blob: a889246771e0ace9aef89bd4df49cfb5e9f1c2be (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
|
--- src/config.h 2012-09-01 07:53:25.000000000 +0200
+++ src/config.h.new 2012-09-05 09:08:37.099387176 +0200
@@ -35,10 +35,10 @@
/* Default paths to runtime files: */
-#define ASSETS_DIR "assets"
+#define ASSETS_DIR "/usr/share/skipfish/assets"
/* Default signature file */
-#define SIG_FILE "signatures/signatures.conf"
+#define SIG_FILE "/usr/share/skipfish/signatures/signatures.conf"
/* Various default settings for HTTP client (cmdline override): */
--- signatures/signatures.conf 2012-09-01 07:53:25.000000000 +0200
+++ signatures/signatures.conf.new 2012-09-05 09:09:10.027968510 +0200
@@ -6,23 +6,23 @@
# The mime signatures warn about server responses that have an interesting
# mime. For example anything that is presented as php-source will likely
# be interesting
-include signatures/mime.sigs
+include /usr/share/skipfish/signatures/mime.sigs
# The files signature will use the content to determine if a response
# is an interesting file. For example, a SVN file.
-include signatures/files.sigs
+include /usr/share/skipfish/signatures/files.sigs
# The messages signatures look for interesting server messages. Most
# are based on errors, such as caused by incorrect SQL queries or PHP
# execution failures.
-include signatures/messages.sigs
+include /usr/share/skipfish/signatures/messages.sigs
# The apps signatures will help to find pages and applications who's
# functionality is a security risk by default. For example, phpinfo()
# pages that leak information or CMS admin interfaces.
-include signatures/apps.sigs
+include /usr/share/skipfish/signatures/apps.sigs
# Context signatures are linked to injection tests. They look for strings
# that are relevant to the current injection test and help to highlight
# potential vulnerabilities.
-include signatures/context.sigs
+include /usr/share/skipfish/signatures/context.sigs
|