update to 1.3.0a - 1.2.0 no longer available

2000-01-06 18:56:57 +00:00 · 2000-01-06 18:56:57 +00:00 · f234a0d152
commit f234a0d152
parent 9fadc61dd5
5 changed files with 95 additions and 50 deletions
--- a/security/whisker/Makefile
+++ b/security/whisker/Makefile
@ -3,19 +3,19 @@
 # Date created:		Halloween 1999
 # Whom:			dugsong@monkey.org
 #
-# $OpenBSD: Makefile,v 1.1.1.1 1999/11/01 16:10:57 dugsong Exp $
+# $OpenBSD: Makefile,v 1.2 2000/01/06 18:56:57 dugsong Exp $

-PKGNAME=	whisker-1.2.0
-
-DISTNAME=	whisker
+PKGNAME=	whisker-1.3.0a

 CATEGORIES=	security

-MASTER_SITES=	http://www.wiretrip.net/rfp/bins/whisker/
-
 MAINTAINER=	dugsong@monkey.org

-NO_WRKSUBDIR=	yes
+MASTER_SITES=	http://www.wiretrip.net/rfp/bins/whisker/
+
+DISTNAME=	whisker
+
+WRKSRC=		${WRKDIR}/v1.3

 NO_CONFIGURE=	yes

@ -24,8 +24,8 @@ do-build:

 do-install:
 		${INSTALL_SCRIPT} ${WRKSRC}/whisker ${PREFIX}/bin
-		${INSTALL_DATA_DIR} ${PREFIX}/lib/whisker
-		${INSTALL_DATA} ${WRKSRC}/*.db ${PREFIX}/lib/whisker
+		${INSTALL_DATA_DIR} ${PREFIX}/share/whisker
+		${INSTALL_DATA} ${WRKSRC}/*.db ${PREFIX}/share/whisker
 		${INSTALL_DATA_DIR} ${PREFIX}/share/doc/whisker
 		${INSTALL_DATA} ${WRKSRC}/whisker.txt ${PREFIX}/share/doc/whisker

--- a/security/whisker/files/md5
+++ b/security/whisker/files/md5
@ -1,3 +1,3 @@
-MD5 (whisker.tar.gz) = 0b13a1b32e1a4cbae211e6c4272de5bd
-RMD160 (whisker.tar.gz) = 563d48947b987d8c220751e4bcf2cd941c1454a0
-SHA1 (whisker.tar.gz) = 861a54ef99fb5a82ae753e0d9fd61ed4696b015f
+MD5 (whisker.tar.gz) = 4a89a0b6b991891c244c9fa6ffd42b0b
+RMD160 (whisker.tar.gz) = e6c10df5a7a13e9e517c22ad8758e80f54c5ca18
+SHA1 (whisker.tar.gz) = a232a72768c903ce01f5c41403b6be7e5601b871
--- a/security/whisker/patches/patch-aa
+++ b/security/whisker/patches/patch-aa
@ -1,40 +1,83 @@
--- whisker.pl.orig	Mon Nov  1 08:40:55 1999
-+++ whisker.pl	Mon Nov  1 10:46:03 1999
-@@ -5,6 +5,8 @@
- # (emphasis on massive) -- read the dox for usage infoz
+--- whisker.pl.orig	Thu Dec 23 20:25:05 1999
+++ whisker.pl	Thu Jan  6 13:42:58 2000
+@@ -6,10 +6,8 @@
+ 
+ $whisker_version="1.3.0a";
+ 
+-# attempt to find where the script is; deal with both Unix and Win (/ vs \)
+-$WHEREIS_WHISKER=$0; # this should be the path to the script
+-$WHEREIS_WHISKER=~s/[^\/\\]+$//; # hack off the name of the script
+-# we should be left over with the path
+# where the db files are
+$WHEREIS_WHISKER="y0y0y0/share/whisker/";
 
- $whisker_version="1.2.0";
-+$default_db="y0y0y0/lib/whisker/scan.db";
-+
 use Socket; use Getopt::Std; # hopefully these are standard :)
+ getopts("fs:n:vdp:h:l:H:Vu:iI:A:NS:EaF:B:PM:", \%args);
+@@ -50,7 +48,7 @@
+ 	-h+ *scan single host (IP or domain)
+ 	-H+ *host list to scan (file)
+ 	-F+ *(for unix multi-threaded front end use only)
+-	-s+  specifies the script database file (defaults to scan.db)
+	-s   specifies the script database file (defaults to scan.db)
+ 	-V   use virtual hosts when possible
+ 	-N   query Netcraft for server OS guess
+ 	-S+  force server version (e.g. -S "Apache/1.3.6")
+@@ -93,7 +91,7 @@
 
- getopts("fs:n:vdp:h:l:H:Vu:iINS:EA", \%args);
-@@ -33,11 +35,11 @@
+ # new to v1.3--default to scan.db
+ if(defined $args{s}){ $dbfile=$args{s};} 
+-else {$dbfile="scan.db";}
+else {$dbfile=$WHEREIS_WHISKER."scan.db";}
 
