Skipfish – No such file or directory.
I wanted to play about with Google's Skipfish to see if it could automate any of my security scans and grabbed the source code from the code library.
When I tried to make the file whilst running Ubuntu 9.10 I was presented with the following error:
cc -L/usr/local/lib/ -L/opt/local/lib skipfish.c -o skipfish -O3 -Wno-format -Wall -funsigned-char -g -ggdb -I/usr/local/include/ -I/opt/local/include/ -D_FORTIFY_SOURCE=0 \
http_client.c database.c crawler.c analysis.c report.c -lcrypto -lssl -lidn -lz
In file included from crawler.h:26,
from skipfish.c:39:
http_client.h:26:25: error: openssl/ssl.h: No such file or directory
In file included from crawler.h:26,
from skipfish.c:39:
http_client.h:189: error: expected specifier-qualifier-list before ‘SSL_CTX’
skipfish.c: In function ‘main’:
skipfish.c:154: warning: implicit declaration of function ‘SSL_library_init’
http_client.c:37:25: error: openssl/ssl.h: No such file or directory
http_client.c:38:25: error: openssl/err.h: No such file or directory
http_client.c:39:18: error: idna.h: No such file or directory
http_client.c:40:18: error: zlib.h: No such file or directory
In file included from database.h:29,
from http_client.c:45:
http_client.h:189: error: expected specifier-qualifier-list before ‘SSL_CTX’
http_client.c: In function ‘parse_url’:
http_client.c:285: warning: implicit declaration of function ‘idna_to_ascii_8z’
http_client.c:285: error: ‘IDNA_SUCCESS’ undeclared (first use in this function)
http_client.c:285: error: (Each undeclared identifier is reported only once
http_client.c:285: error: for each function it appears in.)
http_client.c: In function ‘parse_response’:
http_client.c:1516: error: ‘z_stream’ undeclared (first use in this function)
http_client.c:1516: error: expected ‘;’ before ‘d’
http_client.c:1521: error: ‘d’ undeclared (first use in this function)
http_client.c:1531: warning: implicit declaration of function ‘inflateInit2’
http_client.c:1531: error: ‘Z_OK’ undeclared (first use in this function)
http_client.c:1532: warning: implicit declaration of function ‘inflateEnd’
http_client.c:1537: warning: implicit declaration of function ‘inflate’
http_client.c:1537: error: ‘Z_FINISH’ undeclared (first use in this function)
http_client.c:1540: error: ‘Z_BUF_ERROR’ undeclared (first use in this function)
http_client.c:1540: error: ‘Z_STREAM_END’ undeclared (first use in this function)
http_client.c: In function ‘destroy_unlink_conn’:
http_client.c:1636: error: ‘struct conn_entry’ has no member named ‘q’
.
.
. SNIP SNIP!
.
http_client.c:2188: error: ‘struct conn_entry’ has no member named ‘next’
http_client.c:2192: error: ‘struct conn_entry’ has no member named ‘q’
In file included from database.c:33:
http_client.h:26:25: error: openssl/ssl.h: No such file or directory
In file included from database.c:33:
http_client.h:189: error: expected specifier-qualifier-list before ‘SSL_CTX’
In file included from crawler.c:30:
http_client.h:26:25: error: openssl/ssl.h: No such file or directory
In file included from crawler.c:30:
http_client.h:189: error: expected specifier-qualifier-list before ‘SSL_CTX’
In file included from analysis.c:28:
http_client.h:26:25: error: openssl/ssl.h: No such file or directory
In file included from analysis.c:28:
http_client.h:189: error: expected specifier-qualifier-list before ‘SSL_CTX’
analysis.c: In function ‘maybe_xsrf’:
analysis.c:397: warning: implicit declaration of function ‘time’
In file included from report.c:33:
http_client.h:26:25: error: openssl/ssl.h: No such file or directory
In file included from report.c:33:
http_client.h:189: error: expected specifier-qualifier-list before ‘SSL_CTX’
make: *** [skipfish] Error 1
Some digging about made me realise this is a fairly common problem even if your machine has a fairly good set of dependencies downloaded.
If you run the following command it should act as a catchall and set you up to be able to play with this tool.
sudo apt-get install libssl-dev build-essential zlibc zlib-bin libidn11-dev libidn11
Useful Security Pages
I have been doing some trawling for security checklists and other web app related security documents and I have come across some web pages that I have found fairly useful. I will add to this list as and when I find more;
Apache
PHP
- Securing PHP
- Why $_REQUEST is dangerous
- 7 PHP security blunders
- Web App security checklist
- Hardening PHP
MySQL
My Security Adventure Begins
I am starting to get into this security game and I figured I would blog about different things I have done to help tighten up security in all aspects of web app deployment.
As the title of this post suggests, I am only beginning my journey and am pretty much assuming no prior knowledge and I am taking nothing for granted, with that in mind I figured the first thing I should be doing is getting me an education in web app security. Obviously this is a huge sphere with many caveats and it would be impossible for me to become a security ninja in all aspects but I hope to be able to know my way around most of the major security concerns we face as an industry.
Like any self-respecting nerd the first thing I did was google 'website security' from then on I started refining my search, following links, reading articles and setting myself up with a bit of a knowledge base, I thought I would share with you some really useful sites and stuff I have found.
App Sec Street Fighter
Tao Security
Mozilla.com
Ha.ckers
McKeay
The most useful site I have found though has to be OWASP it is absolutely jam packed with really excellent information about Web Application Security, I was able to join the mailing list for the Irish chapter (something I have yet to really start looking into but plan to get involved really soon). They also have an excellent Podcast, well worth checking out.
If you are reading this and feel like helping me on my security adventures by recommending links or whatever please get in touch in the comments.
Hello
Subscribe via RSS
New Posts
- PHP – Quick Is Not Set Replace
- Internet Explorer Cannot Open The Internet Site – Operation Aborted
- Allowing your own From header with sSMTP
- What you actually do when you untar something.
- Find out which version of Ubuntu I am on.
- Help with your Social Media Strategy
- Useful Git Links
- Using Open Source – Some Legal Considerations
- A post from my iPad
- Robin Christopherson – Accessibility in Web Design
Old Posts
- September 2010 (1)
- August 2010 (5)
- June 2010 (2)
- May 2010 (12)
- April 2010 (8)
- March 2010 (1)
- February 2010 (1)
- December 2009 (1)
- November 2009 (5)
- October 2009 (2)
- September 2009 (21)
- August 2009 (15)
- July 2009 (11)
- June 2009 (2)
Categories
- Design (18)
- Development (22)
- Events (2)
- Follow Friday (14)
- Git (2)
- Linux (3)
- Nothing of Consequence (7)
- PHP (5)
- Security (3)
- Silly Sunday (8)
- Tech News (2)
- Web Stuff (16)
- Wordpress (6)
Links
- @tosbourn My Twitter
- Team Solutionz My Work
- TweetMiner Twitter App
Other Links
- Webdesigner Tilman Koester Online Portfolio