application-security - w3af DAST 扫描问题
问题描述
我在安装和使用 w3af 时遇到了多个问题。我将列出问题。请帮我解决这个问题
我使用 sourceforge 页面中的二进制版本在 Windows 中安装 w3af。是否有关于 Windows 安装的文档?
我看到集线器中的 docker 映像是 6 年前更新的。能推最新图吗?
使用现有的 docker 映像,我看不到 crawl.open_api 以使用 w3af 扫描 API。
在尝试 REST API 时,当我使用以下命令 curl -i --globoff -k --no-ssl -H "Content-Type: application/json" -H "User-Agent: python-requests/2.6.1 CPython/2.7.6 Linux/3.13.0-49-generic" -X POST -d {"target_urls": "http://juiceshoptest123456.herokuapp.com/","scan_profile": "[crawl.web_spider]"} -u 管理员:秘密https://127.0.0.1:5000/scans
我收到以下错误
Server: Cowboy
Connection: keep-alive
Access-Control-Allow-Origin: *
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
Feature-Policy: payment 'self'
Content-Type: text/html; charset=utf-8
Vary: Accept-Encoding
Date: Thu, 05 Aug 2021 09:46:17 GMT
Transfer-Encoding: chunked
Via: 1.1 vegur
<html>
<head>
<meta charset='utf-8'>
<title>SyntaxError: Unexpected token t in JSON at position 1</title>
<style>* {
margin: 0;
padding: 0;
outline: 0;
}
body {
padding: 80px 100px;
font: 13px "Helvetica Neue", "Lucida Grande", "Arial";
background: #ECE9E9 -webkit-gradient(linear, 0% 0%, 0% 100%, from(#fff), to(#ECE9E9));
background: #ECE9E9 -moz-linear-gradient(top, #fff, #ECE9E9);
background-repeat: no-repeat;
color: #555;
-webkit-font-smoothing: antialiased;
}
h1, h2 {
font-size: 22px;
color: #343434;
}
h1 em, h2 em {
padding: 0 5px;
font-weight: normal;
}
h1 {
font-size: 60px;
}
h2 {
margin-top: 10px;
}
ul li {
list-style: none;
}
#stacktrace {
margin-left: 60px;
}
</style>
</head>
<body>
<div id="wrapper">
<h1>OWASP Juice Shop (Express ^4.17.1)</h1>
<h2><em>500</em> SyntaxError: Unexpected token t in JSON at position 1</h2>
<ul id="stacktrace"><li> at JSON.parse (<anonymous>)</li><li> at jsonParser (/app/build/server.js:236:33)</li><li> at Layer.handle [as handle_request] (/app/node_modules/express/lib/router/layer.js:95:5)</li><li> at trim_prefix (/app/node_modules/express/lib/router/index.js:317:13)</li><li> at /app/node_modules/express/lib/router/index.js:284:7</li><li> at Function.process_params (/app/node_modules/express/lib/router/index.js:335:12)</li><li> at next (/app/node_modules/express/lib/router/index.js:275:10)</li><li> at /app/node_modules/body-parser/lib/read.js:130:5</li><li> at invokeCallback (/app/node_modules/raw-body/index.js:224:16)</li><li> at done (/app/node_modules/raw-body/index.js:213:7)</li><li> at IncomingMessage.onEnd (/app/node_modules/raw-body/index.js:273:7)</li><li> at IncomingMessage.emit (node:events:381:22)</li><li> at endReadableNT (node:internal/streams/readable:1307:12)</li><li> at processTicksAndRejections (node:internal/process/task_queues:81:21)</li></ul>
</div>
</body>
</html>
curl: (6) Could not resolve host: [crawl.web_spider]}
curl: (35) error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol
- 当我遵循 linux 的现有安装(使用 AWS)时,我收到以下错误,
command: /usr/bin/python2 -c 'import sys, setuptools, tokenize; sys.argv[0] = '"'"'/tmp/pip-install-nSr2ry/lz4/setup.py'"'"'; __file__='"'"'/tmp/pip-install-nSr2ry/lz4/setup.py'"'"';f=getattr(tokenize, '"'"'open'"'"', open)(__file__);code=f.read().replace('"'"'\r\n'"'"', '"'"'\n'"'"');f.close();exec(compile(code, __file__, '"'"'exec'"'"'))' egg_info --egg-base /tmp/pip-pip-egg-info-YLOY_u
cwd: /tmp/pip-install-nSr2ry/lz4/
Complete output (106 lines):
/tmp/easy_install-38pu2k/pytest-runner-5.3.1/temp/easy_install-4V3n1Y/setuptools_scm-6.0.1/src
<pkg_resources.WorkingSet object at 0x7f95a3f41e10>
Traceback (most recent call last):
File "<string>", line 1, in <module>
File "/tmp/pip-install-nSr2ry/lz4/setup.py", line 169, in <module>
'Programming Language :: Python :: 3.6',
File "/usr/lib/python2.7/site-packages/setuptools/__init__.py", line 144, in setup
_install_setup_requires(attrs)
File "/usr/lib/python2.7/site-packages/setuptools/__init__.py", line 139, in _install_setup_requires
dist.fetch_build_eggs(dist.setup_requires)
File "/usr/lib/python2.7/site-packages/setuptools/dist.py", line 719, in fetch_build_eggs
replace_conflicting=True,
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 782, in resolve
replace_conflicting=replace_conflicting
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1065, in best_match
return self.obtain(req, installer)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1077, in obtain
return installer(requirement)
File "/usr/lib/python2.7/site-packages/setuptools/dist.py", line 786, in fetch_build_egg
return cmd.easy_install(req)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 678, in easy_install
return self.install_item(spec, dist.location, tmpdir, deps)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 704, in install_item
dists = self.install_eggs(spec, download, tmpdir)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 889, in install_eggs
