Changed version number from SVN to 2.3.0

Author: devloop

README

@@ -1,4 +1,4 @@
-                                WAPITI - VERSION SVN
+                                WAPITI - VERSION 2.3.0
                     Wapiti is a web application security auditor.
                            http://wapiti.sourceforge.net/
                       http://www.ict-romulus.eu/web/wapiti/home
@@ -109,6 +109,7 @@ You can :
 + Create some tools to convert cookies from browsers to Wapiti JSON format
 + Improve the Flash SWF parser (write a basic ABC interpreter ?)
 + Create a tool to convert PCAP files to Wapiti XML status files
++ Translate Wapiti in your language
 + Talk about Wapiti around you
 
 
@@ -154,7 +155,13 @@ Source code structure (wapitiCore directory)
 |   |   |-- es
 |   |   |   `-- LC_MESSAGES
 |   |   |       `-- wapiti.mo
-|   |   `-- fr
+|   |   |-- de
+|   |   |   `-- LC_MESSAGES
+|   |   |       `-- wapiti.mo
+|   |   |-- fr
+|   |   |   `-- LC_MESSAGES
+|   |   |       `-- wapiti.mo
+|   |   `-- ms
 |   |       `-- LC_MESSAGES
 |   |           `-- wapiti.mo
 |   |
@@ -212,17 +219,17 @@ Source code structure (wapitiCore directory)
 |   |-- vulneranetxmlreportgenerator.py
 |   `-- xmlreportgenerator.py
 |
-|-- report_template  # Template used for HTML reports
+`-- report_template  # Template used for HTML reports
     |-- css
     |   |-- kube.css
     |   |-- kube.min.css
     |   `-- master.css
     |-- index.html
-    `-- js
-        |-- jquery-1.9.1.min.js
-        |-- kube.buttons.js
-        `-- kube.tabs.js
- 
+    |-- js
+    |   |-- jquery-1.9.1.min.js
+    |   |-- kube.buttons.js
+    |    `-- kube.tabs.js
+    `-- logo_clear.png
 
 Licensing
 =========

VERSION

@@ -1,2 +1,2 @@
-Wapiti SVN
+Wapiti 2.3.0
 lswww 2.3.1

bin/wapiti

@@ -23,7 +23,7 @@ import urlparse
 import time
 
 BASE_DIR = None
-WAPITI_VERSION = "Wapiti SVN"
+WAPITI_VERSION = "Wapiti 2.3.0"
 
 if hasattr(sys, "frozen"):
     # For py2exe
@@ -321,7 +321,7 @@ if __name__ == "__main__":
         crawlerFile = None
         attackFile = None
 
-        print(_("Wapiti-SVN (wapiti.sourceforge.net)"))
+        print(_("Wapiti-2.3.0 (wapiti.sourceforge.net)"))
 
         # Fix bor bug #31
         if sys.getdefaultencoding() != "utf-8":

doc/AUTHORS

@@ -2,10 +2,10 @@ Main Developer - Nicolas Surribas <nicolas.surribas (at) gmail.com>
 http://devloop.users.sourceforge.net/
 http://wapiti.sourceforge.net/
 
-Developer: David del Pozo
-Company: Informática Gesfor
-ITC Romulus Project: http://www.ict-romulus.eu/
-
-Developer: Alberto Pastor
-Company: Informática Gesfor
-ITC Romulus Project: http://www.ict-romulus.eu/
+A Special thanks to the following people for the work on the version 2.3.0 :
+* David del Pozo (spanish translations)
+* Alberto Pastor (spanish translations)
+* Mattia Barbon  (bugfixing and testing)
+* Le Gnou & Ecirbaf from www.gimp-attitude.org (new logo)
+* int23h (german translations)
+* Sindhu Kumar (malaysian translations and Windows testing)

doc/ChangeLog_Wapiti

@@ -1,5 +1,5 @@
-XX/XX/2013
-	Version X.X.X
+20/10/2013
+	Version 2.3.0
 	Fixed a colosseum of bugs, especially related to unicode.
 	Software is much more stable.
 	New report template for HTML (using Kube CSS).
@@ -27,12 +27,14 @@ XX/XX/2013
 	Can work on parameters that don't have a value in query string.
 	mod_crlf is not activated by default anymore (must call it with -m).
 	Startings URLs (-s) will be fetched even if out of scope.
-	Proxy support for wapiti-getcookie.py. and wapiti-cookie.py.
+	Proxy support for wapiti-getcookie. and wapiti-cookie.
 	Attempt to bring an OpenVAS report generator.
 	Added an home-made SWF parser to extract URLs from flash files.
 	Added an home-made (and more than basic) JS interpreter based on the
 	pynarcissus parser. Lot of work still needs to be done on this.
 	New logo and webpage at wapiti.sf.net.
+	Added german and malaysian translations.
+	Added a script to create standalone archive for Windows (with py2exe).
 
 29/12/2009
     Version 2.2.1 (already)

doc/example.txt

@@ -15,7 +15,7 @@ Then, I scan the vulnerable website using the cookie and excluding the logout sc
 
 bash-4.2$ wapiti http://127.0.0.1/vuln/ -c cookies.json -x http://127.0.0.1/vuln/logout.php
 
-Wapiti-SVN (wapiti.sourceforge.net)
+Wapiti-2.3.0 (wapiti.sourceforge.net)
 
  Note
 ========

doc/wapiti.1.gz

@@ -9,7 +9,7 @@
 if "py2exe" not in sys.argv:
     sys.argv.append("py2exe")
 
-VERSION = "SVN"
+VERSION = "2.3.0"
 
 
 # Build file lists

make_exe.py

@@ -1,7 +1,7 @@
 #!/usr/bin/python
 from setuptools import setup, find_packages
 
-VERSION = "SVN"
+VERSION = "2.3.0"
 DOC_DIR = "share/doc/wapiti"
 
 doc_and_conf_files = []

setup.py

@@ -46,7 +46,7 @@ def attackGET(self, http_res):
         if referer:
             headers["referer"] = referer
 
-        payload = self.HTTP.quote("http://www.google.fr\r\nwapiti: SVN version")
+        payload = self.HTTP.quote("http://www.google.fr\r\nwapiti: 2.3.0 version")
         if not params_list:
             # Do not attack application-type files
             if not "content-type" in resp_headers:

wapitiCore/attack/mod_crlf.py

@@ -135,7 +135,6 @@ def attack(self, urls, forms):
                     else:
                         print(u"+ {0}".format(evil_req.http_repr))
                 except Exception, e:
-                    # TODO: deal with unicode problems when we extract urls from nikto_db
                     continue
 
             try:

wapitiCore/attack/mod_nikto.py

@@ -158,7 +158,7 @@ msgstr "Öffnen Sie {0}/index.html in einem Browser um diesen Bericht zu sehen."
 #: ../wapiti.py:410
 msgid "wapitiDoc"
 msgstr ""
-"Wapiti-SVN - Sicherheitsscanner für Webanwendungen \n"
+"Wapiti-2.3.0 - Sicherheitsscanner für Webanwendungen \n"
 " \n"
 " Befehlszeile: python wapiti.py http://server.com/base/url/ [Optionen] \n"
 " \n"
@@ -274,8 +274,8 @@ msgstr ""
 " "
 
 #: ../wapiti.py:418
-msgid "Wapiti-SVN (wapiti.sourceforge.net)"
-msgstr "Wapiti-SVN (wapiti.sourceforge.net)"
+msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)"
+msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)"
 
 #: ../wapiti.py:549
 msgid "File {0} loaded. Wapiti will use it to perform the attack"

wapitiCore/config/language/de/LC_MESSAGES/wapiti.mo

@@ -158,7 +158,7 @@ msgstr "Open {0}/index.html with a browser to see this report."
 #: ../wapiti.py:410
 msgid "wapitiDoc"
 msgstr ""
-"Wapiti-SVN - Web application vulnerability scanner \n"
+"Wapiti-2.3.0 - Web application vulnerability scanner \n"
 " \n"
 " Usage: python wapiti.py http://server.com/base/url/ [options] \n"
 " \n"
@@ -274,8 +274,8 @@ msgstr ""
 " "
 
