Overview

File wapiti.spec of Package wapiti

#
# spec file for package wapiti
#
# Copyright (c) 2021 The openSUSE Project.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via http://bugs.opensuse.org/
#


Name:           wapiti
Version:        3.0.5
Release:        0
Summary:        A web application vulnerability scanner
License:        GPL-2.0
Group:          Productivity/Networking/Security
URL:            http://wapiti.sourceforge.net/
Source0:        wapiti3-%{version}.tar.gz
BuildRequires:  fdupes
BuildRequires:  python-rpm-macros
BuildRequires:  python3-setuptools
BuildRequires:  python3-pip
BuildRequires:  python3-pytest-runner
BuildRequires:  python3-base

Requires:       python3-Mako
Requires:       python3-PySocks
Requires:       python3-beautifulsoup4
Requires:       python3-lxml
Requires:       python3-requests
Requires:       python3-tld
Requires:       python3-yaswfp
BuildArch:      noarch

%define pythons python3
%define skip_python2 1

%lang_package

%description
Wapiti allows you to audit the security of your web applications.

It performs "black-box" scans, i.e. it does not study the source code of the
application but will scans the webpages of the deployed webapp, looking for
scripts and forms where it can inject data.

Once it gets this list, Wapiti acts like a fuzzer, injecting payloads to see if
a script is vulnerable.

Wapiti is useful only to discover vulnerabilities: it is not an exploitation
tools. Some well known applications can be used for the exploitation part like
the recommended sqlmap.

%prep
%setup -q -n wapiti3-%{version}
# Fix DOC_DIR for openSUSE
sed -i 's:DOC_DIR =.*:DOC_DIR = "share/doc/packages/%{name}":' setup.py
# Don't use env in interpreter in order the RPM's runtime dependency detection to work
find . -name "*.py" -exec sed -i 's:/usr/bin/env python3:/usr/bin/python3:' '{}' \;

%build
%python3_build

%install
%python3_install

# Fix executable bits for rpmlint
find %{buildroot}%{python3_sitelib}/wapitiCore -name "*.py" -a ! -name "__init__.py" -exec chmod 0755 '{}' +
chmod +x %{buildroot}%{python3_sitelib}/wapitiCore/__init__.py

# Remove shebang from ./wapitiCore/report/__init__.py
sed -i '1d' %{buildroot}%{python3_sitelib}/wapitiCore/report/__init__.py

# Add shebang to executable scripts where missing

sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/attack/mod_brute_login_form.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/attack/mod_cookieflags.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/attack/mod_csp.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/attack/mod_drupal_enum.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/attack/mod_http_headers.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/attack/mod_wp_enum.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/definitions/fingerprint_webapp.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/definitions/fingerprint_webserver.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/net/csp_utils.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/net/xss_utils.py
sed -i '1 i\#!/usr/bin/python3' %{buildroot}%{python3_sitelib}/wapitiCore/wappalyzer/wappalyzer.py


# Fix duplication for rpmlint
%fdupes -s %{buildroot}%{python3_sitelib}/wapitiCore

%files
%{_bindir}/wapiti
%{_bindir}/wapiti-getcookie
%{_defaultdocdir}/%{name}
%{python3_sitelib}/%{name}3-%{version}-py%{py3_ver}.egg-info/
%{python3_sitelib}/wapitiCore/
%{_mandir}/man1/wapiti-getcookie.1%{ext_man}
%{_mandir}/man1/wapiti.1%{ext_man}
%exclude %{python3_sitelib}/wapitiCore/data/language/

%files lang
%{python3_sitelib}/wapitiCore/data/language
%lang(de) %{python3_sitelib}/wapitiCore/data/language/de/LC_MESSAGES/wapiti.mo
%lang(en) %{python3_sitelib}/wapitiCore/data/language/en/LC_MESSAGES/wapiti.mo
%lang(es) %{python3_sitelib}/wapitiCore/data/language/es/LC_MESSAGES/wapiti.mo
%lang(fr) %{python3_sitelib}/wapitiCore/data/language/fr/LC_MESSAGES/wapiti.mo
%lang(ms) %{python3_sitelib}/wapitiCore/data/language/ms/LC_MESSAGES/wapiti.mo
%lang(pt) %{python3_sitelib}/wapitiCore/data/language/pt/LC_MESSAGES/wapiti.mo
%lang(zh) %{python3_sitelib}/wapitiCore/data/language/zh/LC_MESSAGES/wapiti.mo

%changelog
openSUSE Build Service is sponsored by
Places