This HowTo will describe how to get W3af 1.6 running on a CentOS 6.5 system with Python 2.7.6.
I will not go into the running and configuring of W3af, only get it up and running.
At the time of writing this, it is only the w3af_console that have been bug fixed according to this Bug Report.
Since CentOS 6.x comes with Python 2.6.6 we need to install Python 2.7.6, I found this guide.
I desided to install Python 2.7.6 with UTF-32 support (--enable-unicode=ucs4).
Installing Python 2.7.6:
Prerequisites:
Shared library:
Edit /etc/ld.so.conf in a text editor and add the path /usr/local/lib to the end of it
And then run this command: /sbin/ldconfig
Download, compile and install Python 2.7.6:
You should now have a working version of Python 2.7.6, you can test this by running this command: python2.7 --version
The above command should show the following: Python 2.7.6
Now that we have a working version of Python 2.7.6 we can install Setuptools and pip to it.
Installing Setuptools:
Installing Pip:
Now that we have pip installed for Python 2.7.6, we can use it this way:
pip2.7 install [packagename]
pip2.7 install --upgrade [packagename]
pip2.7 uninstall [packagename]
Now that we have a working Python 2.7.6 with setuptools and pip working we can move on to installing W3af 1.6.
Download and installing W3af:
We can now try and run the w3af_console with following command: ./w3af_console
This command will do some prerequisit checks, and it will output the following:
We recommend you install pip before continuing.
http://www.pip-installer.org/en/latest/installing.html
w3af's requirements are not met, one or more third-party libraries need to be installed.
On Debian systems please install the following operating system packages before running the pip installer:
sudo apt-get install build-essential python-setuptools git python-pip libssl-dev python2.7-dev libsqlite3-dev libxslt1-dev libyaml-dev libxml2-dev python-pip
Your python installation needs the following modules to run w3af:
clamd github git.util pybloomfilter esmre phply nltk chardet pdfminer concurrent.futures scapy.config guess_language cluster msgpack ntlm Halberd
After installing any missing operating system packages, use pip to install the remaining modules:
sudo pip install clamd==1.0.1 PyGithub==1.21.0 GitPython==0.3.2.RC1 pybloomfiltermmap==0.3.11 esmre==0.3.1 nltk==2.0.4 chardet==2.1.1 pdfminer==20110515 futures==2.1.5 scapy-real==2.2.0-dev guess-language==0.2 cluster==1.1.1b3 msgpack-python==0.2.4 python-ntlm==1.0.1 halberd==0.2.4
sudo pip install --ignore-installed git+https://github.com/andresriancho/phply.git#egg=phply
A script with these commands has been created for you at /tmp/w3af_dependency_install.sh
So the first thing we notice is that it is giving a sudo apt-get command, which means that we dident get the CentOS 6.x bug fixed version, so we need to run the following commands:
We can now run the ./w3af_console command again: ./w3af_console
And this time it will output the following:
We recommend you install pip before continuing.
http://www.pip-installer.org/en/latest/installing.html
w3af's requirements are not met, one or more third-party libraries need to be installed.
On CentOS systems please install the following operating system packages before running the pip installer:
sudo yum install python-pip python-setuptools libsqlite3x-devel python-pip
Your python installation needs the following modules to run w3af:
clamd github git.util pybloomfilter esmre phply nltk chardet pdfminer concurrent.futures scapy.config guess_language cluster msgpack ntlm Halberd
After installing any missing operating system packages, use pip to install the remaining modules:
sudo pip-python install clamd==1.0.1 PyGithub==1.21.0 GitPython==0.3.2.RC1 pybloomfiltermmap==0.3.11 esmre==0.3.1 nltk==2.0.4 chardet==2.1.1 pdfminer==20110515 futures==2.1.5 scapy-real==2.2.0-dev guess-language==0.2 cluster==1.1.1b3 msgpack-python==0.2.4 python-ntlm==1.0.1 halberd==0.2.4
sudo pip-python install --ignore-installed git+https://github.com/andresriancho/phply.git#egg=phply
A script with these commands has been created for you at /tmp/w3af_dependency_install.sh
Now if we try and run the /tmp/w3af_dependency_install.sh as suggested we wont get the alle the prerequisites installed.
