w3af安装(处理python2和3，pip2和3混乱的问题)

git clone --depth 1 https://github.com/andresriancho/w3af.git
cd w3af
./w3af_gui

报错

打开w3af_gui看一下

要求必须是python2
但我的/usr/bin/env中的python是python3

我们将/usr/bin/env中的python换成python2

which python2
#/usr/bin/python2

rm /usr/bin/python

sudo ln -s /usr/bin/python2 /usr/bin/python

现在terminal输入python，看到的是python2了

需要安装pip2

pip -V看一波

pip 和 pip3 指向的实际都是python3

curl -o get-pip.py https://bootstrap.pypa.io/pip/2.7/get-pip.py
sudo python2 get-pip.py

现在pip2指向python2了

将pip指向python2

终于进入其他教程讲解的第一步了

. /tmp/w3af_dependency_install.sh

apt-get update一下试试

再执行

. /tmp/w3af_dependency_install.sh

确实在下载依赖了

还是不行

核心问题应该还是这个

This may mean that the package is missing, has been obsoleted, or
is only available from another source

Package python-pip is not available, but is referred to by another package.
This may mean that the package is missing, has been obsoleted, or
is only available from another source
However the following packages replace it:
  python3-pip

E: Package 'python-pip' has no installation candidate
E: Package 'python-setuptools' has no installation candidate
DEPRECATION: Python 2.7 reached the end of its life on January 1st, 2020. Please upgrade your Python as Python 2.7 is no longer maintained. pip 21.0 will drop support for Python 2.7 in January 2021. More details about Python 2 support in pip can be found at https://pip.pypa.io/en/latest/development/release-process/#python-2-support pip 21.0 will remove support for this functionality.                                  
Collecting pyClamd==0.4.0
  Using cached pyClamd-0.4.0.tar.gz (11 kB)

看一下/tmp/w3af_dependency_install.sh文件

尝试了好久

感觉应该是我的环境太乱了，放弃了

这篇博客可能有些许帮助
https://blog.csdn.net/qq_44867435/article/details/97045449

随便找个windows版本的
https://sourceforge.net/projects/w3af/files/w3af/w3af%201.0-stable/w3af_1.0_stable_setup.exe/download

目的：并不是要真的使用w3af去扫描，项目太久没有维护了。因为看到源码中有检测csrf漏洞的部分，想单独扒下来，看看能不能用。用皮卡丘靶场测一下。如果能用的话，再转成golang