66cae1785021d5e7490917c43326277b7e150f66
Hanno Böck Enforce python 3, remove py...

Hanno Böck authored 5 years ago

1) #!/usr/bin/python3 -O
Hanno Böck initial commit

Hanno Böck authored 17 years ago

2) 
Hanno Böck update URL and remove versi...

Hanno Böck authored 5 years ago

3) # freewvs - a free web vulnerability scanner
Hanno Böck initial commit

Hanno Böck authored 17 years ago

4) #
Hanno Böck update URL and remove versi...

Hanno Böck authored 5 years ago

5) # https://freewvs.schokokeks.org/
Hanno Böck initial commit

Hanno Böck authored 17 years ago

6) #
Hanno Böck remove year so we don't hav...

Hanno Böck authored 5 years ago

7) # Written by schokokeks.org Hosting, https://schokokeks.org
Hanno Böck initial commit

Hanno Böck authored 17 years ago

8) #
9) # Contributions by
Hanno Böck convert all http URLs to https

Hanno Böck authored 7 years ago

10) # Hanno Boeck, https://hboeck.de/
11) # Fabian Fingerle, https://fabian-fingerle.de/
12) # Bernd Wurst, https://bwurst.org/
Hanno Böck initial commit

Hanno Böck authored 17 years ago

13) #
Hanno Böck License change to cc0

Hanno Böck authored 12 years ago

14) # To the extent possible under law, the author(s) have dedicated all copyright
15) # and related and neighboring rights to this software to the public domain
16) # worldwide. This software is distributed without any warranty.
Hanno Böck initial commit

Hanno Böck authored 17 years ago

17) #
Hanno Böck License change to cc0

Hanno Böck authored 12 years ago

18) # You should have received a copy of the CC0 Public Domain Dedication along
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

19) # with this software. If not, see
Hanno Böck convert all http URLs to https

Hanno Böck authored 7 years ago

20) # https://creativecommons.org/publicdomain/zero/1.0/
Hanno Böck License change to cc0

Hanno Böck authored 12 years ago

21) # Nevertheless, in case you use a significant part of this code, we ask (but
22) # not require, see the license) that you keep the authors' names in place and
23) # return your changes to the public. We would be especially happy if you tell
24) # us what you're going to do with this code.
Hanno Böck initial commit

Hanno Böck authored 17 years ago

25) 
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

26) import os
27) import glob
28) import re
Hanno Böck argparse instead of depreca...

Hanno Böck authored 5 years ago

29) import argparse
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

30) import sys
Hanno Böck switch to json-based freewvsdb

Hanno Böck authored 5 years ago

31) import json
Bernd Wurst Add XML string escaping

Bernd Wurst authored 16 years ago

32) from xml.sax.saxutils import escape
Hanno Böck initial commit

Hanno Böck authored 17 years ago

33) 
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

34) 
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

35) def versioncompare(safe_version, find_version):
Hanno Böck fix detection with no safe...

Hanno Böck authored 5 years ago

36)     if safe_version == "":
37)         return True
Hanno Böck simplify versioncompare logic

Hanno Böck authored 5 years ago

38)     safe_version_tup = [int(x) for x in safe_version.split(".")]
39)     find_version_tup = [int(x) for x in find_version.split(".")]
40)     return find_version_tup < safe_version_tup
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

41) 
Hanno Böck initial commit

Hanno Böck authored 17 years ago

42) 
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

43) def vulnprint(appname, version, safeversion, vuln, vfilename, subdir,
Hanno Böck argparse instead of depreca...

Hanno Böck authored 5 years ago

44)               xml):
Hanno Böck pycodestyle fixes

Hanno Böck authored 7 years ago

45)     appdir = '/'.join(os.path.abspath(vfilename).split('/')[:-1 - subdir])
Hanno Böck argparse instead of depreca...

Hanno Böck authored 5 years ago

46)     if not xml:
Hanno Böck missing space

Hanno Böck authored 7 years ago

47)         print("%(appname)s %(version)s (%(safeversion)s) %(vuln)s "
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

48)               "%(appdir)s" % vars())
Hanno Böck argparse instead of depreca...

Hanno Böck authored 5 years ago

49)     else:
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

50)         state = 'vulnerable'
51)         if safeversion == 'ok':
52)             state = 'ok'
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

53)         print('  <app state="%s">' % state)
54)         print('    <appname>%s</appname>' % escape(appname))
55)         print('    <version>%s</version>' % escape(version))
56)         print('    <directory>%s</directory>' % escape(appdir))
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

57)         if state == 'vulnerable':
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

58)             print('    <safeversion>%s</safeversion>' % escape(safeversion))
59)             print('    <vulninfo>%s</vulninfo>' % escape(vuln))
60)         print('  </app>')
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

61) 
Hanno Böck initial commit

Hanno Böck authored 17 years ago

62) 
63) # Command-line options
Hanno Böck argparse instead of depreca...

Hanno Böck authored 5 years ago

64) parser = argparse.ArgumentParser()
65) parser.add_argument("dirs", nargs="*",
66)                     help="Directories to scan")
67) parser.add_argument("-a", "--all", action="store_true",
68)                     help="Show all webapps found, not just vulnerable")
69) parser.add_argument("-x", "--xml", action="store_true",
70)                     help="Output results as XML")
71) parser.add_argument("-3", "--thirdparty", action="store_true",
72)                     help="Scan for third-party components like jquery")
73) opts = parser.parse_args()
Hanno Böck initial commit

Hanno Böck authored 17 years ago

74) 
Hanno Böck warn people who have old-st...

