0e73994dc49e1ac0bad82d114017d44cbc34f4fd
Hanno Böck initial commit

Hanno Böck authored 17 years ago

1) #!/usr/bin/python -tO
2) 
3) # freewvs 0.1 - the free web vulnerability scanner
4) #
5) # http://source.schokokeks.org/freewvs/
6) #
Hanno Böck License change to cc0

Hanno Böck authored 12 years ago

7) # Written 2007-2012 by schokokeks.org Hosting, http://www.schokokeks.org
Hanno Böck initial commit

Hanno Böck authored 17 years ago

8) #
9) # Contributions by
Hanno Böck License change to cc0

Hanno Böck authored 12 years ago

10) # Hanno Boeck, http://hboeck.de/
11) # Fabian Fingerle, http://www.fabian-fingerle.de/
12) # Bernd Wurst, http://bwurst.org/
Hanno Böck initial commit

Hanno Böck authored 17 years ago

13) #
Hanno Böck License change to cc0

Hanno Böck authored 12 years ago

14) # To the extent possible under law, the author(s) have dedicated all copyright
15) # and related and neighboring rights to this software to the public domain
16) # worldwide. This software is distributed without any warranty.
Hanno Böck initial commit

Hanno Böck authored 17 years ago

17) #
Hanno Böck License change to cc0

Hanno Böck authored 12 years ago

18) # You should have received a copy of the CC0 Public Domain Dedication along
19) # with this software. If not, see 
20) # http://creativecommons.org/publicdomain/zero/1.0/
21) # Nevertheless, in case you use a significant part of this code, we ask (but
22) # not require, see the license) that you keep the authors' names in place and
23) # return your changes to the public. We would be especially happy if you tell
24) # us what you're going to do with this code.
Hanno Böck initial commit

Hanno Böck authored 17 years ago

25) 
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

26) import ConfigParser, os, glob, pprint, re, optparse, sys, gettext
Bernd Wurst Add XML string escaping

Bernd Wurst authored 16 years ago

27) from xml.sax.saxutils import escape
Hanno Böck initial commit

Hanno Böck authored 17 years ago

28) 
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

29) gettext.textdomain('freewvs')
30) _ = gettext.gettext
Hanno Böck initial commit

Hanno Böck authored 17 years ago

31) 
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

32) def versioncompare(safe_version, find_version):
33)     if safe_version == [""]:
34)         return True
35)     for i in range(min(len(find_version), len(safe_version))):
36)         if int(find_version[i])<int(safe_version[i]):
37)             return True
38)         if int(find_version[i])>int(safe_version[i]):
39)             return False
40)     return (len(find_version)<len(safe_version))
Hanno Böck initial commit

Hanno Böck authored 17 years ago

41) 
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

42) def vulnprint(appname, version, safeversion, vuln, vfilename, subdir, style = None):
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

43)     appdir = '/'.join(os.path.abspath(vfilename).split('/')[:-1-subdir])
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

44)     if not style:
Hanno Böck replace print with function...

Hanno Böck authored 14 years ago

45)         print ("%(appname)s %(version)s (%(safeversion)s) %(vuln)s %(appdir)s" \
46)               % vars())
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

47)     elif style=='fancy':
Hanno Böck more print to function conv...

Hanno Böck authored 14 years ago

48)         print (_("Directory: %(appdir)s") % vars())
Hanno Böck indentation fix

Hanno Böck authored 16 years ago

49)         if safeversion!="ok":
Hanno Böck add support for unfixed apps

Hanno Böck authored 16 years ago

50)             if safeversion!="":
Hanno Böck more print to function conv...

Hanno Böck authored 14 years ago

51)                 print (_("Vulnerable %(appname)s %(version)s found, please update to " \
52)                         "%(safeversion)s or above.") % vars())
Hanno Böck add support for unfixed apps

Hanno Böck authored 16 years ago

53)             else:
Hanno Böck more print to function conv...

