CentOS 7安装Cobra
<p>官方文档:http://cobra.feei.cn/installation</p><p>(注:按照文档一步步操作,遇到了一些小问题,记录下安装过程)</p>
<p>系统环境:</p>
<p># cat /etc/redhat-release<br>CentOS Linux release 7.5.1804 (Core)</p>
<p># python -V<br>Python 2.7.5</p>
<p>按官网文档提示,安装CentOS 依赖:</p>
<p># yum install flex bison phantomjs</p>
<p>安装git:</p>
<p># yum -y install git</p>
<p>创建 /data目录,进入,执行 git clone:</p>
<p># git clone https://github.com/WhaleShark-Team/cobra.git && cd cobra</p>
<p>执行 pip install -r requirements.txt:</p>
<p># pip install -r requirements.txt<br>-bash: pip: 未找到命令</p>
<p>好吧,没有预装pip,安装一下:</p>
<p># yum -y install epel-release</p>
<p># yum install python-pip</p>
<p># pip install --upgrade pip</p>
<p>再执行pip install -r requirements.txt:</p>
<p>嗯,系统回显</p>
<p>Successfully installed ConcurrentLogHandler-0.9.1 Flask-1.0 Flask-RESTful-0.3.6 Jinja2-2.10.1 MarkupSafe-1.1.1 Werkzeug-0.15.3 aniso8601-7.0.0 certifi-2019.6.16 chardet-3.0.4 click-7.0 idna-2.7 itsdangerous-1.1.0 phply-1.0.0 pip-9.0.1 ply-3.11 prettytable-0.7.2 py-1.8.0 pytest-3.0.6 pytz-2019.2 rarfile-2.7 requests-2.20.0 six-1.12.0 urllib3-1.24.3</p>
<p>看上去一切正常,然而:</p>
<p># python cobra.py --help<br>Traceback (most recent call last):<br>File "cobra.py", line 18, in <module><br> from cobra import main<br>File "/data/cobra/cobra/__init__.py", line 22, in <module><br> from . import cli, api, config<br>File "/data/cobra/cobra/api.py", line 27, in <module><br> from flask import Flask, request, render_template, Blueprint<br>File "/usr/lib/python2.7/site-packages/flask/__init__.py", line 21, in <module><br> from .app import Flask, Request, Response<br>File "/usr/lib/python2.7/site-packages/flask/app.py", line 23, in <module><br> from werkzeug.routing import BuildError, Map, RequestRedirect, Rule<br>File "/usr/lib/python2.7/site-packages/werkzeug/routing.py", line 948<br> exec(code, globs, locs)<br>SyntaxError: unqualified exec is not allowed in function '_compile_builder' it contains a nested function with free variables</p>
<p>报错了,google了一下报错原因,貌似是python 2版本的一个bug,不好解决。(自己python能力不行,没法细致分析报错部分的代码和修改。)</p>
<p><img src="https://img2018.cnblogs.com/blog/1673290/201909/1673290-20190905135733412-629343751.png"></p>
<p> 看到cobra官方文档说也支持python 3,于是换个思路,计划升级到python3再装一次试试:</p>
<p># wget https://www.python.org/ftp/python/3.7.3/Python-3.7.3.tgz</p>
<p>安装依赖包:</p>
<p># yum install zlib-devel bzip2-devel openssl-devel ncurses-devel sqlite-devel readline-devel tk-devel gcc libffi-devel</p>
<p># tar -zxf Python-3.7.3.tgz <br># cd Python-3.7.3</p>
<p># ./configure --prefix=/usr/local/python3.7</p>
<p># make && make install</p>
<p>python 3安装完之后,替换一下软链接</p>
<p># mv /usr/bin/python /usr/bin/python.bak</p>
<p># ln -s /usr/local/python3.7/bin/python3.7 /usr/bin/python</p>
<p>此时看到,python默认执行已经是3.7.3版本。</p>
<p># python -V<br>Python 3.7.3</p>
<p>(补充:yum需要使用python2,将/usr/bin/python改为python3后,yum就不能正常运行了,因此需要更改一下yum的配置<br>vi /usr/bin/yum<br>vi /usr/libexec/urlgrabber-ext-down<br>编辑这两个文件,将文件头的#!/usr/bin/python改为#!/usr/bin/python2即可。)</p>
<p>好,python3升级完了,再来装一次cobra:</p>
<p># python cobra.py --help<br>Traceback (most recent call last):<br>File "cobra.py", line 18, in <module><br> from cobra import main<br>File "/data/cobra/cobra/__init__.py", line 21, in <module><br> from .log import logger<br>File "/data/cobra/cobra/log.py", line 19, in <module><br> import cloghandler<br>ModuleNotFoundError: No module named 'cloghandler'</p>
<p>还是报错,提示找不到cloghandler这个module.</p>
<p>看上去可能和环境变量设置有关系。</p>
<p>查了一下cloghandler.py这个文件路径:</p>
<p># find * / -name cloghandler.py<br>/usr/lib/python2.7/site-packages/cloghandler.py</p>
<p>修改/etc/profile文件</p>
<p># vi /etc/profile</p>
<p>最后增加两行</p>
