Overview:

Pantera uses an improved version of SpikeProxy to provide a powerful web
application analysis engine.

Goals:
The primary goal of Pantera is to combine automated capabilities with complete
manual testing to get the best penetration testing results.

WWW: http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project

PR:		ports/105291
Submitted by:	Yonatan <onatan at gmail.com>

security/Makefile

@@ -498,6 +498,7 @@
     SUBDIR += pam_smb
     SUBDIR += pamsfs
     SUBDIR += pamtester
+    SUBDIR += pantera
     SUBDIR += parano
     SUBDIR += pbnj
     SUBDIR += pear-Auth

security/pantera/Makefile

@@ -0,0 +1,43 @@
+# Ports collection makefile for:  pantera
+# Date created:			  8 Nov 2006
+# Whom:				  Yonatan <onatan@gmail.com>
+#
+# $FreeBSD$
+#
+
+PORTNAME=	pantera
+PORTVERSION=	0.1.1
+CATEGORIES=	security
+MASTER_SITES=	${MASTER_SITE_SOURCEFORGE}
+MASTER_SITE_SUBDIR=	owasp
+DISTNAME=	Pantera_Release_${PORTVERSION}
+
+MAINTAINER=	onatan@gmail.com
+COMMENT=	Web Application Penetration Testing Suite
+
+BUILD_DEPENDS=	${PYTHON_SITELIBDIR}/OpenSSL/SSL.so:${PORTSDIR}/security/py-openssl \
+		${PYTHON_SITELIBDIR}/MySQLdb/connections.pyc:${PORTSDIR}/databases/py-MySQLdb-devel
+RUN_DEPENDS=	${BUILD_DEPENDS}
+
+.if !defined(WITHOUT_MYSQL_SERVER)
+BUILD_DEPENDS+=	mysql:${PORTSDIR}/databases/mysql${MYSQL_VER}-server
+.endif
+
+WRKSRC=		${WRKDIR}/Pantera_Release
+USE_ZIP=	yes
+USE_PYTHON=	yes
+USE_MYSQL=	yes
+NO_BUILD=	yes
+SUB_FILES=	pkg-message pantera.sh
+SUB_LIST+=	SCRIPTDIR=${SCRIPTDIR}
+PKGMESSAGE=	${WRKDIR}/pkg-message
+
+do-install:
+	@${MKDIR} ${DATADIR}
+	${CP} -Rp ${WRKSRC}/* ${DATADIR}/
+	${INSTALL_SCRIPT} ${WRKDIR}/pantera.sh ${PREFIX}/bin
+
+post-install:
+	@${CAT} ${PKGMESSAGE}
+
+.include <bsd.port.mk>

security/pantera/distinfo

@@ -0,0 +1,3 @@
+MD5 (Pantera_Release_0.1.1.zip) = f6c29bb2d28ad6f0cbaab6d51bcd2b84
+SHA256 (Pantera_Release_0.1.1.zip) = 4a0ac77bade1656a9a9d02d1af9e01164ca9e35b450c16fff2c79678fc4c563a
+SIZE (Pantera_Release_0.1.1.zip) = 1786718

security/pantera/files/pantera.sh.in

@@ -0,0 +1,5 @@
+#!/bin/sh
+DIR=`pwd`
+cd %%DATADIR%%
+python pantera.py
+cd $DIR

security/pantera/files/pkg-message.in

@@ -0,0 +1,9 @@
+If this is the first time you use Pantera, and the first time you install
+MySQL server, then this shell script can take care of the database installation
+for you:
+%%SCRIPTDIR%%/pantera-install.sh
+otherwise, read the script carefully to see what manual steps should be done.
+Too, please note for the time being Pantera is not upgrade-safe:
+New versions on the port will surely destroy your configuration file 
+(panteracfg.xml) and likely will not have easy migration path to data already
+stored in the database.