return self.build_and_install(setup_script, setup_base)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1157, in build_and_install
self.run_setup(setup_script, setup_base, args)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1143, in run_setup
run_setup(setup_script, args)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 253, in run_setup
raise
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 195, in setup_context
yield
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 166, in save_modules
saved_exc.resume()
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 141, in resume
six.reraise(type, exc, self._tb)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 154, in save_modules
yield saved
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 195, in setup_context
yield
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 250, in run_setup
_execfile(setup_script, ns)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 45, in _execfile
exec(code, globals, locals)
File "/tmp/easy_install-38pu2k/pytest-runner-5.3.1/setup.py", line 21, in <module>
pass
File "/usr/lib/python2.7/site-packages/setuptools/__init__.py", line 144, in setup
_install_setup_requires(attrs)
File "/usr/lib/python2.7/site-packages/setuptools/__init__.py", line 139, in _install_setup_requires
dist.fetch_build_eggs(dist.setup_requires)
File "/usr/lib/python2.7/site-packages/setuptools/dist.py", line 719, in fetch_build_eggs
replace_conflicting=True,
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 782, in resolve
replace_conflicting=replace_conflicting
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1065, in best_match
return self.obtain(req, installer)
File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 1077, in obtain
return installer(requirement)
File "/usr/lib/python2.7/site-packages/setuptools/dist.py", line 786, in fetch_build_egg
return cmd.easy_install(req)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 678, in easy_install
return self.install_item(spec, dist.location, tmpdir, deps)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 704, in install_item
dists = self.install_eggs(spec, download, tmpdir)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 889, in install_eggs
return self.build_and_install(setup_script, setup_base)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1157, in build_and_install
self.run_setup(setup_script, setup_base, args)
File "/usr/lib/python2.7/site-packages/setuptools/command/easy_install.py", line 1143, in run_setup
run_setup(setup_script, args)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 253, in run_setup
raise
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 195, in setup_context
yield
File "/usr/lib64/python2.7/contextlib.py", line 35, in __exit__
self.gen.throw(type, value, traceback)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 166, in save_modules
saved_exc.resume()
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 141, in resume
six.reraise(type, exc, self._tb)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 154, in save_modules
yield saved
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 195, in setup_context
yield
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 250, in run_setup
_execfile(setup_script, ns)
File "/usr/lib/python2.7/site-packages/setuptools/sandbox.py", line 45, in _execfile
exec(code, globals, locals)
File "/tmp/easy_install-38pu2k/pytest-runner-5.3.1/temp/easy_install-4V3n1Y/setuptools_scm-6.0.1/setup.py", line 52, in <module>
File "/tmp/easy_install-38pu2k/pytest-runner-5.3.1/temp/easy_install-4V3n1Y/setuptools_scm-6.0.1/setup.py", line 29, in scm_config
File "/tmp/easy_install-38pu2k/pytest-runner-5.3.1/temp/easy_install-4V3n1Y/setuptools_scm-6.0.1/src/setuptools_scm/__init__.py", line 8, in <module>
File "/tmp/easy_install-38pu2k/pytest-runner-5.3.1/temp/easy_install-4V3n1Y/setuptools_scm-6.0.1/src/setuptools_scm/config.py", line 6, in <module>
File "/tmp/easy_install-38pu2k/pytest-runner-5.3.1/temp/easy_install-4V3n1Y/setuptools_scm-6.0.1/src/setuptools_scm/utils.py", line 41
print(*k)
^
SyntaxError: invalid syntax
----------------------------------------
ERROR: Command errored out with exit status 1: python setup.py egg_info Check the logs for full command output. ```
can someone help me on this please.
please help
Thanks in advance
解决方案
推荐阅读
- sql - 何时创建子类型或仅使用可选属性
- react-native - 如何隐藏反应原生焦点输入边框?
- validation - 如何在 NestJS 中使用 Prisma 和 ValidationPipe?
- c - 除了使用字符串文字之外,还有其他方法可以在 C 中指定或输入 Unicode 代码点吗?
- database - app.blade.php laravel5.4 中未定义的变量
- android - 当应用程序不在前台时,如何删除通知而不删除其气泡?
- sql - 基于其他表中特定值的外键约束
- java - Java的方法参考
- r - 将 data.frame 的摘要转换为数据框
- html - SpeechSynthesis.speak 什么时候可以在 iOS Safari 上运行?