<p>export PATH=$PATH:/usr/lib<br>export PATH=$PATH:/usr/local/python3.7/bin</p>
<p>执行resouce /etc/profile命令使环境变量立即生效,使用export命令查看PATH变量,确实已生效。</p>
<p># source /etc/profile<br># export<br>declare -x PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin:/usr/lib:/usr/lib:/usr/local/python3.7/bin"<br>再来一次,还是报同样的错误。 </p>
<p># python cobra.py --help<br>Traceback (most recent call last):<br>File "cobra.py", line 18, in <module><br> from cobra import main<br>File "/data/cobra/cobra/__init__.py", line 21, in <module><br> from .log import logger<br>File "/data/cobra/cobra/log.py", line 19, in <module><br> import cloghandler<br>ModuleNotFoundError: No module named 'cloghandler'</p>
<p>有点小崩溃。</p>
<p>思考了一阵,再仔细看了一下Cobra的官方安装步骤,我再做了一次尝试,在上一步pip install -r requirements.txt命令时,我用python3版本的pip试试。</p>
<p># pip3 install -r requirements.txt</p>
<p>执行成功,又更新了一堆的依赖组件:</p>
<p>Successfully installed ConcurrentLogHandler-0.9.1 Flask-1.0 Flask-RESTful-0.3.6 Jinja2-2.10.1 MarkupSafe-1.1.1 Werkzeug-0.15.3 aniso8601-7.0.0 certifi-2019.6.16 chardet-3.0.4 click-7.0 idna-2.7 itsdangerous-1.1.0 phply-1.0.0 pip-9.0.1 ply-3.11 prettytable-0.7.2 py-1.8.0 pytest-3.0.6 pytz-2019.2 rarfile-2.7 requests-2.20.0 six-1.12.0 urllib3-1.24.3</p>
<p>再次测试启动cobra,终于不报错了。^_^</p>
<p># python cobra.py --help<br>usage: cobra [-h] [-t <target>] [-f <format>] [-o <output>] [-r <rule_id>]<br> [-d] [-sid SID] [-dels] [-rp] [-m] [-H <host>] [-P <port>]</p>
<p>Usage:<br>python cobra.py -t tests/vulnerabilities<br>python cobra.py -t tests/vulnerabilities -r cvi-190001,cvi-190002<br>python cobra.py -t tests/vulnerabilities -f json -o /tmp/report.json <br>python cobra.py -t https://github.com/ethicalhack3r/DVWA -f json -o feei@feei.cn <br>python cobra.py -t https://github.com/ethicalhack3r/DVWA -f json -o http://push.to.com/api <br>python cobra.py -H 127.0.0.1 -P 8888</p>
<p>本来也可以直接用命令行执行cobra,但是还是想看一下web页面</p>
<p># python cobra.py -H 10.9.41.111 -P 80<br> Start 10.9.41.111:80<br> * Serving Flask app "cobra.api" (lazy loading)<br> * Environment: production<br> WARNING: Do not use the development server in a production environment.<br> Use a production WSGI server instead.<br> * Debug mode: off<br> * Running on http://10.9.41.111:80/ (Press CTRL+C to quit)</p>
<p>(注意:如果-H后面参数写127.0.0.1,只能本机打开此页面,没法通过网络访问,如果本地没装图形界面,这个web页面启用和没启用就没差异了。</p>
<p>如果要通过网络访问,-H后面参数,还是得写可以从网络中访问到的IP地址,还得写本地防火墙规则或者直接禁用防火墙)</p>
<p># yum install net-tools</p>
<p><img src="https://img2018.cnblogs.com/blog/1673290/201909/1673290-20190905142717389-1230511437.png"></p>
<p>做完这些,我终于在自己的物理PC上通过浏览器打开了这个cobra虚拟机的web页面,不容易。</p>
<p> <img src="https://img2018.cnblogs.com/blog/1673290/201909/1673290-20190905142835360-1409466823.png"></p>
<p>如果要在web页面提交自己准备的web程序包来执行扫描,需要执行一下初始化配置,否则会提示upload错误。</p>
<p>在cobra.py文件所在目录,有个配置文件模板 config.template</p>
<div class="cnblogs_Highlighter">
<pre class="brush:bash;gutter:true;">cp config.template config</pre>
</div>
<p>最后回顾分析了一下,python2时的错误,我看不懂也解决不了,感觉需要改代码。</p>
<p>python3刚开始的报错,应该还是和python搜索关联lib文件的路径设置有关系,升级完Python3之后,执行pip命令,依赖的库还是装在了python2.7的目录里,当时cloghandler.py文件在/usr/lib/python2.7/site-packages路径下:</p>
<p># find * / -name cloghandler.py<br>/usr/lib/python2.7/site-packages/cloghandler.py</p>
<p>使用pip3来执行官网的安装步骤后,cloghandler.py文件在/usr/local/python3.7/lib/python3.7/路径下:</p>
<p># find * / -name cloghandler.py<br>/usr/local/python3.7/lib/python3.7/site-packages/cloghandler.py</p>
<p>这应该是和python pip库管理器的机制有关,google了一下找到了大神们写的相关文章,文中说到,如果使用python3执行程序,那么就不能import python2.7/site-packages中的库,我遇到的问题应该就是命中了这个。</p>
<div class="ellip">Python3 pip 与pip3 区别 https://blog.csdn.net/stcaaa/article/details/83824031</div><br><br>
来源:https://www.cnblogs.com/xjcn/p/11465850.html
頁:
[1]