Hanno Böck authored 14 years ago

54)                 print (_("Vulnerable %(appname)s %(version)s found, no fixed version available." \
55)                         ) % vars())
Hanno Böck some i18n fixes

Hanno Böck authored 16 years ago

56)             if vuln[:3] == "CVE":
Hanno Böck more print to function conv...

Hanno Böck authored 14 years ago

57)                 print (_("http://cve.mitre.org/cgi-bin/cvename.cgi?name=%(vuln)s") \
58)                         % vars())
Hanno Böck some i18n fixes

Hanno Böck authored 16 years ago

59)             else:
60)                 print (vuln)
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

61)         else:
Hanno Böck more print to function conv...

Hanno Böck authored 14 years ago

62)             print (_("%(appname)s %(version)s found." ) % vars())
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

63)         print
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

64)     elif style=='xml':
65)         state = 'vulnerable'
66)         if safeversion == 'ok':
67)             state = 'ok'
Hanno Böck more print to function conv...

Hanno Böck authored 14 years ago

68)         print ('  <app state="%s">' % state)
69)         print ('    <appname>%s</appname>' % escape(appname))
70)         print ('    <version>%s</version>' % escape(version))
71)         print ('    <directory>%s</directory>' % escape(appdir))
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

72)         if state == 'vulnerable':
Hanno Böck more print to function conv...

Hanno Böck authored 14 years ago

73)             print ('    <safeversion>%s</safeversion>' % escape(safeversion))
74)             print ('    <vulninfo>%s</vulninfo>' % escape(vuln))
75)         print ('  </app>')
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

76) 
Hanno Böck initial commit

Hanno Böck authored 17 years ago

77) 
78) pp = pprint.PrettyPrinter(indent=4)
79) 
80) # Command-line options
81) parser = optparse.OptionParser()
82) parser.add_option("-a", "--all", action="store_true", dest="ALL",
83)                   help="Show all webapps found, not just vulnerable")
84) parser.add_option("-d", "--debug", action="store_true", dest="DEBUG",
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

85)                   help="Show lots of debugging output, mainly useful"+ \
86)                   "for development")
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

87) parser.add_option("-f", "--fancy", action="store_const", dest="OUTPUT", const="fancy",
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

88)                   help="Show more fancy output")
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

89) parser.add_option("-x", "--xml", action="store_const", dest="OUTPUT", const="xml",
90)                   help="Output results as XML")
Hanno Böck initial commit

Hanno Böck authored 17 years ago

91) opts, args = parser.parse_args()
92) 
93) # Parse vulnerability database
94) config = ConfigParser.ConfigParser()
95) config.read(glob.glob('/usr/share/freewvs/*.freewvs'))
96) config.read(glob.glob('/usr/local/share/freewvs/*.freewvs'))
97) config.read(glob.glob(os.path.dirname(sys.argv[0])+'/freewvsdb/*.freewvs'))
98) 
99) vdb = []
100) for sect in config.sections():
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

101)     item = {}
102) 
103)     # base options
104)     item['name'] = sect
105)     item['safe'] = config.get(sect, 'safe')
106)     item['file'] = config.get(sect, 'file')
107)     item['vuln'] = config.get(sect, 'vuln')
108)     item['subdir'] = int(config.get(sect, 'subdir'))
109) 
110)     # match magic
111)     item['variable'] = []
112)     for var in config.get(sect,'variable').split(","):
113)         item['variable'].append(re.compile(re.escape(var)+
Bernd Wurst Version-Pattern darf nicht...

Bernd Wurst authored 13 years ago

114)                                 r"[^0-9.\n\r]*[.]*([0-9.]*[0-9])[^0-9.]"))
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

115) 
116)     # optional options
117)     if config.has_option(sect,'extra_match'):
118)         item['extra_match'] = config.get(sect,'extra_match')
119)     else:
120)         item['extra_match'] = False
121)     if config.has_option(sect,'add_minor'):
122)         item['add_minor'] = config.get(sect,'add_minor')
123)     else:
124)         item['add_minor'] = False
125)     if config.has_option(sect,'old_safe'):
126)         item['old_safe'] = config.get(sect,'old_safe').split(",")
127)     else:
128)         item['old_safe'] = []
129) 
130)     vdb.append(item)
131) if opts.DEBUG:
132)     pp.pprint(vdb)
Hanno Böck initial commit

Hanno Böck authored 17 years ago

133) 
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

134) if opts.OUTPUT == 'xml':
Hanno Böck more print to function conv...

Hanno Böck authored 14 years ago

135)   print ('<?xml version="1.0" ?>')
136)   print ('<freewvs>')
Hanno Böck initial commit

Hanno Böck authored 17 years ago

137) 
138) # start the search
139) 
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

140) for fdir in args:
141)     for root, NULL, files in os.walk(fdir):
142)         for filename in files:
143)             for item in vdb:
144)                 if filename == item['file']:
145)                     mfile = os.path.join(root, filename)
146)                     file = open(mfile)
147)                     filestr = file.read()
148)                     file.close()
149) 
150)                     if item['extra_match']:
151)                         ematch = (filestr.find(item['extra_match']) != -1)
152)                     else:
153)                         ematch = True
154) 
155)                     findversion = []
156)                     for var in item['variable']:
157)                         var = var.search(filestr)
158)                         if not var:
159)                             findversion = False
160)                             break
161)                         else:
162)                             findversion.append(var.group(1))
163) 
164)                     if findversion and ematch:
165)                         findversion = '.'.join(findversion)
166) 
167)                         # Very ugly phpbb workaround
168)                         if item['add_minor']:
169)                             findversion = findversion.split('.')
170)                             findversion[-1] = str(int(findversion[-1])+
171)                                             int(item['add_minor']))
172)                             findversion = '.'.join(findversion)
173) 
174)                         if not (versioncompare(item['safe'].split('.'), \
175)                                 findversion.split('.'))) or \
176)                                 item['old_safe'].count(findversion)>0:
177)                             if opts.ALL:
178)                                 if opts.DEBUG:
Hanno Böck replace print with function...

Hanno Böck authored 14 years ago

179)                                     print ("File "+mfile)
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

180)                                 vulnprint(item['name'], findversion, \
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

181)                                           "ok", "", mfile, item['subdir'], \
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

182)                                           opts.OUTPUT)
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

183)                         else:
184)                             if opts.DEBUG:
Hanno Böck replace print with function...

Hanno Böck authored 14 years ago

185)                                 print ("File "+mfile)
Hanno Böck better code for old versions 6

Hanno Böck authored 16 years ago

186)                             safev="9999"
Hanno Böck print more intelligent warn...

Hanno Böck authored 16 years ago

187)                             for ver in item['old_safe']:
188)                                 if (versioncompare(ver.split('.'), \
Hanno Böck better code for old versions 3

Hanno Böck authored 16 years ago

189)                                     findversion.split('.') ) and \
Hanno Böck better code for old versions 6

Hanno Böck authored 16 years ago

190)                                     not versioncompare(ver.split('.'), \
Hanno Böck better code for old versions 3

Hanno Böck authored 16 years ago

191)                                     safev.split('.')) ):
Hanno Böck print more intelligent warn...

Hanno Böck authored 16 years ago

192)                                     safev=ver
Hanno Böck really fix safeversions

Hanno Böck authored 16 years ago

193)                             if safev=="9999":
Hanno Böck print more intelligent warn...

Hanno Böck authored 16 years ago

194)                                 safev=item['safe']
195) 
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

196)                             vulnprint (item['name'], findversion, \
Hanno Böck print more intelligent warn...

Hanno Böck authored 16 years ago

197)                                        safev, item['vuln'], \
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

198)                                        mfile, item['subdir'], opts.OUTPUT)
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

199) 
200)                     else:
201)                         if opts.DEBUG:
Hanno Böck replace print with function...

Hanno Böck authored 14 years ago

202)                             print ("regexp failed for " + \
203)                                   item['name'] + " on " + mfile)
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

204) 
205) if opts.OUTPUT == 'xml':