 #: ../wapiti.py:418
-msgid "Wapiti-SVN (wapiti.sourceforge.net)"
-msgstr "Wapiti-SVN (wapiti.sourceforge.net)"
+msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)"
+msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)"
 
 #: ../wapiti.py:549
 msgid "File {0} loaded. Wapiti will use it to perform the attack"

wapitiCore/config/language/en/LC_MESSAGES/wapiti.mo

@@ -162,7 +162,7 @@ msgstr "Abrir {0}/index.html con el navegador para ver el informe"
 #: ../wapiti.py:410
 msgid "wapitiDoc"
 msgstr ""
-"Wapiti-SVN - Web application vulnerability scanner \n"
+"Wapiti-2.3.0 - Web application vulnerability scanner \n"
 " \n"
 " Uso: python wapiti.py http://server.com/base/url/ [options] \n"
 " \n"
@@ -274,8 +274,8 @@ msgstr ""
 " "
 
 #: ../wapiti.py:418
-msgid "Wapiti-SVN (wapiti.sourceforge.net)"
-msgstr "Wapiti-SVN (wapiti.sourceforge.net)"
+msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)"
+msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)"
 
 #: ../wapiti.py:549
 msgid "File {0} loaded. Wapiti will use it to perform the attack"

wapitiCore/config/language/es/LC_MESSAGES/wapiti.mo

@@ -17,7 +17,7 @@ msgstr ""
 
 #: ../vulnerability.py:23
 msgid "  Evil url: {0}"
-msgstr ""
+msgstr "  Evil url: {0}"
 
 #: ../vulnerability.py:24
 msgid "{0} in {1} via injection in the parameter {2}"
@@ -41,7 +41,7 @@ msgstr "Paramètre en cause : {0}"
 
 #: ../vulnerability.py:29
 msgid "Evil request:"
-msgstr ""
+msgstr "Evil request:"
 
 #: ../vulnerability.py:67
 msgid "SQL Injection"
@@ -158,7 +158,7 @@ msgstr "Ouvrez {0}/index.html dans un navigateur pour voir ce rapport."
 #: ../wapiti.py:410
 msgid "wapitiDoc"
 msgstr ""
-"Wapiti-SVN - Un scanneur de vulnérabilités pour applications web \n"
+"Wapiti-2.3.0 - Un scanneur de vulnérabilités pour applications web \n"
 " \n"
 " Mode d'emploi : python wapiti.py http://server.com/base/url/ [options] \n"
 " \n"
@@ -273,16 +273,16 @@ msgstr ""
 " "
 
 #: ../wapiti.py:418
-msgid "Wapiti-SVN (wapiti.sourceforge.net)"
-msgstr ""
+msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)"
+msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)"
 
 #: ../wapiti.py:549
 msgid "File {0} loaded. Wapiti will use it to perform the attack"
 msgstr "Fichier {0} chargé. Wapiti va s'en servir pour effectuer l'attaque"
 
 #: ../attack/attack.py:166
 msgid "+ attackGET {0}"
-msgstr ""
+msgstr "+ attackGET {0}"
 
 #: ../attack/attack.py:171 ../attack/attack.py:185
 #: ../attack/mod_permanentxss.py:87 ../attack/mod_permanentxss.py:89
@@ -328,7 +328,7 @@ msgstr "Injection CRLF"
 
 #: ../attack/mod_crlf.py:70 ../attack/mod_crlf.py:77
 msgid "(QUERY_STRING)"
-msgstr ""
+msgstr "(QUERY_STRING)"
 
 #: ../attack/mod_crlf.py:121
 msgid "Error: The server did not understand this request"
@@ -408,7 +408,7 @@ msgstr "Code source :"
 
 #: ../attack/mod_htaccess.py:94
 msgid "{0} HtAccess"
-msgstr ""
+msgstr "{0} HtAccess"
 
 #: ../attack/mod_htaccess.py:95
 msgid "  .htaccess bypass vulnerability: {0}"
@@ -529,7 +529,7 @@ msgstr "Veuillez renseignr les champs pour le formulaire suivant : "
 