So we need some more files installed on our system to make sure that W3af will run on CentOs 6.5, according to the dependency check done by W3af we should have the following packages on the system:
python-pip, python-devel, python-setuptools, libsqlite3x-devel, gcc-c++ ,gcc, make, git, libxml2-devel, libxslt-devel, pyOpenSSL, openssl-devel, libcom_err-devel, libcom_err
If we looke at the above prerequisites, we will see that this is looking for the following:
python-pip (This will result in the python-pip for Python 2.6.6, and we have allready installed pip for Python 2.7.6)
python-devel (This will result in the python-devel for Python 2.6.6, and we have allready installed with Python 2.7.6)
python-setuptools (This will result in the python-setuptools for Python 2.6.6, and we have allready installed Setuptools for Python 2.7.6)
libsqlite3x-devel (This will fail if we try to install it, since this is the package name for a Debian type system, as far as I can find this is called sqlite-devel on a CentOS 6.x system)
gcc-c++ (This was installed by the above yum groupinstall "Development tools" command according to this.)
gcc (This was installed by the above yum groupinstall "Development tools" command according to this.)
make (This was installed by the above yum groupinstall "Development tools" command according to this.)
git (Needs to be installed)
libxml2-devel (Needs to be installed)
libxslt-devel (Needs to be installed)
pyOpenSSL (Needs to be installed)
openssl-devel (Needs to be installed)
libcom_err-devel (Should be installed)
libcom_err (Should be installed)
As you can see above we could have some conflicts with the default Python 2.6.6 packages but this should not be a problem (at least not from the testing that i have done so far).
Prerequisites:
If we run the w3af_console command now it will still complain abot the requirements, this is due to the fact that the requirement check is looking for a Debian package whit we cannot install on CentOS 6.5,
so we need to change the requirement check for CentOS by doing the following:
We should now meet the requirements needed by W3af to continue to the Python requirements, but since we have installed Python 2.7.6 on the system we cannot use the suggested command:
sudo pip-python install clamd==1.0.1 PyGithub==1.21.0 GitPython==0.3.2.RC1 pybloomfiltermmap==0.3.11 esmre==0.3.1 nltk==2.0.4 chardet==2.1.1 pdfminer==20110515 futures==2.1.5 scapy-real==2.2.0-dev guess-language==0.2 cluster==1.1.1b3 msgpack-python==0.2.4 python-ntlm==1.0.1 halberd==0.2.4
Becaurse this will install the Python module for the default Python 2.6.6, and W3af needs Python 2.7.6 we need to run this command:
1: pip2.7 install clamd==1.0.1 PyGithub==1.21.0 GitPython==0.3.2.RC1 pybloomfiltermmap==0.3.11 esmre==0.3.1 nltk==2.0.4 chardet==2.1.1 pdfminer==20110515 futures==2.1.5 scapy-real==2.2.0-dev guess-language==0.2 cluster==1.1.1b3 msgpack-python==0.2.4 python-ntlm==1.0.1 halberd==0.2.4
As the quick and bright have seen from the above command W3af can use Clamd, which is not installed on the system yet, so to install this we need to install the EPEL repo (Or if you prefer another repo which have the Clamd package).
Installing the EPEL repo:
We should now have the EPEL repo installed, and can now install Clamd:
Now we only need the last requirement for W3af to run, and that is the phply module, so lets install this.
Installing phply:
Now we only need to have the w3af_console use the installed Python 2.7.6, this is done by editing the w3af_console file:
Now we should be able to run the w3af_console command and see it start up, and be running.
Happy W3af running :)