skipfish is a high-performance, easy, and sophisticated Web application

security testing tool. It features a single-threaded multiplexing HTTP stack, heuristic detection of obscure Web frameworks, and advanced, differential security checks capable of detecting blind injection vulnerabilities, stored XSS, and so forth. PR: ports/144942 Submitted by: Ryan Steinmetz <rpsfa@rit.edu> Approved by: itetcu (mentor) WWW: http://code.google.com/p/skipfish/
svn path=/head/; revision=251480
2010-03-25 06:43:37 +00:00 · 2010-03-25 06:43:37 +00:00 · 5832e3c6bf · 2021-03-31 03:12:20 +00:00
commit 5832e3c6bf
parent d5bf4584cf
7 changed files with 126 additions and 0 deletions
--- a/security/Makefile
+++ b/security/Makefile
@ -768,6 +768,7 @@
    SUBDIR += signing-party
    SUBDIR += silktools
    SUBDIR += sinfp
+    SUBDIR += skipfish
    SUBDIR += sks
    SUBDIR += slurpie
    SUBDIR += slush
--- a/security/skipfish/Makefile
+++ b/security/skipfish/Makefile
@ -0,0 +1,44 @@
+# New ports collection makefile for:    skipfish
+# Date created:         2010-03-25
+# Whom:                 rpsfa@rit.edu
+#
+# $FreeBSD$
+
+PORTNAME=	skipfish
+PORTVERSION=	1.11b
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_GOOGLE_CODE}
+EXTRACT_SUFX=	.tgz
+
+MAINTAINER=	rpsfa@rit.edu
+COMMENT=	A fully automated, active web application security reconnaissance tool
+
+LIB_DEPENDS=	idn.16:${PORTSDIR}/dns/libidn
+SUB_FILES=	pkg-message
+
+WRKSRC=		${WRKDIR}/${PORTNAME}
+
+.if !defined(NOPORTDOCS)
+PORTDOCS=	README COPYING ChangeLog
+.endif
+
+post-patch:
+	@${SED} -ie 's:assets:${DATADIR}/assets:g' ${WRKSRC}/report.c
+	@${SED} -ie 's:assets/:${DATADIR}/assets/:g' ${WRKSRC}/skipfish.c
+	@${SED} -ie 's:skipfish.wl:${DATADIR}/dictionaries/default.wl:g' ${WRKSRC}/config.h
+
+do-install:
+	${INSTALL_PROGRAM} ${WRKSRC}/skipfish ${PREFIX}/bin/skipfish
+	(cd ${WRKSRC}/assets/ && ${COPYTREE_SHARE} . ${DATADIR}/assets/)
+	(cd ${WRKSRC}/dictionaries/ && ${COPYTREE_SHARE} . ${DATADIR}/dictionaries/)
+.if !defined(NOPORTDOCS)
+	${MKDIR} ${DOCSDIR}
+.	for doc in ${PORTDOCS}
+		${INSTALL_DATA} ${WRKSRC}/${doc} ${DOCSDIR}
+.	endfor
+.endif
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>
--- a/security/skipfish/distinfo
+++ b/security/skipfish/distinfo
@ -0,0 +1,3 @@
+MD5 (skipfish-1.11b.tgz) = 49b2e116808688c5e52378dfe568c885
+SHA256 (skipfish-1.11b.tgz) = ed3d45cf54770db9cae12422c36f1e3f90857da4381a47956b355bc9d7f35ea0
+SIZE (skipfish-1.11b.tgz) = 170563
--- a/security/skipfish/files/patch-aa
+++ b/security/skipfish/files/patch-aa
@ -0,0 +1,15 @@
+--- Makefile.orig	2010-03-22 20:34:04.000000000 +0100
+++ Makefile	2010-03-22 20:34:40.000000000 +0100
+@@ -35,9 +35,9 @@
+ 
+ $(PROGNAME): $(PROGNAME).c $(OBJFILES) $(INCFILES)
+ 	$(CC) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_OPT) $(OBJFILES) $(LDFLAGS)
+-	@echo
+-	@echo "NOTE: See dictionaries/README-FIRST to pick a dictionary for the tool."
+-	@echo
+#	@echo
+#	@echo "NOTE: See dictionaries/README-FIRST to pick a dictionary for the tool."
+#	@echo
+ 
+ debug: $(PROGNAME).c $(OBJFILES) $(INCFILES)
+ 	$(CC) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_DBG) $(OBJFILES) $(LDFLAGS)
--- a/security/skipfish/files/pkg-message.in
+++ b/security/skipfish/files/pkg-message.in
@ -0,0 +1,14 @@
+
+******************************************************************
+The FreeBSD port is configured to use the "default" dictionary but
+it's highly recommended to read the dictionaries document first in
+order to pick the right dictionary
+
+%%DATADIR%%/dictionaries/README-FIRST
+
+The skipfish dictionaries have been installed in the following
+directory:
+
+%%DATADIR%%/dictionaries/
+******************************************************************
+
--- a/security/skipfish/pkg-descr
+++ b/security/skipfish/pkg-descr
@ -0,0 +1,16 @@
+A fully automated, active web application security reconnaissance
+tool. Key features:
+
+* High speed: pure C code, highly optimized HTTP handling, minimal
+  CPU footprint - easily achieving 2000 requests per second with 
+  responsive targets. 
+
+* Ease of use: heuristics to support a variety of quirky web 
+  frameworks and mixed-technology sites, with automatic learning 
+  capabilities, on-the-fly wordlist creation, and form autocompletion. 
+
+* Cutting-edge security logic: high quality, low false positive, 
+  differential security checks, capable of spotting a range of subtle 
+  flaws, including blind injection vectors. 
+
+WWW: http://code.google.com/p/skipfish
--- a/security/skipfish/pkg-plist
+++ b/security/skipfish/pkg-plist
@ -0,0 +1,33 @@
+bin/skipfish
+%%DATADIR%%/assets/COPYING
+%%DATADIR%%/assets/i_high.png
+%%DATADIR%%/assets/i_low.png
+%%DATADIR%%/assets/i_medium.png
+%%DATADIR%%/assets/i_note.png
+%%DATADIR%%/assets/i_warn.png
+%%DATADIR%%/assets/index.html
+%%DATADIR%%/assets/mime_entry.png
+%%DATADIR%%/assets/n_children.png
+%%DATADIR%%/assets/n_clone.png
+%%DATADIR%%/assets/n_collapsed.png
+%%DATADIR%%/assets/n_expanded.png
+%%DATADIR%%/assets/n_failed.png
+%%DATADIR%%/assets/n_maybe_missing.png
+%%DATADIR%%/assets/n_missing.png
+%%DATADIR%%/assets/n_unlinked.png
+%%DATADIR%%/assets/p_dir.png
+%%DATADIR%%/assets/p_file.png
+%%DATADIR%%/assets/p_param.png
+%%DATADIR%%/assets/p_pinfo.png
+%%DATADIR%%/assets/p_serv.png
+%%DATADIR%%/assets/p_unknown.png
+%%DATADIR%%/assets/p_value.png
+%%DATADIR%%/assets/sf_name.png
+%%DATADIR%%/dictionaries/README-FIRST
+%%DATADIR%%/dictionaries/complete.wl
+%%DATADIR%%/dictionaries/default.wl
+%%DATADIR%%/dictionaries/extensions-only.wl
+%%DATADIR%%/dictionaries/minimal.wl
+@dirrm %%DATADIR%%/dictionaries
+@dirrm %%DATADIR%%/assets
+@dirrm %%DATADIR%%