Docker image

Dockerfile

@@ -0,0 +1,31 @@
+FROM tomcat:7.0.63-jre8
+
+# Download WAVSEP
+WORKDIR /tmp/
+
+RUN wget https://github.com/sectooladdict/wavsep/archive/wavsep-v1.5-war.zip
+
+RUN unzip wavsep-v1.5-war.zip
+RUN rm wavsep-v1.5-war.zip
+RUN mv wavsep-wavsep-v1.5-war wavsep
+
+# http://stackoverflow.com/questions/1858463/java-error-only-a-type-can-be-imported-xyz-resolves-to-a-package
+RUN cp -rf wavsep/build/classes/ wavsep/WebContent/WEB-INF/classes/
+
+# The war contains garbage
+RUN rm -rf wavsep/WebContent/WEB-INF.*
+RUN rm -rf "wavsep/WebContent/WEB-INF - Copy"
+RUN rm -rf "wavsep/WebContent/Copy of WEB-INF"
+RUN rm -rf "wavsep/WebContent/WEB-INF (copy)"
+
+# Copy WAVSEP to Tomcat's directory
+WORKDIR /usr/local/tomcat/webapps/
+RUN cp -rf /tmp/wavsep/WebContent/ wavsep
+
+# We need these tools to configure WAVSEP
+RUN apt-get update
+RUN apt-get install -y curl netcat mysql-client
+
+# Configure MySQL and run Tomcat
+ADD docker/run.sh /usr/local/tomcat/bin/wavsep.sh
+CMD ["/usr/local/tomcat/bin/wavsep.sh"]

README-docker.md

@@ -0,0 +1 @@
+http://127.0.0.1:8080/wavsep/

README.md

@@ -1,36 +1,49 @@
-<article>
+# WAVSEP
+The Web Application Vulnerability Scanner Evaluation Project
 
-<h1>WAVSEP</h1>
-<h2>The Web Application Vulnerability Scanner Evaluation Project</h2>
-<h3>Alternate Source Code Repository</h3>	
+## Introduction
+WAVSEP is vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners.
 
-<p>
-WAVSEP is  vulnerable web application designed to help assessing the features, quality and accuracy of web application vulnerability scanners.<br>
-This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners.<br>
-</p>
+This evaluation platform contains a collection of unique vulnerable web pages that can be used to test the various properties of web application scanners.
 
-<a href="https://code.google.com/p/wavsep/">WAVSEP Home Page</a> &nbsp;&nbsp; <a href="https://sourceforge.net/projects/wavsep/">WAVSEP Builds</a><br><br>
+## Usage
 
-<p>
-<H3>Previous benchmarks performed using the platform:</H3>
-<A href='http://www.sectoolmarket.com' ><B>SecToolMarket - A Dynamic Security Benchmark Presentation Platform</B></A><BR>
-<A href='http://sectooladdict.blogspot.com/2014/02/wavsep-web-application-scanner.html'><B>The 2013/2014 comparison of 12 crucial aspects of 63 commercial, SAAS and open source scanners</B></A><BR>
-<A href='http://sectooladdict.blogspot.com/2012/07/2012-web-application-scanner-benchmark.html'><B>The 2012 comparison of 10 crucial aspects of 60 commercial & open source scanners</B></A><BR>
-<A href='http://sectooladdict.blogspot.com/2011/08/commercial-web-application-scanner.html'><B>The 2011 comparison of 60 commercial & open source scanners</B></A><BR>
-<A href='http://sectooladdict.blogspot.com/2010/12/web-application-scanner-benchmark.html'><B>The 2010 comparison of 42 open source scanners</B></A><BR>
-</p>
+`WAVSEP` provides a Docker image and `docker-compose` configuration which allows everyone to run WAVSEP with one command:
 
-<p>
-<h2>Copyright</h2>
-</p>
-<p>WAVSEP - The Web Application Vulnerability Scanner Evaluation Project.</p>
+```bash
+docker-compose up
+```
 
-<p>Copyright (C) 2014, Shay Chen.</p>
+After a couple of seconds the database will be setup and WAVSEP will be running at [http://127.0.0.1:8098/wavsep/](http://127.0.0.1:8098/wavsep/)
 
-<p>This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version.</p>
+## References
+ * [WAVSEP Home Page](https://code.google.com/p/wavsep/)
+ * [WAVSEP Builds](https://sourceforge.net/projects/wavsep/)
 
