This repository contains all files required to build the w3af package for Kali.
Before running these steps manually note that the steps outlined in this README.md are automated in w3af-kali-ci and this workflow is much simpler:
- Tag a new release in
w3af - Apply changes to this repository
- Rebuild w3af-kali-ci to test the changes in this repository
Building a new Kali package for w3af requires these steps to be completed:
sudo apt-get install -y devscripts git-buildpackage debhelper debootstrap python-allgit clone [email protected]:andresriancho/w3af-kali.git
cd w3af-kali
git checkout --track origin/upstream
git checkout --track origin/pristine-tar
git checkout masterThe Kali developers are really active and might add more patches or package dependencies. So before performing any change on our side, lets pull from upstream:
git remote add kali-upstream git://git.kali.org/packages/w3af.git
git fetch -v kali-upstream
git checkout master
git merge kali-upstream/masterWhen the code being packaged needs to be updated you'll have to tag it in the w3af
repository:
# Tag the new release in the w3af repository changing the $VERSION
cd w3af/
git tag $VERSION
git push origin --tagsAnd now in w3af-kali:
cd w3af-kali/
# Define the version
VERSION=`python get-latest-w3af-tag.py`
# This downloads the updated tagged version from your git repo
uscan --force-download --verbose
git-import-orig ../$VERSION.tar.gz --upstream-version=$VERSIONw3af's dependencies change frequently and are listed
here.
When we add a new dependency to upstream we then add extra work to the packaging
process. These are some of the recommended steps to follow to make sure all
dependencies are up to date:
-
Check requirements.py file history to identify any changes
-
Find the two
Depends:entries in the debian/control file and make sure allpipandOSpackages fromrequirements.pyare listed there. It's important to identify the version of each Kali package, please verify the versions using http://pkg.kali.org/ -
If there is a missing library that needs to be packaged contact the Kali developers
cd w3af-kali/
# Add the new release changelog entry, pointing to the right version
# so dpkg-buildpackage can find the tgz
dch -v $VERSION-0kali1 -D kali -M --force-distribution
git commit debian/changelog -m $VERSION
dpkg-checkbuilddeps
# -uc and -us disable PGP signing (which we don't need, Kali devs will
# sign the final package)
#
# --git-ignore-new ignores any changes to the local directory
#
# -b builds binary only package
git-buildpackage --git-ignore-new -b -uc -usThe last command can fail because of one of the following:
- Outdated patches (
Hunk #1 FAILED at), which you fix using quilt
git checkout $W3AF_FILE_TO_PATCH
# Edit the file with the changes you want to be in the debian package
subl $W3AF_FILE_TO_PATCH
quilt refresh
quilt pop
quilt push $PATCH_NAME- Get the latest
w3af-kalidocker from the registry. The image includesdjango-mothand somew3afdependencies:
sudo docker pull andresriancho/w3af-kali- Update the image with your local changes by running a build:
cd w3af-kali/docker/
sudo docker build -t andresriancho/w3af-kali .- Prepare the test files and run the container:
cd w3af-kali/docker/
cp ../../*$VERSION*.deb .
sudo docker run -v `pwd`:/w3af/ -i -t --name w3af-kali --rm andresriancho/w3af-kali $VERSIONIf the return code of the command is 0 then w3af was properly installed and the scan
found all the expected vulnerabilities.
git push
git push origin pristine-tar
git push origin upstreamPushing to Kali repositories is not under our control, so we need to bother one of the Kali maintainers.
Once they push the package we can see it here.
This repository is a copy of Kali Linux's w3af repository which was created using these commands:
cd /tmp/
apt-get source w3af
git-import-dsc w3af*.dsc
cd w3af
git push --mirror [email protected]:andresriancho/w3af-kali.git
cd ..
rm -rf w3af
cd /tmp/
git clone [email protected]:andresriancho/w3af-kali.git
cd w3af-kali
git remote add kali-upstream git://git.kali.org/packages/w3af.git
git fetch -v kali-upstream
git merge kali-upstream/master- http://pkg.kali.org/pkg/w3af
- The steps outlined in this README.md are automated in w3af-kali-ci