Kali-安装W3af踩坑记录

总字符数: 2.47K

代码: 2.11K, 文本: 0.16K

预计阅读时间: 10 分钟

w3af是web application attack and audit framework (web应用攻击和安全审计框架)的缩写.

他是一个开源的Web应用安全扫描器和漏洞利用工具

https://docs.w3af.org/en/latest/

w3af仅支持Python2.x版本,不支持3.x

下载w3af

┌──(kali㉿kali)-[/opt/漏洞分析]  
└─$ cd /opt/漏洞利用/  
┌──(kali㉿kali)-[/opt/漏洞分析]  
└─$ sudo git clone --depth 1 https://github.com/andresriancho/w3af.git

查看Python版本

w3af只支持2.x版本的python

1 2	┌──(kali㉿kali)-[/opt/漏洞分析] └─$ python --version

如果是3.x的版本,再用下面这条命令看kali上面装了几个python版本,一般是3个

1	ll /usr/bin grep python

切换python版本

┌──(kali㉿kali)-[/opt/漏洞分析]  
└─$ update-alternatives --install /usr/bin/python python /usr/bin/python2.7 1  
update-alternatives: 使用 /usr/bin/python2.7 来在自动模式中提供 /usr/bin/python (python)  
┌──(kali㉿kali)-[/opt/漏洞分析]  
└─$ python --version  
Python 2.7.18

安装PIP

┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
└─$ sudo wget https://bootstrap.pypa.io/pip/2.7/get-pip.py           
┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
└─$ sudo python get-pip.py  
┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
└─$ sudo pip config set global.index-url https://pypi.tuna.tsinghua.edu.cn/simple          
┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
└─$ sudo pip install jsonschema==2.6.0  
┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
└─$ sudo bash /tmp/w3af_dependency_install.sh

安装Npm

 ┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
 └─$ sudo apt-get install npm  
 ┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
 └─$ sudo npm install -g retire@2.0.3  
 ┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
 └─$ sudo npm update -g retire

启动w3af

1 2	chown root:root /tmp/w3af_dependency_install.sh vim w3af_console

注释掉dependency_check()函数,在第13行不注释有的即使装了环境也无法启动

┌──(root㉿kali)-[/opt/漏洞分析/w3af]  
└─# ./w3af_console   
/usr/share/offsec-awae-wheels/pyOpenSSL-19.1.0-py2.py3-none-any.whl/OpenSSL/crypto.py:12: CryptographyDeprecationWarning: Python 2 is no longer supported by the Python core team. Support for it is now deprecated in cryptography, and will be removed in the next release.  
Usage of w3af for sending any traffic to a target without prior mutual consent is illegal. It is the end user's responsibility to obey all applicable local, state and federal laws. Developers assume no liability and are not responsible for any misuse or damage caused by this program.  

Do you accept the terms and conditions? [Ny] y  
w3af>>> exit

设置环境变量

┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
└─$ sudo vim /etc/profile   

# 添加在最后一行
export PATH=$PATH:/opt/漏洞分析/w3af  


┌──(kali㉿kali)-[/opt/漏洞分析/w3af]  
└─$ sudo source /etc/profile