Hanno Böck authored 5 years ago

75) # Warn people with old-style freewvsdb dirs,
76) # should be removed in a few months
77) for d in ["/usr/share/freewvs", "/usr/local/share/freewvs"]:
78)     if os.path.isdir(d):
79)         print("WARNING: Obsolete freewvs data in %s, removal recommended" % d,
80)               file=sys.stderr)
81) 
Hanno Böck switch to json-based freewvsdb

Hanno Böck authored 5 years ago

82) jdir = False
83) for p in [os.path.dirname(sys.argv[0]) + '/freewvsdb', '/var/lib/freewvs']:
84)     if os.path.isdir(p):
85)         jdir = p
86) if not jdir:
87)     print("Can't find freewvs json db")
88)     sys.exit(1)
89) 
90) jconfig = []
91) for cfile in glob.glob(jdir + '/*.json'):
92)     with open(cfile) as json_file:
93)         data = json.load(json_file)
94)         jconfig += data
95) 
Hanno Böck performance improvement by...

Hanno Böck authored 5 years ago

96) scanfiles = set()
Hanno Böck switch to json-based freewvsdb

Hanno Böck authored 5 years ago

97) for app in jconfig:
98)     for det in app['detection']:
99)         scanfiles.add(det['file'])
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

100) 
Hanno Böck initial commit

Hanno Böck authored 17 years ago

101) 
Hanno Böck argparse instead of depreca...

Hanno Böck authored 5 years ago

102) if opts.xml:
Hanno Böck format syntax according to...

Hanno Böck authored 7 years ago

103)     print('<?xml version="1.0" ?>')
104)     print('<freewvs>')
Hanno Böck initial commit

Hanno Böck authored 17 years ago

105) 
106) # start the search
107) 
Hanno Böck argparse instead of depreca...

Hanno Böck authored 5 years ago

108) for fdir in opts.dirs:
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

109)     for root, NULL, files in os.walk(fdir):
Hanno Böck performance improvement by...

Hanno Böck authored 5 years ago

110)         for filename in scanfiles.intersection(files):
Hanno Böck switch to json-based freewvsdb

Hanno Böck authored 5 years ago

111)             for item in jconfig:
112)                 if not opts.thirdparty and 'thirdparty' in item:
113)                     continue
114)                 for det in item['detection']:
115)                     if filename == det['file']:
116)                         mfile = os.path.join(root, filename)
117)                         try:
118)                             file = open(mfile, errors='replace')
Hanno Böck make pylint happier

Hanno Böck authored 5 years ago

119)                         except IOError:
Hanno Böck switch to json-based freewvsdb

Hanno Böck authored 5 years ago

120)                             continue
121)                         filestr = file.read()
122)                         file.close()
123) 
124)                         if (('extra_match' in det
Hanno Böck make pylint happier

Hanno Böck authored 5 years ago

125)                              and det['extra_match'] not in filestr)
126)                                 or ('extra_nomatch' in det
127)                                     and det['extra_nomatch'] in filestr)):
128)                             continue
129) 
130)                         if ('path_match' in det
131)                                 and (not root.endswith(det['path_match']))):
Hanno Böck switch to json-based freewvsdb

Hanno Böck authored 5 years ago

132)                             continue
133) 
134)                         findversion = re.search(re.escape(det['variable'])
135)                                                 + r"[^0-9\n\r]*[.]*"
136)                                                 "([0-9.]*[0-9])[^0-9.]",
137)                                                 filestr)
138)                         if not findversion:
139)                             continue
140)                         findversion = findversion.group(1)
141) 
142)                         # Very ugly phpbb workaround
143)                         if 'add_minor' in det:
144)                             findversion = findversion.split('.')
145)                             findversion[-1] = str(int(findversion[-1])
Hanno Böck fix add_minor

Hanno Böck authored 5 years ago

146)                                                   + int(det['add_minor']))
Hanno Böck switch to json-based freewvsdb

Hanno Böck authored 5 years ago

147)                             findversion = '.'.join(findversion)
148) 
Hanno Böck make pylint happier

Hanno Böck authored 5 years ago

149)                         if ((not versioncompare(item['safe'], findversion))
150)                                 or ('old_safe' in item
151)                                     and findversion in
152)                                     item['old_safe'].split(','))):
Hanno Böck switch to json-based freewvsdb

Hanno Böck authored 5 years ago

153)                             if opts.all:
154)                                 vulnprint(item['name'], findversion, "ok", "",
155)                                           mfile, det['subdir'], opts.xml)
156)                             continue
157) 
158)                         safev = item['safe']
159)                         if 'old_safe' in item:
160)                             for ver in item['old_safe'].split(','):
161)                                 if versioncompare(ver, findversion):
162)                                     safev = ver
163) 
164)                         vulnprint(item['name'], findversion, safev,
165)                                   item['vuln'], mfile, det['subdir'], opts.xml)
Bernd Wurst add XML output format

Bernd Wurst authored 16 years ago

166) 
Hanno Böck argparse instead of depreca...

Hanno Böck authored 5 years ago

167) if opts.xml: