OWASP

OWASP Pantera - Web Assessment Studio (WAS) Documentation


How to install Pantera - Web Assessment Studio (WAS)

Linux Installation

Installation Steps

In theory, installing Pantera on Linux is a very simple operation. You just follow these simple steps:

  1. Unzip pantera.zip into /home/myid/Pantera_Distribution and leave the directory structure intact.
  2. Install Python 2.4 (if it's not already installed)
  3. Install MySQL 5.0 (see MySQL install tips, below).
  4. Install MySQL for Python (you only need to do this if you want Pantera's unmatched features available to you!).
  5. Set the MySQL root password.
  6. This step is not necessary if you use the latest version of the MySQL for Python: Modify the MYSQL 5.0 to use "MYSQL old-password style" (http://dev.mysql.com/doc/refman/5.0/en/old-client.html).
  7. Use the MySQL client to create Pantera database:
    mysql> CREATE DATABASE panteradb;
  8. Create a pantera ID and password with full access to the panteradb:
    mysql> GRANT ALL ON panteradb.* TO 'pantera'@'localhost' IDENTIFIED BY 'password';
    mysql> FLUSH PRIVILEGES;
  9. Execute pantera sql script "pantera_sql_create_script.txt" (found in Pantera's doc directory):
    mysql -upantera -ppassword panteradb < pantera_sql_create_script.txt
  10. Install OpenSSL and the Python Interface to the OpenSSL Library
  11. Now run pantera as usual.
  12. Hack away at your site!

MySQL Tips

Thanks to Rick for the Linux install steps:

cd /usr ; /usr/bin/mysqld_safe &
run mysql_install_db

PLEASE REMEMBER TO SET A PASSWORD FOR THE MySQL root USER ! To do so, start the server, then issue the following commands:

/usr/bin/mysqladmin -u root password 'new-password'
/usr/bin/mysqladmin -u root -h changeling password 'new-password'
:passw0rd!

Use the mysql program to connect to the server as the MySQL root user:

shell> mysql --user=root mysql

If you have assigned a password to the root account, you'll also need to supply a --password or -p option for this mysql command and also for those later in this section.

After connecting to the server as root, you can add new accounts. The following statements use GRANT to set up four new accounts:

mysql> GRANT ALL PRIVILEGES ON *.* TO 'monty'@'localhost' -> IDENTIFIED BY 'some_pass' WITH GRANT OPTION;

MySQL has 2 default anonymous accounts. To remove those:

shell> mysql -u root -ppassword mysql
mysql> DELETE FROM mysql.user WHERE User = '';
mysql> FLUSH PRIVILEGES;


About Us | Contact | ©2006 roseslabs.com