kali-linux 安装w3af
L-DiCaprio 人气:3更换国内源
vi /etc/apt/sources.list
deb https://mirrors.aliyun.com/kali kali-rolling main non-free contrib deb-src https://mirrors.aliyun.com/kali kali-rolling main non-free contrib
从github上面下载w3af
https://github.com/andresriancho/w3af
下载完成后放到kali里面去解压就可以,我放在了/usr/w3af目录下面。
查看kali上的python版本
python --version
如果是3.10的版本,再用下面这条命令看kali上面装了几个python版本,一般是3个
ll /usr/bin | grep python
-rwxr-xr-x 1 root root 967 11月 17 2020 apython -rwxr-xr-x 1 root root 2336 7月 25 2018 dh_python3-ply -rwxr-xr-x 1 root root 963 1月 24 15:22 ipython3 lrwxrwxrwx 1 root root 23 3月 28 16:47 pdb2.7 -> ../lib/python2.7/pdb.py lrwxrwxrwx 1 root root 24 3月 24 09:07 pdb3.10 -> ../lib/python3.10/pdb.py lrwxrwxrwx 1 root root 23 3月 24 09:02 pdb3.9 -> ../lib/python3.9/pdb.py lrwxrwxrwx 1 root root 31 5月 1 18:33 py3versions -> ../share/python3/py3versions.py -rwxr-xr-x 1 root root 953 5月 1 2021 pybabel-python3 lrwxrwxrwx 1 root root 24 6月 19 05:41 python -> /etc/alternatives/python lrwxrwxrwx 1 root root 9 7月 28 2021 python2 -> python2.7 -rwxr-xr-x 1 root root 3533496 3月 28 16:47 python2.7 lrwxrwxrwx 1 root root 33 3月 28 16:47 python2.7-config -> x86_64-linux-gnu-python2.7-config lrwxrwxrwx 1 root root 10 5月 1 18:33 python3 -> python3.10 -rwxr-xr-x 1 root root 5540696 3月 24 09:07 python3.10 lrwxrwxrwx 1 root root 34 3月 24 09:07 python3.10-config -> x86_64-linux-gnu-python3.10-config -rwxr-xr-x 1 root root 5447080 3月 24 09:02 python3.9 -rwxr-xr-x 1 root root 963 4月 23 15:15 python3-commonmark lrwxrwxrwx 1 root root 17 5月 1 18:33 python3-config -> python3.10-config -rwxr-xr-x 1 root root 960 12月 23 2020 python3-futurize -rwxr-xr-x 1 root root 964 12月 23 2020 python3-pasteurize -rwxr-xr-x 1 root root 945 10月 21 2021 python3-qr -rwxr-xr-x 1 root root 977 3月 27 16:47 python-dotenv lrwxrwxrwx 1 root root 7 4月 13 11:26 python-faraday -> faraday lrwxrwxrwx 1 root root 29 7月 28 2021 pyversions -> ../share/python/pyversions.py -rwxr-xr-x 1 root root 2970 3月 28 16:47 x86_64-linux-gnu-python2.7-config -rwxr-xr-x 1 root root 3154 3月 24 09:07 x86_64-linux-gnu-python3.10-config lrwxrwxrwx 1 root root 34 5月 1 18:33 x86_64-linux-gnu-python3-config -> x86_64-linux-gnu-python3.10-config
我的python有2.7,3.9和3.10三个版本。
接下来设置切换python版本:
┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1 update-alternatives: 使用 /usr/bin/python2.7 来在自动模式中提供 /usr/bin/python (python) ┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# update-alternatives --install /usr/bin/python python /usr/bin/python3.9 2 update-alternatives: 使用 /usr/bin/python3.9 来在自动模式中提供 /usr/bin/python (python) ┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# update-alternatives --install /usr/bin/python python /usr/bin/python3.10 3 update-alternatives: 使用 /usr/bin/python3.10 来在自动模式中提供 /usr/bin/python (python) ┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# update-alternatives --config python 有 3 个候选项可用于替换 python (提供 /usr/bin/python)。 选择 路径 优先级 状态 ------------------------------------------------------------ * 0 /usr/bin/python3.10 3 自动模式 1 /usr/bin/python2.7 1 手动模式 2 /usr/bin/python3.10 3 手动模式 3 /usr/bin/python3.9 2 手动模式 要维持当前值[*]请按<回车键>,或者键入选择的编号:1 update-alternatives: 使用 /usr/bin/python2.7 来在手动模式中提供 /usr/bin/python (python) ┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# python --version Python 2.7.18
设置完成后切换到python2.7版本
下载所需要的依赖包
第一个是pip包
┌──(root㉿kali)-[/usr/w3af/w3af-master/w3af] └─# wget https://bootstrap.pypa.io/pip/2.7/get-pip.py --2022-06-19 05:48:07-- https://bootstrap.pypa.io/pip/2.7/get-pip.py 正在解析主机 bootstrap.pypa.io (bootstrap.pypa.io)... 146.75.112.175, 2a04:4e42:8c::175 正在连接 bootstrap.pypa.io (bootstrap.pypa.io)|146.75.112.175|:443... 已连接。 已发出 HTTP 请求,正在等待回应... 200 OK 长度:1908226 (1.8M) [text/x-python] 正在保存至: “get-pip.py” get-pip.py 100%[==============================>] 1.82M 31.0KB/s 用时 96s 2022-06-19 05:49:49 (19.5 KB/s) - 已保存 “get-pip.py” [1908226/1908226])
