Tuesday 19 April 2016

Wapiti 2.3.0 on Ubuntu 14.04


Requirement : - python 2.6 or later

get the wapiti-2.3.0.tar.gz from https://sourceforge.net/projects/wapiti/files/wapiti/wapiti-2.3.0/,

cd /usr/local/src
wget https://sourceforge.net/projects/wapiti/files/wapiti/wapiti-2.3.0/wapiti-2.3.0.tar.gz
tar -xzvf wapiti-2.3.0.tar.gz

python setup.py install

Traceback (most recent call last):
  File "setup.py", line 2, in <module>
    from setuptools import setup, find_packages
ImportError: No module named setuptools

 apt-get install python-setuptools

 python setup.py install


In the prompt, just type the following command to get the basic usage :

python wapiti -h


python wapiti.py http://server.com/base/url/ [options]

Example :wapiti http://domainname.com/

Ref :- https://sourceforge.net/projects/wapiti/files/wapiti/wapiti-2.3.0/

Thursday 14 April 2016

Install Apache Spark on Ubuntu 14.04


Install Scala

To install Java in Ubuntu machine,
apt-add-repository ppa:webupd8team/java
apt-get update
apt-get install oracle-java7-installer
java -version

java version "1.7.0_80"
Java(TM) SE Runtime Environment (build 1.7.0_80-b15)
Java HotSpot(TM) 64-Bit Server VM (build 24.80-b11, mixed mode)

cd /usr/local/src/
wget http://www.scala-lang.org/files/archive/scala-2.11.8.tgz
sudo mkdir /usr/local/src/scala


tar xvf scala-2.11.8.tgz -C /usr/local/src/scala/

vi .bashrc
export SCALA_HOME=/usr/local/src/scala/scala-2.11.8
export PATH=$SCALA_HOME/bin:$PATH

restart bashrc
. .bash

scala -version
Scala code runner version 2.11.8 -- Copyright 2002-2016, LAMP/EPFL

scala
Welcome to Scala 2.11.8 (Java HotSpot(TM) 64-Bit Server VM, Java 1.7.0_80).
Type in expressions for evaluation. Or try :help.
scala>

Install Spark

cd /usr/local/src/
wget http://d3kbcqa49mib13.cloudfront.net/spark-1.6.1.tgz
tar xvf spark-1.6.1.tgz
cd spark-1.6.1/


SBT(Simple Build Tool) is used for building Spark, which is bundled with it. To compile the code,
 
sbt/sbt assembly
NOTE: The sbt/sbt script has been relocated to build/sbt.
      Please update references to point to the new location.

      Invoking 'build/sbt assembly' now ...

Attempting to fetch sbt
Launching sbt from build/sbt-launch-0.13.7.jar
Getting org.scala-sbt sbt 0.13.7 ...
.....................................
[info] Packaging /usr/local/src/spark-1.6.1/assembly/target/scala-2.10/spark-assembly-1.6.1-hadoop2.2.0.jar ...
[info] Done packaging.
[success] Total time: 2597 s, completed Apr 14, 2016 5:01:34 PM

test a sample program

./bin/run-example SparkPi 10
Pi is roughly 3.139988

run Spark interactively through the Scala shell
./bin/spark-shell

scala> val textFile = sc.textFile("README.md")
textFile: org.apache.spark.rdd.RDD[String] = README.md MapPartitionsRDD[1] at textFile at <console>:27

scala> textFile.count()
res0: Long = 95

scala> exit

If want to check some particular sections of spark using shell.
For example run MQTT interactevely, the mqtt is defined under external for import that into spark-shell just follow the instructions

sbt/sbt "streaming-mqtt/package"
bin/spark-shell --driver-class-path external/mqtt/target/scala-2.10/spark-streaming-mqtt_2.10-1.1.0.jar
scala> import org.apache.spark.streaming.mqtt._

Ref : http://blog.prabeeshk.com/blog/2014/10/31/install-apache-spark-on-ubuntu-14-dot-04/

Tuesday 12 April 2016

Wapiti on ubuntu 14.04


Wapiti is an open source web application vulnerability scanner. It can detect the following vulnerabilities:

backup: This module search backup of scripts on the server.
blindsql: Time-based blind sql scanner.
crlf: Search for CR/LF injection in HTTP headers.
exec: Module used to detect command execution vulnerabilities.
file: Search for include()/fread() and other file handling vulns.
htaccess: Try to bypass weak htaccess configurations.
nikto: Use a Nikto database to search for potentially dangerous files.
permanentxss: Look for permanent XSS.
sql: Standard error-based SQL injection scanner.
xss: Module for XSS detection.
buster: Module for a file and directory buster attack – checking for “bad” files.
shellshock: Module for Shellshock bug detection.

