This repository contains all files required to build the w3af package for Kali.

Building a new package

Building a new Kali package for w3af requires these steps to be completed:

Install the required tools

sudo apt-get install devscripts git-buildpackage debhelper debootstrap

Get this repository

git clone [email protected]:andresriancho/w3af-kali.git
cd w3af-kali
git checkout upstream
git checkout pristine-tar
git checkout master

Get the latest from Kali repositories

The Kali developers are really active and might add more patches or package dependencies. So before performing any change on our side, lets pull from upstream:

git remote add kali-upstream git://git.kali.org/packages/w3af.git
git fetch -v kali-upstream
git merge kali-upstream/master

Update the w3af version

Set the version to package:

# Define the version
VERSION=1.6.45

When the code being packaged needs to be updated you'll have to tag it in the w3af repository and then:

# Tag the new release in the w3af repository
cd w3af/
git tag $VERSION
git push origin --tags

# And now in w3af-kali
cd w3af-kali/
# This downloads the updated tagged version from your git repo
uscan --force-download --verbose
git-import-orig ../w3af_$VERSION.orig.tar.gz

Please note that the second and last commands will change depending on the version tag.

Package dependencies

w3af's dependencies change frequently and are listed here . When we add a new dependency to upstream we then add extra work to the packaging process. These are some of the recommended steps to follow to make sure all dependencies are up to date:

• Check requirements.py file history to identify any changes
• Find the two Depends: entries in the debian/control file and make sure all pip and OS packages from requirements.py are listed there. It's important to identify the version of each Kali package, please verify the versions using http://pkg.kali.org/
• If there is a missing library that needs to be packaged contact the Kali developers

Build the package

cd w3af-kali/

# Add the new release changelog entry, pointing to the right version
# so dpkg-buildpackage can find the tgz
dch -v $VERSION-0kali1 -D kali
git commit debian/changelog -m $VERSION

dpkg-checkbuilddeps

# -uc and -us disable PGP signing (which we don't need, Kali devs will
# sign the final package)
#
# --git-ignore-new ignores any changes to the local directory
#
# -b builds binary only package
git-buildpackage --git-ignore-new -b -uc -us

The last command can fail because of one of the following:

• Outdated patches (Hunk #1 FAILED at), which you fix using quilt

Testing the .deb files

• Build a base Kali docker image using docker/build.sh, or use the one available at docker pull andresriancho/kali
• Create a w3af-kali build:

cd w3af-kali/
cp ../*$VERSION*.deb docker/
cd docker/
# edit the Dockerfile to ADD the required .deb files, and then build the image:
sudo docker build -t andresriancho/w3af-kali .

• Run the image using docker run -i -t --rm andresriancho/w3af-kali . If the return code of that command is 0 then w3af was properly installed and the scan found all the expected stuff.

Push the changes to this repository

git push origin pristine-tar
git push origin upstream

Push to Kali repositories

Pushing to Kali repositories is not under our control, so we need to bother one of the Kali maintainers.

Once they push the package we can see it here.

Creation of this repository

This repository is a copy of Kali Linux's w3af repository which was created using these commands:

cd /tmp/
apt-get source w3af
git-import-dsc w3af*.dsc
cd w3af
git push --mirror [email protected]:andresriancho/w3af-kali.git
cd ..
rm -rf w3af
cd /tmp/
git clone [email protected]:andresriancho/w3af-kali.git
cd w3af-kali
git remote add kali-upstream git://git.kali.org/packages/w3af.git
git fetch -v kali-upstream
git merge kali-upstream/master

Resources

• http://pkg.kali.org/pkg/w3af