接下来安装pip.py
┌──(root㉿kali)-[/usr/w3af/w3af-master/w3af] └─# python get-pip.py DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at http://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality. Collecting pip<21.0 Downloading pip-20.3.4-py2.py3-none-any.whl (1.5 MB) |████████████████████████████████| 1.5 MB 4.0 kB/s Collecting wheel Downloading wheel-0.37.1-py2.py3-none-any.whl (35 kB) Installing collected packages: pip, wheel Successfully installed pip-20.3.4 wheel-0.37.1
尝试启动
┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# ./w3af_console w3af's requirements are not met, one or more third-party libraries need to be installed. On Kali systems please install the following operating system packages before running the pip installer: sudo apt-get -y install npm python-setuptools python-pip libssl-dev python2.7-dev libsqlite3-dev libxslt1-dev libyaml-dev Your python installation needs the following modules to run w3af: pyclamd github git.util pybloomfilter phply nltk chardet tblib pdfminer concurrent.futures OpenSSL ndg pyasn1 lxml scapy.config guess_language cluster msgpack ntlm Halberd darts.lib.utils jinja2 vulndb markdown psutil ds_store termcolor mitmproxy ruamel.ordereddict Flask yaml tldextract pebble acora esmre diff_match_patch bravado_core lz4 vulners ipaddresses subprocess32 After installing any missing operating system packages, use pip to install the remaining modules: sudo pip install pyClamd==0.4.0 PyGithub==1.21.0 GitPython==2.1.15 pybloomfiltermmap==0.3.14 phply==0.9.1 nltk==3.0.1 chardet==3.0.4 tblib==0.2.0 pdfminer==20140328 futures==3.2.0 pyOpenSSL==18.0.0 ndg-httpsclient==0.4.0 pyasn1==0.4.2 lxml==3.4.4 scapy==2.4.0 guess-language==0.2 cluster==1.1.1b3 msgpack==0.5.6 python-ntlm==1.0.1 halberd==0.2.4 darts.util.lru==0.5 Jinja2==2.10 vulndb==0.1.1 markdown==2.6.1 psutil==5.4.8 ds-store==1.1.2 termcolor==1.1.0 mitmproxy==0.13 ruamel.ordereddict==0.4.8 Flask==0.10.1 PyYAML==3.12 tldextract==1.7.2 pebble==4.3.8 acora==2.1 esmre==0.3.1 diff-match-patch==20121119 bravado-core==5.15.0 lz4==1.1.0 vulners==1.3.0 ipaddresses==0.0.2 subprocess32==3.5.4 External programs used by w3af are not installed or were not found.Run these commands to install them on your system: npm install -g retire@2.0.3 npm update -g retire According to Kali's documentation [0] in order to avoid breaking the packaged w3af version you should run the following commands: cd ~ apt-get install -y python-pip pip install --upgrade pip git clone https/github.com/andresriancho/w3af.git cd w3af ./w3af_console . /tmp/w3af_dependency_install.sh [0] http://www.kali.org/kali-monday/bleeding-edge-kali-repositories/ A script with these commands has been created for you at /tmp/w3af_dependency_install.sh
可以看到w3af为我们保存了一个安装脚本,在 /tmp/w3af_dependency_install.sh
。
执行w3af_dependency_install.sh
┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# bash /tmp/w3af_dependency_install.sh
接下来会出现很多次time out报错:
Collecting pdfminer==20140328 Downloading pdfminer-20140328.tar.gz (4.1 MB) |█████████████▌ | 1.7 MB 6.0 kB/s eta 0:06:32ERROR: Exception: Traceback (most recent call last): File "/usr/local/lib/python2.7/dist-packages/pip/_internal/cli/base_command.py", line 223, in _main status = self.run(options, args) File "/usr/local/lib/python2.7/dist-packages/pip/_internal/cli/req_command.py", line 180, in wrapper return func(self, options, args) File "/usr/local/lib/python2.7/dist-packages/pip/_internal/commands/install.py", line 321, in run reqs, check_supported_wheels=not options.target_dir File "/usr/local/lib/python2.7/dist-packages/pip/_internal/resolution/legacy/resolver.py", line 180, in resolve discovered_reqs.extend(self._resolve_one(requirement_set, req)) File "/usr/local/lib/python2.7/dist-packages/pip/_internal/resolution/legacy/resolver.py", line 385, in _resolve_one dist = self._get_dist_for(req_to_install) File "/usr/local/lib/python2.7/dist-packages/pip/_internal/resolution/legacy/resolver.py", line 337, in _get_dist_for dist = self.preparer.prepare_linked_requirement(req) File "/usr/local/lib/python2.7/dist-packages/pip/_internal/operations/prepare.py", line 480, in prepare_linked_requirement return self._prepare_linked_requirement(req, parallel_builds) File "/usr/local/lib/python2.7/dist-packages/pip/_internal/operations/prepare.py", line 505, in _prepare_linked_requirement self.download_dir, hashes, File "/usr/local/lib/python2.7/dist-packages/pip/_internal/operations/prepare.py", line 257, in unpack_url hashes=hashes, File "/usr/local/lib/python2.7/dist-packages/pip/_internal/operations/prepare.py", line 130, in get_http_url from_path, content_type = download(link, temp_dir.path) File "/usr/local/lib/python2.7/dist-packages/pip/_internal/network/download.py", line 163, in __call__ for chunk in chunks: File "/usr/local/lib/python2.7/dist-packages/pip/_internal/cli/progress_bars.py", line 168, in iter for x in it: File "/usr/local/lib/python2.7/dist-packages/pip/_internal/network/utils.py", line 88, in response_chunks decode_content=False, File "/usr/local/lib/python2.7/dist-packages/pip/_vendor/urllib3/response.py", line 576, in stream data = self.read(amt=amt, decode_content=decode_content) File "/usr/local/lib/python2.7/dist-packages/pip/_vendor/urllib3/response.py", line 541, in read raise IncompleteRead(self._fp_bytes_read, self.length_remaining) File "/usr/lib/python2.7/contextlib.py", line 35, in __exit__ self.gen.throw(type, value, traceback) File "/usr/local/lib/python2.7/dist-packages/pip/_vendor/urllib3/response.py", line 451, in _error_catcher raise ReadTimeoutError(self._pool, None, "Read timed out.") ReadTimeoutError: HTTPSConnectionPool(host='files.pythonhosted.org', port=443): Read timed out.
主要原因就是网不好,需要多次尝试,我大概下了20几次把他都下载完了。
最后都下载完成再运行的时候会出现这个:
┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# ./w3af_console External programs used by w3af are not installed or were not found.Run these commands to install them on your system: npm install -g retire@2.0.3 npm update -g retire According to Kali's documentation [0] in order to avoid breaking the packaged w3af version you should run the following commands: cd ~ apt-get install -y python-pip pip install --upgrade pip git clone https/github.com/andresriancho/w3af.git cd w3af ./w3af_console . /tmp/w3af_dependency_install.sh [0] http://www.kali.org/kali-monday/bleeding-edge-kali-repositories/ A script with these commands has been created for you at /tmp/w3af_dependency_install.sh
这是需要你下载retire@2.0.3和升级它
首先安装npm
┌──(root㉿kali)-[/tmp] └─# apt-get install npm 正在读取软件包列表... 完成 正在分析软件包的依赖关系树... 完成 正在读取状态信息... 完成 npm 已经是最新版 (8.12.1~ds1-1)。 下列软件包是自动安装的并且现在不需要了: python3-distlib python3-filelock python3-pip-whl python3-platformdirs python3-setuptools-whl python3-wheel python3-wheel-whl 使用'apt autoremove'来卸载它(它们)。 升级了 0 个软件包,新安装了 0 个软件包,要卸载 0 个软件包,有 475 个软件包未被升级。
然后再执行:
┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# npm install -g retire@2.0.3
启动w3af命令行
在上述安装完毕后,就可以启动w3af命令行版了
┌──(root㉿kali)-[/usr/w3af/w3af-master] └─# ./w3af_console /usr/share/offsec-awae-wheels/pyOpenSSL-19.1.0-py2.py3-none-any.whl/OpenSSL/crypto.py:12: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release. Usage of w3af for sending any traffic to a target without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program. Do you accept the terms and conditions? [N|y] y
加载全部内容