sudo apt-get install wapiti

wapiti http://example.org/cool-things -u -n 5 -b domain -v 2 -o /tmp/outfilename

-u, --color
    use colours

-b, --scope
    set the scope of the scan:
    page: only analyse the page given in the url
    folder: analyse all urls in the root url given (default option)
    domain: analyse all links to pages in the same domain

-n, --nice
    use this to prevent infinite loops, I usually go with 5

-f, --format
    change the output format
    json:
    html:
    openvas:
    txt:
    vulneranet:
    xml:

-v verbose
    0: none
    1: print each url
    2) print each attack

# if you dont specify a -v flag, then you get a blank screen for ages

Ref:- https://jonathansblog.co.uk/wapiti-tutorial

Friday 1 April 2016

Creating a FEDERATED Table on MySQL


The FEDERATED Storage Engine

The FEDERATED storage engine lets you access data from a remote MySQL database without using replication or cluster technology. Querying a local FEDERATED table automatically pulls the data from the remote (federated) tables. No data is stored on the local tables.

mysql>  show engines;
| FEDERATED          | NO      | Federated MySQL storage engine

vi /etc/mysql/my.cnf
under [mysqld]
federated
   
mysql>  show engines;      
| FEDERATED          | YES     | Federated MySQL storage engine

/etc/init.d/mysql restart


SAMPLE 1

CREATE TABLE destination_databasename.`table_name_1_dtl` (
  Provider_ID VARCHAR(100) NOT NULL,
  Provider_Name VARCHAR(250) NOT NULL,
  Provider_Type VARCHAR(100) NOT NULL,
  Address VARCHAR(255) DEFAULT NULL,
  District_Name VARCHAR(100) NOT NULL,
  Provider_Phone_Number VARCHAR(50) NOT NULL,
  Specialty_Name VARCHAR(100) NOT NULL,
  Availability_of_Pharmacy_or_ChemistShop_within_Hospital TINYINT(1) DEFAULT NULL,
  Laboratory TINYINT(1) DEFAULT NULL,
  Empanelment_Status VARCHAR(50) DEFAULT NULL,
  Empanelment_Valid_Upto DATE DEFAULT NULL,
  De_Empaneled_Reason VARCHAR(250) DEFAULT NULL,
  Contact_Person VARCHAR(200) DEFAULT NULL,
  PRIMARY KEY (Provider_ID)
) ENGINE=FEDERATED DEFAULT CHARSET=utf8
CONNECTION='mysql://root:ussgnovbl5r@localhost:3306/source_databasename/table_1_name_dtl';

SAMPLE 2

CREATE TABLE destination_databasename.`table_name_2_dtl` (
  Package_ID VARCHAR(100) CHARACTER SET latin1 NOT NULL,
  Dept_ID VARCHAR(100) CHARACTER SET latin1 DEFAULT NULL,
  DeptSI_No VARCHAR(200) CHARACTER SET latin1 DEFAULT NULL,
  Package_Type VARCHAR(200) CHARACTER SET latin1 NOT NULL,
  Category VARCHAR(200) DEFAULT NULL,
  Specialty VARCHAR(200) CHARACTER SET latin1 DEFAULT NULL,
  Sub_Specialty VARCHAR(200) CHARACTER SET latin1 DEFAULT NULL,
  Package_Name VARCHAR(255) CHARACTER SET latin1 NOT NULL,
  Length_of_Stay VARCHAR(50) DEFAULT NULL,
  Rate_Card_A DECIMAL(65,2) NOT NULL,
  Rate_Card_B DECIMAL(65,2) DEFAULT NULL,
  Rate_Card_C DECIMAL(65,2) DEFAULT NULL,
  PRIMARY KEY (Package_ID),
  KEY Package_Type (Package_Type),
  KEY Package_Name (Package_Name),
  KEY Rate_Card_A (Rate_Card_A,Rate_Card_B,Rate_Card_C)
) ENGINE=FEDERATED DEFAULT CHARSET=utf8
CONNECTION='mysql://root:ussgnovbl5r@localhost:3306/source_databasename/table_2_name_dtl';

SAMPLE 3

CREATE TABLE destination_databasename.`table_name_3_dtl` (
  Preauth_Status VARCHAR(100) DEFAULT NULL,
  Total BIGINT(21) NOT NULL DEFAULT '0',
  Approved_Amount DECIMAL(65,2) DEFAULT NULL
) ENGINE=FEDERATED DEFAULT CHARSET=utf8
CONNECTION='mysql://root:ussgnovbl5r@localhost:3306/source_databasename/table_2_name_dtl';

Ref:- http://dev.mysql.com/doc/refman/5.7/en/federated-storage-engine.html