Tuesday, October 31, 2006

Pantera Web Assessment Studio on Mac OSX

Recently a new web-app testing tool was donated to the OWASP project. This tool, Pantera can be installed on Mac OSX(Intel), using the following instructions:

1.) Download the pyOpenSSL python module from here.

2.) Cd into the directory and run the command python setup.py build.

3.) Install the module, python setup.py install.

4.) Download the MAC OSX binary package of the MySQL database from the mySQL site.

5.) Install MySQL according to these instructions.

6.) Start MySQL by running the follwing commands:
shell> cd /usr/local/mysql
shell> sudo ./bin/mysqld_safe
(ENTER YOUR PASSWORD, IF NECESSARY)
(PRESS CONTROL-Z)
shell> bg
(PRESS CONTROL-D OR ENTER "EXIT" TO EXIT THE SHELL)

7.) Download mysql-python from here.

8.) You will need to modify your pather varible to get the mysql-python package to compile correctly. First run the command, set | grep PATH you should get something resembling PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin now cut and paste that output and append "/usr/local/mysql/bin" to the end so that your resulting command should look something like:
PATH=/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin:/usr/local/mysql/bin.

9.) Now run python setup.py build from inside the mysql-python directory. When that completes run python setup.py install.

10.) Next we need to configure the pantera database. Do this by running mysql -u root and then CREATE DATABASE pantera; from the mysql prompt.

11.) **optional, feel free to lockdown the mysql database and assign a password to root at this point. Google and the pantera documentation are your friends for this.

12.) After you have created the database, from inside the pantera directory, run the following command: mysql -u root panteradb < doc/pantera_sql_create_script.txt

13.) Now, you are almost ready to run pantera. However, the panteraPlugins.py file seems to have a syntax error in it. So, use vi to edit the file. Skip down to line 458 and insert a # sign in from of the line reading "remove(c for c in self.plugin_list if c == d)"

14.) Once this is done, edit the panteracfg.xml file to include your database username and password. If you skipped step #11 above, then you just need to modify the db_login to look like: root

15.) Configure firefox to use 127.0.0.1 port 8080 as your proxy, run the command python pantera.py from inside the pantera directory, and point your browser to http://pantera.
Posted by at No comments:

Monday, October 23, 2006

Ruby on Rails for Gentoo

First use emerge to install Ruby, next use emerge to install "rubygems"..

Now you can use rubygems to install Rails, ActiveRecord, etc.. You will need to answer Y to each of the dependencies.


# gem install rails
Bulk updating Gem source index for: http://gems.rubyforge.org
Install required dependency rake? [Yn]
Install required dependency activesupport? [Yn]
Install required dependency activerecord? [Yn]
Install required dependency actionpack? [Yn]
Install required dependency actionmailer? [Yn]
Install required dependency actionwebservice? [Yn]
Successfully installed rails-1.1.6
Successfully installed rake-0.7.1
Successfully installed activesupport-1.3.1
Successfully installed activerecord-1.14.4
Successfully installed actionpack-1.12.5
Successfully installed actionmailer-1.2.5
Successfully installed actionwebservice-1.1.6
Installing ri documentation for rake-0.7.1...
Installing ri documentation for activesupport-1.3.1...
While generating documentation for activesupport-1.3.1
... MESSAGE: Unhandled special: Special: type=17, text=""
... RDOC args: --ri --op /usr/lib/ruby/gems/1.8/doc/activesupport-1.3.1/ri --qui et lib
(continuing with the rest of the installation)
Installing ri documentation for activerecord-1.14.4...
Installing ri documentation for actionpack-1.12.5...
While generating documentation for actionpack-1.12.5
... MESSAGE: Unhandled special: Special: type=17, text=""
... RDOC args: --ri --op /usr/lib/ruby/gems/1.8/doc/actionpack-1.12.5/ri --quiet lib
(continuing with the rest of the installation)
Installing ri documentation for actionmailer-1.2.5...
Installing ri documentation for actionwebservice-1.1.6...
Installing RDoc documentation for rake-0.7.1...
Installing RDoc documentation for activesupport-1.3.1...
Installing RDoc documentation for activerecord-1.14.4...

Installing RDoc documentation for actionpack-1.12.5...
Installing RDoc documentation for actionmailer-1.2.5...
Installing RDoc documentation for actionwebservice-1.1.6...



After this completes, you can now create a test rails project by issuing the command: "rails test", after changing to your web directory (/var/www/localhost/htdocs/) by default.

# cd /var/www/localhost/htdocs/
# rails photos
create
create app/controllers
create app/helpers
create app/models
create app/views/layouts
create config/environments
create components
create db
create doc
create lib
create lib/tasks
[...SNIP...]

You can now start the WeBrick webserver included with Rails.

# ruby ./script/server -d test
=> Booting WEBrick...
=> Rails application started on http://0.0.0.0:3000
[2006-10-23 12:52:56] INFO WEBrick 1.3.1
[2006-10-23 12:52:56] INFO ruby 1.8.5 (2006-08-25) [i686-linux]

At this point you should be able to point your browser to http://127.0.0.1:3000/ and get the Ruby on Rails Welcome page.

For more information on integration your Ruby on Rails installation with apache2 and FastCGI, please refer to: http://gentoo-wiki.com/HOWTO_RoR.
Posted by at No comments:
Subscribe to: Posts (Atom)