From 5832e3c6bf466590ba8fff3313d550d198c23c20 Mon Sep 17 00:00:00 2001 From: Niels Heinen Date: Thu, 25 Mar 2010 06:43:37 +0000 Subject: skipfish is a high-performance, easy, and sophisticated Web application security testing tool. It features a single-threaded multiplexing HTTP stack, heuristic detection of obscure Web frameworks, and advanced, differential security checks capable of detecting blind injection vulnerabilities, stored XSS, and so forth. PR: ports/144942 Submitted by: Ryan Steinmetz Approved by: itetcu (mentor) WWW: http://code.google.com/p/skipfish/ --- security/skipfish/Makefile | 44 ++++++++++++++++++++++++++++++++++ security/skipfish/distinfo | 3 +++ security/skipfish/files/patch-aa | 15 ++++++++++++ security/skipfish/files/pkg-message.in | 14 +++++++++++ security/skipfish/pkg-descr | 16 +++++++++++++ security/skipfish/pkg-plist | 33 +++++++++++++++++++++++++ 6 files changed, 125 insertions(+) create mode 100644 security/skipfish/Makefile create mode 100644 security/skipfish/distinfo create mode 100644 security/skipfish/files/patch-aa create mode 100644 security/skipfish/files/pkg-message.in create mode 100644 security/skipfish/pkg-descr create mode 100644 security/skipfish/pkg-plist (limited to 'security/skipfish') diff --git a/security/skipfish/Makefile b/security/skipfish/Makefile new file mode 100644 index 000000000000..2877a33203e9 --- /dev/null +++ b/security/skipfish/Makefile @@ -0,0 +1,44 @@ +# New ports collection makefile for: skipfish +# Date created: 2010-03-25 +# Whom: rpsfa@rit.edu +# +# $FreeBSD$ + +PORTNAME= skipfish +PORTVERSION= 1.11b +CATEGORIES= security +MASTER_SITES= ${MASTER_SITE_GOOGLE_CODE} +EXTRACT_SUFX= .tgz + +MAINTAINER= rpsfa@rit.edu +COMMENT= A fully automated, active web application security reconnaissance tool + +LIB_DEPENDS= idn.16:${PORTSDIR}/dns/libidn +SUB_FILES= pkg-message + +WRKSRC= ${WRKDIR}/${PORTNAME} + +.if !defined(NOPORTDOCS) +PORTDOCS= README COPYING ChangeLog +.endif + +post-patch: + @${SED} -ie 's:assets:${DATADIR}/assets:g' ${WRKSRC}/report.c + @${SED} -ie 's:assets/:${DATADIR}/assets/:g' ${WRKSRC}/skipfish.c + @${SED} -ie 's:skipfish.wl:${DATADIR}/dictionaries/default.wl:g' ${WRKSRC}/config.h + +do-install: + ${INSTALL_PROGRAM} ${WRKSRC}/skipfish ${PREFIX}/bin/skipfish + (cd ${WRKSRC}/assets/ && ${COPYTREE_SHARE} . ${DATADIR}/assets/) + (cd ${WRKSRC}/dictionaries/ && ${COPYTREE_SHARE} . ${DATADIR}/dictionaries/) +.if !defined(NOPORTDOCS) + ${MKDIR} ${DOCSDIR} +. for doc in ${PORTDOCS} + ${INSTALL_DATA} ${WRKSRC}/${doc} ${DOCSDIR} +. endfor +.endif + +post-install: + @${CAT} ${PKGMESSAGE} + +.include diff --git a/security/skipfish/distinfo b/security/skipfish/distinfo new file mode 100644 index 000000000000..859908dd874c --- /dev/null +++ b/security/skipfish/distinfo @@ -0,0 +1,3 @@ +MD5 (skipfish-1.11b.tgz) = 49b2e116808688c5e52378dfe568c885 +SHA256 (skipfish-1.11b.tgz) = ed3d45cf54770db9cae12422c36f1e3f90857da4381a47956b355bc9d7f35ea0 +SIZE (skipfish-1.11b.tgz) = 170563 diff --git a/security/skipfish/files/patch-aa b/security/skipfish/files/patch-aa new file mode 100644 index 000000000000..a2206cf2c56f --- /dev/null +++ b/security/skipfish/files/patch-aa @@ -0,0 +1,15 @@ +--- Makefile.orig 2010-03-22 20:34:04.000000000 +0100 ++++ Makefile 2010-03-22 20:34:40.000000000 +0100 +@@ -35,9 +35,9 @@ + + $(PROGNAME): $(PROGNAME).c $(OBJFILES) $(INCFILES) + $(CC) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_OPT) $(OBJFILES) $(LDFLAGS) +- @echo +- @echo "NOTE: See dictionaries/README-FIRST to pick a dictionary for the tool." +- @echo ++# @echo ++# @echo "NOTE: See dictionaries/README-FIRST to pick a dictionary for the tool." ++# @echo + + debug: $(PROGNAME).c $(OBJFILES) $(INCFILES) + $(CC) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_DBG) $(OBJFILES) $(LDFLAGS) diff --git a/security/skipfish/files/pkg-message.in b/security/skipfish/files/pkg-message.in new file mode 100644 index 000000000000..718427e17d8a --- /dev/null +++ b/security/skipfish/files/pkg-message.in @@ -0,0 +1,14 @@ + +****************************************************************** +The FreeBSD port is configured to use the "default" dictionary but +it's highly recommended to read the dictionaries document first in +order to pick the right dictionary + +%%DATADIR%%/dictionaries/README-FIRST + +The skipfish dictionaries have been installed in the following +directory: + +%%DATADIR%%/dictionaries/ +****************************************************************** + diff --git a/security/skipfish/pkg-descr b/security/skipfish/pkg-descr new file mode 100644 index 000000000000..819ebc7b3ded --- /dev/null +++ b/security/skipfish/pkg-descr @@ -0,0 +1,16 @@ +A fully automated, active web application security reconnaissance +tool. Key features: + +* High speed: pure C code, highly optimized HTTP handling, minimal + CPU footprint - easily achieving 2000 requests per second with + responsive targets. + +* Ease of use: heuristics to support a variety of quirky web + frameworks and mixed-technology sites, with automatic learning + capabilities, on-the-fly wordlist creation, and form autocompletion. + +* Cutting-edge security logic: high quality, low false positive, + differential security checks, capable of spotting a range of subtle + flaws, including blind injection vectors. + +WWW: http://code.google.com/p/skipfish diff --git a/security/skipfish/pkg-plist b/security/skipfish/pkg-plist new file mode 100644 index 000000000000..0568983ca6f2 --- /dev/null +++ b/security/skipfish/pkg-plist @@ -0,0 +1,33 @@ +bin/skipfish +%%DATADIR%%/assets/COPYING +%%DATADIR%%/assets/i_high.png +%%DATADIR%%/assets/i_low.png +%%DATADIR%%/assets/i_medium.png +%%DATADIR%%/assets/i_note.png +%%DATADIR%%/assets/i_warn.png +%%DATADIR%%/assets/index.html +%%DATADIR%%/assets/mime_entry.png +%%DATADIR%%/assets/n_children.png +%%DATADIR%%/assets/n_clone.png +%%DATADIR%%/assets/n_collapsed.png +%%DATADIR%%/assets/n_expanded.png +%%DATADIR%%/assets/n_failed.png +%%DATADIR%%/assets/n_maybe_missing.png +%%DATADIR%%/assets/n_missing.png +%%DATADIR%%/assets/n_unlinked.png +%%DATADIR%%/assets/p_dir.png +%%DATADIR%%/assets/p_file.png +%%DATADIR%%/assets/p_param.png +%%DATADIR%%/assets/p_pinfo.png +%%DATADIR%%/assets/p_serv.png +%%DATADIR%%/assets/p_unknown.png +%%DATADIR%%/assets/p_value.png +%%DATADIR%%/assets/sf_name.png +%%DATADIR%%/dictionaries/README-FIRST +%%DATADIR%%/dictionaries/complete.wl +%%DATADIR%%/dictionaries/default.wl +%%DATADIR%%/dictionaries/extensions-only.wl +%%DATADIR%%/dictionaries/minimal.wl +@dirrm %%DATADIR%%/dictionaries +@dirrm %%DATADIR%%/assets +@dirrm %%DATADIR%% -- cgit v1.2.3