- wprint("-- whisker / v$whisker_version / rain.forest.puppy / ADM / wiretrip --\n");
- 
-if((!defined $args{n} && !defined $args{h}) && !defined $args{H} || !defined $args{s}){
-print qq~Usage:  whisker -s script.file ((-n input.file) | (-h host) | (-H list))
-+if((!defined $args{n} && !defined $args{h}) && !defined $args{H}){
-+print qq~Usage:  whisker (-s script.file) ((-n input.file) | (-h host) | (-H list))
- 		(-l log.file)
- 
-	-s specifies the script database file     **
-+	-s specifies the script database file
- 	-n nmap output (machine format, v2.06+)   *
- 	-h scan single host (IP or domain)        *
- 	-H host list to scan (file)               *
-@@ -54,11 +56,11 @@
- 	-S force server version (e.g. -S "Apache/1.3.6")
- 	-A bounce your scans off of altavista.com (using netcraft.com)
- 
- 	** required     * optional; one must exist
-+ 	* optional; one must exist
- ~; 
- exit;}
- 
-$dbfile		=$args{s};
-+if (defined($args{s})){$dbfile=$args{s};} else {$dbfile=$default_db;}
 $nmapfile	=$args{n} if defined($args{n});
 $singlehost	=$args{h} if defined($args{h});
- $hostsfile	=$args{H} if defined($args{H});
+@@ -176,7 +174,7 @@
+ 
+ # experimental SSL support; only available within scripts
+ $D{'XXUseSSL'}=0;
+-$D{'XXSSLPath'}="/usr/local/ssl/bin/openssl";
+$D{'XXSSLPath'}="/usr/sbin/openssl";
+ 
+ if($proxy eq "1"){  #setup proxy stuff - icky icky, gross gross!
+   verbose("- Proxy: $proxy_addy Port: $proxy_port");
+@@ -205,18 +203,18 @@
+ #	wprint("- Using Anonymizer bounce scan");}
+ # I'm tired; I don't want to code this!
+ elsif($args{B}==4){
+-	if(!-e $WHEREIS_WHISKER."proxlist.txt"){
+	if(!-e "proxlist.txt"){
+ 		print "Whoa!  Run -P to get a proxy list first\n\n";
+ 		exit;}
+ 	wprint("- Using distributed proxy-bounce scan");
+ 	$D{'XXDistProxy'}=1;
+ 	wprint("- Randomizing proxlist.txt...");
+-	open(IN,"<$WHEREIS_WHISKER".'proxlist.txt');
+	open(IN,"<proxlist.txt");
+ 	@temp=<IN>; close(IN);
+ 	array_shuffle(\@temp);
+-	open(OUT,">$WHEREIS_WHISKER"."prox$$.txt");
+	open(OUT,">prox$$.txt");
+ 	print OUT @temp; close(OUT); undef @temp;	
+-	open(PROXYIN,"<$WHEREIS_WHISKER"."prox$$.txt");}
+	open(PROXYIN,"<prox$$.txt");}
+ else {
+ 	print "Unknown Bounce type.\n"; exit; }
+ 
+@@ -563,7 +561,7 @@
+ $GLOBAL_WHISKER_LOOP_CONTROL=1;
+ $nmapfile=$singlehost="";
+ $hostsfile="dumb$$.lst"; # we made a list of dumb servers
+-$dbfile="dumb.db";
+$dbfile=$WHEREIS_WHISKER."dumb.db";
+ $D{'XXRescanDumb'}=0; $GLOBAL_WHISKER_NOMORE_DUMB=1;}
+ 
+ } # this is the $GLOBAL_WHISKER_LOOP_CONTROL while() loop
+@@ -1055,7 +1053,7 @@
+ 		"\nTry again in a few minutes\n\n"; exit;}
+ 
+ 	array_shuffle(\@lines);
+-	open(OUT, ">$WHEREIS_WHISKER".'proxlist.txt');
+	open(OUT, ">proxlist.txt");
+ 	print OUT @lines;
+ 	close(OUT); # all this ugly code for anonymous proxies..geez...
+ 
--- a/security/whisker/pkg/COMMENT
+++ b/security/whisker/pkg/COMMENT
@ -1 +1 @@
-next-generation CGI scanner
+stealthy webserver vulnerability scanner
--- a/security/whisker/pkg/PLIST
+++ b/security/whisker/pkg/PLIST
@ -1,6 +1,8 @@
 bin/whisker
-lib/whisker/scan.db
-lib/whisker/server.db
-@dirrm lib/whisker
+share/whisker/brute.db
+share/whisker/dumb.db
+share/whisker/scan.db
+share/whisker/server.db
+@dirrm share/whisker
 share/doc/whisker/whisker.txt
@dirrm share/doc/whisker