security/pantera/pkg-descr

@@ -0,0 +1,9 @@
+Overview:
+Pantera uses an improved version of SpikeProxy to provide a powerful web
+application analysis engine.
+
+Goals:
+The primary goal of Pantera is to combine automated capabilities with complete
+manual testing to get the best penetration testing results. 
+
+WWW: http://www.owasp.org/index.php/Category:OWASP_Pantera_Web_Assessment_Studio_Project

security/pantera/pkg-plist

@@ -0,0 +1,277 @@
+bin/pantera.sh
+%%DATADIR%%/CA.cert
+%%DATADIR%%/CA.pkey
+%%DATADIR%%/CHANGELOG.txt
+%%DATADIR%%/CREDITS.txt
+%%DATADIR%%/INSTALL.txt
+%%DATADIR%%/LICENSE.txt
+%%DATADIR%%/TODO.txt
+%%DATADIR%%/data/backupfilelist.xml
+%%DATADIR%%/data/ext_types.xml
+%%DATADIR%%/data/filerotlist.xml
+%%DATADIR%%/data/invalihtmlext.xml
+%%DATADIR%%/data/sensible_words.xml
+%%DATADIR%%/data/sqlinjectlist.xml
+%%DATADIR%%/doc/en/FAQ.html
+%%DATADIR%%/doc/en/configfile.html
+%%DATADIR%%/doc/en/features.html
+%%DATADIR%%/doc/en/img/Thumbs.db
+%%DATADIR%%/doc/en/img/body.jpg
+%%DATADIR%%/doc/en/img/browser_setup.JPG
+%%DATADIR%%/doc/en/img/browser_uri.JPG
+%%DATADIR%%/doc/en/img/cache_mode.jpg
+%%DATADIR%%/doc/en/img/cleaner.jpg
+%%DATADIR%%/doc/en/img/data_miner_1.jpg
+%%DATADIR%%/doc/en/img/data_miner_2.jpg
+%%DATADIR%%/doc/en/img/domain_mng.JPG
+%%DATADIR%%/doc/en/img/domain_mng_1.jpg
+%%DATADIR%%/doc/en/img/edit_send.jpg
+%%DATADIR%%/doc/en/img/high.png
+%%DATADIR%%/doc/en/img/history.jpg
+%%DATADIR%%/doc/en/img/http_editor.jpg
+%%DATADIR%%/doc/en/img/http_editor_1.jpg
+%%DATADIR%%/doc/en/img/http_editor_2.jpg
+%%DATADIR%%/doc/en/img/icon_activex.png
+%%DATADIR%%/doc/en/img/icon_authform.png
+%%DATADIR%%/doc/en/img/icon_comment.png
+%%DATADIR%%/doc/en/img/icon_cookie.png
+%%DATADIR%%/doc/en/img/icon_email.png
+%%DATADIR%%/doc/en/img/icon_form.png
+%%DATADIR%%/doc/en/img/icon_hidden.png
+%%DATADIR%%/doc/en/img/icon_postauth.png
+%%DATADIR%%/doc/en/img/icon_querystr.png
+%%DATADIR%%/doc/en/img/icon_script.png
+%%DATADIR%%/doc/en/img/icon_session_id.gif
+%%DATADIR%%/doc/en/img/icon_target.png
+%%DATADIR%%/doc/en/img/info.png
+%%DATADIR%%/doc/en/img/info_1.jpg
+%%DATADIR%%/doc/en/img/info_2.jpg
+%%DATADIR%%/doc/en/img/info_3.jpg
+%%DATADIR%%/doc/en/img/lock_icon.png
+%%DATADIR%%/doc/en/img/low.png
+%%DATADIR%%/doc/en/img/med.png
+%%DATADIR%%/doc/en/img/notes.jpg
+%%DATADIR%%/doc/en/img/panther.gif
+%%DATADIR%%/doc/en/img/ppa_summary.jpg
+%%DATADIR%%/doc/en/img/project_mng.jpg
+%%DATADIR%%/doc/en/img/project_mode.jpg
+%%DATADIR%%/doc/en/img/safe.png
+%%DATADIR%%/doc/en/img/session_trace.jpg
+%%DATADIR%%/doc/en/img/snitch_1.jpg
+%%DATADIR%%/doc/en/img/snitch_2.jpg
+%%DATADIR%%/doc/en/img/stats.jpg
+%%DATADIR%%/doc/en/img/url.png
+%%DATADIR%%/doc/en/img/utils.jpg
+%%DATADIR%%/doc/en/img/utils_1.jpg
+%%DATADIR%%/doc/en/img/warp_menu.jpg
+%%DATADIR%%/doc/en/index.html
+%%DATADIR%%/doc/en/install.html
+%%DATADIR%%/doc/en/modes.html
+%%DATADIR%%/doc/en/overview.html
+%%DATADIR%%/doc/en/ppa.html
+%%DATADIR%%/doc/en/quick.html
+%%DATADIR%%/doc/en/tipscheats.html
+%%DATADIR%%/doc/en/ui_cleaner.html
+%%DATADIR%%/doc/en/ui_close_project.html
+%%DATADIR%%/doc/en/ui_config.html
+%%DATADIR%%/doc/en/ui_data_miner.html
+%%DATADIR%%/doc/en/ui_domain.html
+%%DATADIR%%/doc/en/ui_error_console.html
+%%DATADIR%%/doc/en/ui_history.html
+%%DATADIR%%/doc/en/ui_history_body.html
+%%DATADIR%%/doc/en/ui_history_delete.html
+%%DATADIR%%/doc/en/ui_history_edit_send.html
+%%DATADIR%%/doc/en/ui_history_info.html
+%%DATADIR%%/doc/en/ui_history_notes.html
+%%DATADIR%%/doc/en/ui_http_editor.html
+%%DATADIR%%/doc/en/ui_interceptor.html
+%%DATADIR%%/doc/en/ui_ppa.html
+%%DATADIR%%/doc/en/ui_ppa_summary.html
+%%DATADIR%%/doc/en/ui_project.html
+%%DATADIR%%/doc/en/ui_project_notes.html
+%%DATADIR%%/doc/en/ui_replacer.html
+%%DATADIR%%/doc/en/ui_report.html
+%%DATADIR%%/doc/en/ui_session_trace.html
+%%DATADIR%%/doc/en/ui_session_trace_raw.html
+%%DATADIR%%/doc/en/ui_site_tree.html
+%%DATADIR%%/doc/en/ui_snitch.html
+%%DATADIR%%/doc/en/ui_stats.html
+%%DATADIR%%/doc/en/ui_supress.html
+%%DATADIR%%/doc/en/ui_utils.html
+%%DATADIR%%/doc/en/vri.html
+%%DATADIR%%/doc/en/warp_menu.html
+%%DATADIR%%/doc/pantera_sql_create_script.txt
+%%DATADIR%%/doc/pantera_sql_delete_script.txt
+%%DATADIR%%/doc/scripts_example/ppa/plugin_template.py
+%%DATADIR%%/dtree.css
+%%DATADIR%%/dtree.js
+%%DATADIR%%/help/en/index.html
+%%DATADIR%%/help/es/index.html
+%%DATADIR%%/img/Thumbs.db
+%%DATADIR%%/img/asc_order.png
+%%DATADIR%%/img/back_button.gif
+%%DATADIR%%/img/base.gif
+%%DATADIR%%/img/cd.gif
+%%DATADIR%%/img/delete_button.gif
+%%DATADIR%%/img/desc_order.png
+%%DATADIR%%/img/discussionitem_icon.png
+%%DATADIR%%/img/down-red.gif
+%%DATADIR%%/img/ed_category.png
+%%DATADIR%%/img/ed_help.png
+%%DATADIR%%/img/ed_hr.png
+%%DATADIR%%/img/ed_link.png
+%%DATADIR%%/img/ed_pagelink.png
+%%DATADIR%%/img/ed_pages.png
+%%DATADIR%%/img/ed_plugins.png
+%%DATADIR%%/img/ed_preview.png
