Follow these simple instructions to get w3af Web App Scanner installed on Mac OSX 10.9.4 with MacPorts.
To get w3af to run in GUI mode on Mac OS X is not as easy as running the following as the w3af docs suggest:
git clone --depth 1 https://github.com/andresriancho/w3af.git
cd w3af
./w3af_gui
The following blog post gives a great overview of getting this up and running but I had some mods to make to get it to work on OS X 10.9.4. The entire process is documented below.
This guide assumes you know how to install XCode and MacPorts. Once you have XCode installed, you will also need to install the “command line” tools. XCode 5.1 changed the way to go about doing this. Use this line to install the XCode command line tools
xcode-select --install
sudo port selfupdate
sudo port upgrade outdated
git clone https://github.com/andresriancho/w3af.git w3af/
W3AF requires a a few Python extensions to be installed. I found that I was never able to install them all at once. Breaking them out (as show below) worked for me, however, if you are having issues installing a particular MacPort, try installing it separately.
sudo port install py27-pip py27-libdnet git automake python27 gcc48 py27-setuptools autoconf py27-pcapy py27-pip
Copy /opt/local/etc/rsyncd.conf.example to rsyncd.conf as per the suggestion:
sudo cp /opt/local/etc/rsyncd.conf.example to /opt/local/etc/rsyncd.conf
Once successful, run the following to install some additional dependencies.
sudo pip-2.7 install clamd==1.0.1 PyGithub==1.21.0 GitPython==0.3.2.RC1 esmre==0.3.1 nltk==2.0.4 chardet==2.1.1 pdfminer==20110515 futures==2.1.5 pyOpenSSL==0.13.1 scapy-real==2.2.0-dev guess-language==0.2 cluster==1.1.1b3 msgpack-python==0.2.4 python-ntlm==1.0.1 halberd==0.2.4
One last item which we have to download and install manually:
sudo pip-2.7 install --ignore-installed git+https://github.com/andresriancho/phply.git#egg=phply
For Mac OSX users, it is very common to have multiple Python installations. Running this command will ensure that the correct interpreter is used.
sudo port select python python27
I found that the order which these are installed greatly effect your odds of success. Make sure you are installing them in the right order.
sudo port install py27-pygtk py27-pygtksourceview graphviz
Then:
sudo pip-2.7 install lxml==2.3.2 xdot==0.6
We’re Done (we hope)…
You should have everything you need to successfully run W3AF. To launch the application. Run the following command to verify if it loads the GUI:
sudo ./w3af_gui
If you are like me you might end up getting an error around the display environment not being set when trying to run w3af_gui.
The DISPLAY environment variable is not set! You can not use any graphical program without it
The solution is to install XQuartz over here as this is preferred to X11 because it is no longer maintained in OS X Mavericks while XQuartz is.
Once you log out and back in run the following from Terminal: echo $DISPLAY
You should see something similar to: /tmp/launch-wVs55K/org.macosforge.xquartz:0
This demonstrates that XQuarts is now set as your display for X11 and you can successfully run the application with the following command.
sudo /your/path/to/w3af_gui