 #: ../net/getcookie.py:121
 msgid "url = {0}"
-msgstr ""
+msgstr "url = {0}"
 
 #: ../net/cookie.py:75
 msgid "Error getting url {0}"
@@ -593,7 +593,7 @@ msgstr "Pour reprendre ce scan, vous pouvez lancer wapiti avec l'option \"-i\""
 
 #: ../net/lswww.py:729
 msgid "URLs"
-msgstr ""
+msgstr "URLs"
 
 #: ../net/lswww.py:736
 msgid "Forms Info"
@@ -625,19 +625,19 @@ msgstr " * Méthode : {0}"
 
 #: ../net/lswww.py:1016
 msgid " * Intputs:"
-msgstr ""
+msgstr " * Intputs:"
 
 #: ../net/lswww.py:1021
 msgid " * Selects:"
-msgstr ""
+msgstr " * Selects:"
 
 #: ../net/lswww.py:1026
 msgid " * TextAreas:"
-msgstr ""
+msgstr " * TextAreas:"
 
 #: ../net/lswww.py:1032
 msgid "URLS"
-msgstr ""
+msgstr "URLS"
 
 #: ../report/txtreportgenerator.py:69
 msgid "Report for {0}\n"
@@ -657,11 +657,11 @@ msgstr "Résumé des vulnérabilités :"
 
 #: ../report/txtreportgenerator.py:78
 msgid "{0} : {1:>3}\n"
-msgstr ""
+msgstr "{0} : {1:>3}\n"
 
 #: ../report/txtreportgenerator.py:88 ../report/txtreportgenerator.py:105
 msgid "Evil request:\n"
-msgstr ""
+msgstr "Evil request:\n"
 
 #: ../report/txtreportgenerator.py:91
 msgid "cURL command PoC : \"{0}\""

wapitiCore/config/language/fr/LC_MESSAGES/wapiti.mo

@@ -158,7 +158,7 @@ msgstr "Buka {0}/index.html dengan pelayar web untuk melihat laporan ini."
 #: ../wapiti.py:410
 msgid "wapitiDoc"
 msgstr ""
-"Wapiti-SVN - Pengimbas kerentanan aplikasi web dan sekuriti auditor \n"
+"Wapiti-2.3.0 - Pengimbas kerentanan aplikasi web dan sekuriti auditor \n"
 " \n"
 " Usage: python wapiti.py http://server.com/base/url/ [options] \n"
 " \n"
@@ -274,8 +274,8 @@ msgstr ""
 " "
 
 #: ../wapiti.py:418
-msgid "Wapiti-SVN (wapiti.sourceforge.net)"
-msgstr "Wapiti-SVN (wapiti.sourceforge.net)"
+msgid "Wapiti-2.3.0 (wapiti.sourceforge.net)"
+msgstr "Wapiti-2.3.0 (wapiti.sourceforge.net)"
 
 #: ../wapiti.py:549
 msgid "File {0} loaded. Wapiti will use it to perform the attack"

wapitiCore/config/language/ms/LC_MESSAGES/wapiti.mo

@@ -147,7 +147,6 @@ def __hash__(self):
             post_kv = tuple([tuple(param) for param in self._post_params])
             file_kv = tuple([tuple([param[0], param[1][0]]) for param in self._file_params])
 
-            # TODO: should the referer be in the hash ?
             self._cached_hash = hash((self._method, self._resource_path,
                                       get_kv, post_kv, file_kv))
         return self._cached_hash
@@ -518,7 +517,6 @@ def send(self, target, method="",
                     if not file_data:
                         _headers.update({'content-type': 'application/x-www-form-urlencoded'})
 
-                    # TODO: For POST use the TooManyRedirects exception instead ?
                     resp = self.h.post(target.path,
                                        params=get_data,
                                        data=post_data,

wapitiCore/language_sources/de.po

@@ -65,7 +65,6 @@ class CrawlerPersister(object):
     browsed = []
     # forms contains only POST resources
     forms = []
-    #TODO? Keep it for the moment
     uploads = []
     headers = {}
     rootURL = ""