+%%DATADIR%%/img/ed_redo.png
+%%DATADIR%%/img/ed_save.png
+%%DATADIR%%/img/ed_undo.png
+%%DATADIR%%/img/edit_send_button.gif
+%%DATADIR%%/img/empty.gif
+%%DATADIR%%/img/empty_button.gif
+%%DATADIR%%/img/file_icon.png
+%%DATADIR%%/img/folder.gif
+%%DATADIR%%/img/folderopen.gif
+%%DATADIR%%/img/ftp.png
+%%DATADIR%%/img/globe.gif
+%%DATADIR%%/img/high.png
+%%DATADIR%%/img/http.png
+%%DATADIR%%/img/https.png
+%%DATADIR%%/img/icon_activex.png
+%%DATADIR%%/img/icon_apache.png
+%%DATADIR%%/img/icon_auth.gif
+%%DATADIR%%/img/icon_authform.png
+%%DATADIR%%/img/icon_check.png
+%%DATADIR%%/img/icon_check_highlighted.png
+%%DATADIR%%/img/icon_comment.png
+%%DATADIR%%/img/icon_comment_highlighted.png
+%%DATADIR%%/img/icon_cookie.png
+%%DATADIR%%/img/icon_dir.gif
+%%DATADIR%%/img/icon_email.png
+%%DATADIR%%/img/icon_email_highlighted.png
+%%DATADIR%%/img/icon_form.png
+%%DATADIR%%/img/icon_hidden.png
+%%DATADIR%%/img/icon_iis.png
+%%DATADIR%%/img/icon_postauth.png
+%%DATADIR%%/img/icon_querystr.png
+%%DATADIR%%/img/icon_script.png
+%%DATADIR%%/img/icon_script_highlighted.png
+%%DATADIR%%/img/icon_session_id.gif
+%%DATADIR%%/img/icon_target.png
+%%DATADIR%%/img/imgfolder.gif
+%%DATADIR%%/img/info.png
+%%DATADIR%%/img/info_button.gif
+%%DATADIR%%/img/join.gif
+%%DATADIR%%/img/joinbottom.gif
+%%DATADIR%%/img/line.gif
+%%DATADIR%%/img/lock_icon.png
+%%DATADIR%%/img/low.png
+%%DATADIR%%/img/med.png
+%%DATADIR%%/img/minus.gif
+%%DATADIR%%/img/minusbottom.gif
+%%DATADIR%%/img/musicfolder.gif
+%%DATADIR%%/img/no_body_button.gif
+%%DATADIR%%/img/nolines_minus.gif
+%%DATADIR%%/img/nolines_plus.gif
+%%DATADIR%%/img/notes_button.gif
+%%DATADIR%%/img/ok_button.gif
+%%DATADIR%%/img/page.gif
+%%DATADIR%%/img/page_body_button.gif
+%%DATADIR%%/img/panther.gif
+%%DATADIR%%/img/plus.gif
+%%DATADIR%%/img/plusbottom.gif
+%%DATADIR%%/img/question.gif
+%%DATADIR%%/img/safe.png
+%%DATADIR%%/img/snitch_button.gif
+%%DATADIR%%/img/spider.gif
+%%DATADIR%%/img/trash.gif
+%%DATADIR%%/img/up-red.gif
+%%DATADIR%%/img/url.png
+%%DATADIR%%/js_menu_1.js
+%%DATADIR%%/ntlm/U32.py
+%%DATADIR%%/ntlm/U32.pyc
+%%DATADIR%%/ntlm/basic_auth.py
+%%DATADIR%%/ntlm/config.py
+%%DATADIR%%/ntlm/config_affairs.py
+%%DATADIR%%/ntlm/des.py
+%%DATADIR%%/ntlm/des.pyc
+%%DATADIR%%/ntlm/des.py~
+%%DATADIR%%/ntlm/des_c.py
+%%DATADIR%%/ntlm/des_c.pyc
+%%DATADIR%%/ntlm/des_data.py
+%%DATADIR%%/ntlm/des_data.pyc
+%%DATADIR%%/ntlm/http_header.py
+%%DATADIR%%/ntlm/logger.py
