skipfish is a high-performance, easy, and sophisticated Web application

security testing tool. It features a single-threaded multiplexing
HTTP stack, heuristic detection of obscure Web frameworks, and
advanced, differential security checks capable of detecting blind
injection vulnerabilities, stored XSS, and so forth.

PR:	ports/144942
Submitted by:	Ryan Steinmetz <rpsfa@rit.edu>
Approved by:	itetcu (mentor)
WWW:	http://code.google.com/p/skipfish/
This commit is contained in:
Niels Heinen 2010-03-25 06:43:37 +00:00
parent d5bf4584cf
commit 5832e3c6bf
Notes: svn2git 2021-03-31 03:12:20 +00:00
svn path=/head/; revision=251480
7 changed files with 126 additions and 0 deletions

View file

@ -768,6 +768,7 @@
SUBDIR += signing-party
SUBDIR += silktools
SUBDIR += sinfp
SUBDIR += skipfish
SUBDIR += sks
SUBDIR += slurpie
SUBDIR += slush

View file

@ -0,0 +1,44 @@
# New ports collection makefile for: skipfish
# Date created: 2010-03-25
# Whom: rpsfa@rit.edu
#
# $FreeBSD$
PORTNAME= skipfish
PORTVERSION= 1.11b
CATEGORIES= security
MASTER_SITES= ${MASTER_SITE_GOOGLE_CODE}
EXTRACT_SUFX= .tgz
MAINTAINER= rpsfa@rit.edu
COMMENT= A fully automated, active web application security reconnaissance tool
LIB_DEPENDS= idn.16:${PORTSDIR}/dns/libidn
SUB_FILES= pkg-message
WRKSRC= ${WRKDIR}/${PORTNAME}
.if !defined(NOPORTDOCS)
PORTDOCS= README COPYING ChangeLog
.endif
post-patch:
@${SED} -ie 's:assets:${DATADIR}/assets:g' ${WRKSRC}/report.c
@${SED} -ie 's:assets/:${DATADIR}/assets/:g' ${WRKSRC}/skipfish.c
@${SED} -ie 's:skipfish.wl:${DATADIR}/dictionaries/default.wl:g' ${WRKSRC}/config.h
do-install:
${INSTALL_PROGRAM} ${WRKSRC}/skipfish ${PREFIX}/bin/skipfish
(cd ${WRKSRC}/assets/ && ${COPYTREE_SHARE} . ${DATADIR}/assets/)
(cd ${WRKSRC}/dictionaries/ && ${COPYTREE_SHARE} . ${DATADIR}/dictionaries/)
.if !defined(NOPORTDOCS)
${MKDIR} ${DOCSDIR}
. for doc in ${PORTDOCS}
${INSTALL_DATA} ${WRKSRC}/${doc} ${DOCSDIR}
. endfor
.endif
post-install:
@${CAT} ${PKGMESSAGE}
.include <bsd.port.mk>

View file

@ -0,0 +1,3 @@
MD5 (skipfish-1.11b.tgz) = 49b2e116808688c5e52378dfe568c885
SHA256 (skipfish-1.11b.tgz) = ed3d45cf54770db9cae12422c36f1e3f90857da4381a47956b355bc9d7f35ea0
SIZE (skipfish-1.11b.tgz) = 170563

View file

@ -0,0 +1,15 @@
--- Makefile.orig 2010-03-22 20:34:04.000000000 +0100
+++ Makefile 2010-03-22 20:34:40.000000000 +0100
@@ -35,9 +35,9 @@
$(PROGNAME): $(PROGNAME).c $(OBJFILES) $(INCFILES)
$(CC) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_OPT) $(OBJFILES) $(LDFLAGS)
- @echo
- @echo "NOTE: See dictionaries/README-FIRST to pick a dictionary for the tool."
- @echo
+# @echo
+# @echo "NOTE: See dictionaries/README-FIRST to pick a dictionary for the tool."
+# @echo
debug: $(PROGNAME).c $(OBJFILES) $(INCFILES)
$(CC) $(PROGNAME).c -o $(PROGNAME) $(CFLAGS_DBG) $(OBJFILES) $(LDFLAGS)

View file

@ -0,0 +1,14 @@
******************************************************************
The FreeBSD port is configured to use the "default" dictionary but
it's highly recommended to read the dictionaries document first in
order to pick the right dictionary
%%DATADIR%%/dictionaries/README-FIRST
The skipfish dictionaries have been installed in the following
directory:
%%DATADIR%%/dictionaries/
******************************************************************

View file

@ -0,0 +1,16 @@
A fully automated, active web application security reconnaissance
tool. Key features:
* High speed: pure C code, highly optimized HTTP handling, minimal
CPU footprint - easily achieving 2000 requests per second with
responsive targets.
* Ease of use: heuristics to support a variety of quirky web
frameworks and mixed-technology sites, with automatic learning
capabilities, on-the-fly wordlist creation, and form autocompletion.
* Cutting-edge security logic: high quality, low false positive,
differential security checks, capable of spotting a range of subtle
flaws, including blind injection vectors.
WWW: http://code.google.com/p/skipfish

View file

@ -0,0 +1,33 @@
bin/skipfish
%%DATADIR%%/assets/COPYING
%%DATADIR%%/assets/i_high.png
%%DATADIR%%/assets/i_low.png
%%DATADIR%%/assets/i_medium.png
%%DATADIR%%/assets/i_note.png
%%DATADIR%%/assets/i_warn.png
%%DATADIR%%/assets/index.html
%%DATADIR%%/assets/mime_entry.png
%%DATADIR%%/assets/n_children.png
%%DATADIR%%/assets/n_clone.png
%%DATADIR%%/assets/n_collapsed.png
%%DATADIR%%/assets/n_expanded.png
%%DATADIR%%/assets/n_failed.png
%%DATADIR%%/assets/n_maybe_missing.png
%%DATADIR%%/assets/n_missing.png
%%DATADIR%%/assets/n_unlinked.png
%%DATADIR%%/assets/p_dir.png
%%DATADIR%%/assets/p_file.png
%%DATADIR%%/assets/p_param.png
%%DATADIR%%/assets/p_pinfo.png
%%DATADIR%%/assets/p_serv.png
%%DATADIR%%/assets/p_unknown.png
%%DATADIR%%/assets/p_value.png
%%DATADIR%%/assets/sf_name.png
%%DATADIR%%/dictionaries/README-FIRST
%%DATADIR%%/dictionaries/complete.wl
%%DATADIR%%/dictionaries/default.wl
%%DATADIR%%/dictionaries/extensions-only.wl
%%DATADIR%%/dictionaries/minimal.wl
@dirrm %%DATADIR%%/dictionaries
@dirrm %%DATADIR%%/assets
@dirrm %%DATADIR%%