-<p>This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.</p>
+## Benchmarks performed using WAVSEP
+ * [SecToolMarket - A Dynamic Security Benchmark Presentation Platform](http://www.sectoolmarket.com)
+ * [The 2013/2014 comparison of 12 crucial aspects of 63 commercial, SaaS and open source scanners](http://sectooladdict.blogspot.com/2014/02/wavsep-web-application-scanner.html)
+ * [The 2012 comparison of 10 crucial aspects of 60 commercial & open source scanners](http://sectooladdict.blogspot.com/2012/07/2012-web-application-scanner-benchmark.html)
+ * [The 2011 comparison of 60 commercial & open source scanners](http://sectooladdict.blogspot.com/2011/08/commercial-web-application-scanner.html)
+ * [The 2010 comparison of 42 open source scanners](http://sectooladdict.blogspot.com/2010/12/web-application-scanner-benchmark.html)
 
-<p>You should have received a copy of the GNU General Public License along with this program.  If not, see <a href="http://www.gnu.org/licenses/">http://www.gnu.org/licenses</a>.</p>
 
-</article>
+## Copyright
+
+```text
+WAVSEP - The Web Application Vulnerability Scanner Evaluation Project.
+
+Copyright (C) 2014, Shay Chen.
+
+This program is free software: you can redistribute it and/or modify it
+under the terms of the GNU General Public License as published by the
+Free Software Foundation, either version 3 of the License, or (at your option)
+any later version.
+
+This program is distributed in the hope that it will be useful, but WITHOUT
+ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more details.
+
+You should have received a copy of the GNU General Public License along with
+this program. If not, see http://www.gnu.org/licenses/
+```

docker-compose.yml

@@ -0,0 +1,11 @@
+wavsep:
+  image: andresriancho/wavsep:latest
+  ports:
+    - "8098:8080"
+  links:
+    - wavsepdb
+
+wavsepdb:
+  image: mysql
+  environment:
+    - MYSQL_ROOT_PASSWORD=wavsep

docker/run.sh

@@ -0,0 +1,59 @@
+#!/usr/bin/env bash
+
+set -e
+
+# Wait for database to get available
+MYSQL_LOOPS="20"
+MYSQL_HOST="wavsepdb"
+MYSQL_PORT="3306"
+
+# Wait for mysql
+i=0
+while ! nc ${MYSQL_HOST} ${MYSQL_PORT} >/dev/null 2>&1 < /dev/null; do
+  i=`expr ${i} + 1`
+  if [ ${i} -ge ${MYSQL_LOOPS} ]; then
+    echo "$(date) - ${MYSQL_HOST}:${MYSQL_PORT} still not reachable, giving up"
+    exit 1
+  fi
+  echo "$(date) - waiting for ${MYSQL_HOST}:${MYSQL_PORT}..."
+  sleep 1
+done
+
+echo
+echo "Start the daemon to process the configuration requests"
+/usr/local/tomcat/bin/catalina.sh run &
+
+WAVSEP_LOOPS="20"
+WAVSEP_HOST="127.0.0.1"
+WAVSEP_PORT="8080"
+
+# Wait for WAVSEP
+i=0
+while ! nc ${WAVSEP_HOST} ${WAVSEP_PORT} >/dev/null 2>&1 < /dev/null; do
+  i=`expr ${i} + 1`
+  if [ ${i} -ge ${WAVSEP_LOOPS} ]; then
+    echo "$(date) - ${WAVSEP_HOST}:${WAVSEP_PORT} still not reachable, giving up"
+    exit 1
+  fi
+  echo "$(date) - waiting for ${WAVSEP_HOST}:${WAVSEP_PORT}..."
+  sleep 1
+done
+
+echo
+echo "Configure the WAVSEP database settings"
+curl --data "username=root&password=wavsep&host=wavsepdb&port=3306&wavsep_username=wavsep&wavsep_password=wavsepPass782" http://localhost:8080/wavsep/wavsep-install/install.jsp
+
+echo
+echo "Re-creating WAVSEP db user"
+echo "drop user 'wavsep'@'wavsepdb';" > grant.sql
+echo "GRANT ALL PRIVILEGES ON *.* TO 'wavsep'@'%' IDENTIFIED BY 'wavsepPass782';" >> grant.sql
+echo "FLUSH PRIVILEGES;" >> grant.sql
+mysql -u root -h ${MYSQL_HOST} -pwavsep < grant.sql
+
+echo
+echo "Killing configuration daemon"
+pkill -f java
+
+echo
+echo "Start the daemon"
+/usr/local/tomcat/bin/catalina.sh run