+%%DATADIR%%/ntlm/md4.py
+%%DATADIR%%/ntlm/md4.pyc
+%%DATADIR%%/ntlm/ntlm_auth.py
+%%DATADIR%%/ntlm/ntlm_messages.py
+%%DATADIR%%/ntlm/ntlm_messages.pyc
+%%DATADIR%%/ntlm/ntlm_messages.py~
+%%DATADIR%%/ntlm/ntlm_procs.py
+%%DATADIR%%/ntlm/ntlm_procs.pyc
+%%DATADIR%%/ntlm/ntlm_procs.py~
+%%DATADIR%%/ntlm/ntlmutils.py
+%%DATADIR%%/ntlm/ntlmutils.pyc
+%%DATADIR%%/ntlm/proxy_client.py
+%%DATADIR%%/ntlm/server.py
+%%DATADIR%%/ntlm/www_client.py
+%%DATADIR%%/pantera.css
+%%DATADIR%%/pantera.py
+%%DATADIR%%/panteraAnalyzer.py
+%%DATADIR%%/panteraDB.py
+%%DATADIR%%/panteraFile.py
+%%DATADIR%%/panteraHTML.py
+%%DATADIR%%/panteraLib.py
+%%DATADIR%%/panteraPlugins.py
+%%DATADIR%%/panteraSnitch.py
+%%DATADIR%%/panteraUI.py
+%%DATADIR%%/panteracfg.xml
+%%DATADIR%%/panterautils.py
+%%DATADIR%%/pdoc/Thumbs.db
+%%DATADIR%%/pdoc/rfc2109.htm
+%%DATADIR%%/plugins/example.py
+%%DATADIR%%/plugins/misc.txt
+%%DATADIR%%/ppa_plugins/check_for_auth.py
+%%DATADIR%%/ppa_plugins/check_for_autocomplete.py
+%%DATADIR%%/ppa_plugins/check_for_comments.py
+%%DATADIR%%/ppa_plugins/check_for_cookies.py
+%%DATADIR%%/ppa_plugins/check_for_fileupload.py
+%%DATADIR%%/ppa_plugins/check_for_forms.py
+%%DATADIR%%/ppa_plugins/check_for_hiddens.py
+%%DATADIR%%/ppa_plugins/check_for_ipheader.py
+%%DATADIR%%/ppa_plugins/check_for_links.py
+%%DATADIR%%/ppa_plugins/check_for_mails.py
+%%DATADIR%%/ppa_plugins/check_for_object.py
+%%DATADIR%%/ppa_plugins/check_for_param_hunter.py
+%%DATADIR%%/ppa_plugins/check_for_parameters.py
+%%DATADIR%%/ppa_plugins/check_for_permamentcookie.py
+%%DATADIR%%/ppa_plugins/check_for_scripts.py
+%%DATADIR%%/ppa_plugins/check_for_securecookie.py
+%%DATADIR%%/ppa_plugins/check_for_server.py
+%%DATADIR%%/ppa_plugins/check_for_session_id.py
+%%DATADIR%%/ppa_plugins/check_for_ssl.py
+%%DATADIR%%/public_scripts.js
+%%DATADIR%%/requestandresponse.py
+%%DATADIR%%/runme.ba_
+%%DATADIR%%/server.cert
+%%DATADIR%%/server.pkey
+@dirrm %%DATADIR%%/PanteraData/http_editor_profiles
+@dirrm %%DATADIR%%/PanteraData
+@dirrm %%DATADIR%%/data
+@dirrm %%DATADIR%%/doc/en/img
+@dirrm %%DATADIR%%/doc/en
+@dirrm %%DATADIR%%/doc/es
+@dirrm %%DATADIR%%/doc/scripts_example/ppa
+@dirrm %%DATADIR%%/doc/scripts_example
+@dirrm %%DATADIR%%/doc
+@dirrm %%DATADIR%%/help/en
+@dirrm %%DATADIR%%/help/es
+@dirrm %%DATADIR%%/help
+@dirrm %%DATADIR%%/img
+@dirrm %%DATADIR%%/ntlm
+@dirrm %%DATADIR%%/pdoc
+@dirrm %%DATADIR%%/plugins
+@dirrm %%DATADIR%%/ppa_plugins
+@dirrm %%DATADIR%%

