args{H} if defined($args{H});

1
security/whisker/pkg/COMMENT Normal file
View File

@ -0,0 +1 @@
next-generation CGI scanner

61
security/whisker/pkg/DESCR Normal file
View File

@ -0,0 +1,61 @@
hacked up whisker.txt, sorry rfp...
---------[ Whisker: next-generation CGI scanner
--[ by rain.forest.puppy / ADM / wiretrip (rfp@wiretrip.net)
Wait...CGI scanning isn't that complex, is it? Well, to do it right,
yes. Why? Hmmm...I can think of a few reasons:
1. /cgi-bin is pretty damn common, I'll give you that. But I've also
been on many a hosting provider that used /cgi-local. And I've seen
people use /cgi, /cgibin, etc.
Point of the point: wouldn't it be nice to define multiple
directories?
2. You know what really irks me? Seeing a CGI scanner thrash around
through /cgi-bin or whatnot, when /cgi-bin doesn't even exist.
Point of the point: save noise/time by querying parent dirs
3. Why should I query for, say, test-cgi on an IIS server? Or
/scripts/samples/details.idc on Apache?
Point of the point: tailor your scan to the server you're scanning
4. Virtual hosts.
Point of the point: there's a whole 'nother world out there hiding
behind virtual hosts--and you may not be scanning who you think you
really are
5. Some places user custom error pages. Unfortunately, the
implementation is such that instead of generating a 404 'not found',
you always get a 200 'success', with HTML to indicate the missing
page.
Point of the point: being able to minimize this anomaly would lessen
false positives
6. More wishes: at a decent rate, it seems more CGI and webserver
problems are found. Plus, I might like to customize which scans I
want to do against a particular host.
Point of the point: if this was all scriptable, that'd be nifty
7. Input sources. Sometimes I want to just feed in output from nmap
(after all, it has a list of the found open port 80's, right?),
sometimes just a laundry list of IPs/domains, and sometimes, I'd just
like to do a single host on the command line.
Point of the point: flexibility of input would be nice as well.
8. IDS/log avoidance.
Point of the point: being able to spoof IDSs would be a nice feature
Well, that's enough wishes, don't you think? Now, do they come
true....
----[ Whisker has all that, plus a bonus feature or two :)

6
security/whisker/pkg/PLIST Normal file
View File

@ -0,0 +1,6 @@
bin/whisker
lib/whisker/scan.db
lib/whisker/server.db
@dirrm lib/whisker
share/doc/whisker/whisker.txt
@dirrm share/doc/whisker