security/pantera/scripts/pantera-install.sh

@@ -0,0 +1,101 @@
+#!/bin/sh
+#
+# Pantera first time installation script.
+#
+# License (For this script only, not for Pantera): BSD.
+#
+# Bug reports & feature requests > onatan@gmail.com
+#
+# This script assumes the following:
+# MySQL client and server are installed and useable.
+# There is no Database named "pantera" (default name).
+# User will take care of hardening database permissions after the installation
+#     is finished.
+#
+
+# Feel free to change these, if you know what you're doing
+DBNAME="pantera"
+DBHOST="localhost"
+DBUSER="root"
+DBPASS=""
+
+
+echo "==> Checking that MySQL server is available:"
+
+if [ -n "${DBPASS}" ]; then
+	PING=`mysqladmin -h ${DBHOST} -u ${DBUSER} -p=${DBPASS} ping`
+else
+	PING=`mysqladmin -h ${DBHOST} -u ${DBUSER} ping`
+fi
+
+if [ "mysqld is alive" != "${PING}" ]; then
+	echo "Cannot connect to MySQL with user 'root' and no password."
+	echo "Edit ${0} for different user and password."
+	exit 1
+fi
+
+
+echo "==> Creating database schema named ${DBNAME}:"
+if [ -n "${DBPASS}" ]; then
+	mysqladmin -h ${DBHOST} -u ${DBUSER} -p=${DBPASS} create ${DBNAME}
+	CRTDB=$?
+else
+	mysqladmin -h ${DBHOST} -u ${DBUSER} create ${DBNAME}
+	CRTDB=$?
+fi
+
+if [ "0" -ne "${CRTDB}" ]; then
+	echo "Cannot create schema. Maybe it is already there."
+	echo "If you want to drop it, use:"
+	echo "mysqladmin drop ${DBNAME}"
+	echo "with the proper user-name and password."
+	exit 1
+fi
+
+
+echo "==> Identifying Schema file:"
+
+# Hack to get DATADIR:
+TMP1=`which pantera.sh`
+TMP2=`grep "^cd /" ${TMP1}`
+TMP3=`echo "${TMP2}" | sed "s/^cd //" `
+
+DATADIR=$TMP3
+SCHEMA_FILE=${DATADIR}/doc/pantera_sql_create_script.txt
+if [ ! -r ${SCHEMA_FILE} ]; then
+	echo "Cannot identify schema file."
+	echo "I guessed it would be at:"
+	echo "${SCHEMA_FILE}"
+	echo "but it was not there, or not readable."
+	echo "If you know where it is, set SCHEMA_FILE variable manually."
+	exit 1
+fi
+
+
+echo "==> Installing schema:"
+
+if [ -n "${DBPASS}" ]; then
+	mysql -h ${DBHOST} -u ${DBUSER} -p=${DBPASS} ${DBNAME} < ${SCHEMA_FILE}
+	INSTSCHM=$?
+else
+	mysql -h ${DBHOST} -u ${DBUSER} ${DBNAME} < ${SCHEMA_FILE}
+	INSTSCHM=$?
+fi
+
+if [ "0" -ne "${INSTSCHM}" ]; then
+	echo "Cannot install schema."
+	echo "Very weird - we should have failed earlier."
+	exit 1
+fi
+
+
+echo "==> All Done!"
+echo "If you made any changes to the user-name and password,"
+echo "or plan to make these changes, update the panteracfg.xml file,"
+echo "in ${DATADIR} ."
+echo "It would also be a good idea to create a database-user for pantera,"
+echo "GRANT this users rights on the \"${DBNAME}\" database schema,"
+echo "and set a password for this user. See MySQL Documentation at"
+echo "http://www.mysql.org/doc/ for more details."
+echo "To use Pantera, run \"pantera.sh\", and set the IP address of"
+echo "this machine, and port 8080, to your browsers proxy."