6bcb6853b9a849888d456b1055f3ab55caaea404
Hanno Böck add cleaned up version of F...

Hanno Böck authored 4 years ago

1) # freewvs
2) 
3) A local web vulnerability scanner.
4) 
5) freewvs is a tool to search webroots for know vulnerable versions of web applications.
6) 
Hanno Böck add some info from webpage...

Hanno Böck authored 2 years ago

7) ## install
8) 
9) Install
10) 
11) You can install [freewvs via pip](https://pypi.org/project/freewvs/):
12) 
Hanno Böck format properly

Hanno Böck authored 2 years ago

13) ```
14) pip install freewvs
15) ```
Hanno Böck add some info from webpage...

Hanno Böck authored 2 years ago

16) 
17) Alternatively you can run freewvs directly from the git source.
18) 
19) If you install via pip you need to update the freewvs database first:
20) 
Hanno Böck format properly

Hanno Böck authored 2 years ago

21) ```
22) update-freewvsdb
23) ```
Hanno Böck add some info from webpage...

Hanno Böck authored 2 years ago

24) 
25) ## usage
26) 
27) Just run freewvs with a path, e.g.:
28) 
Hanno Böck format properly

Hanno Böck authored 2 years ago

29) ```
Hanno Böck add some info from webpage...

Hanno Böck authored 2 years ago

30) freewvs /var/www
Hanno Böck format properly

Hanno Böck authored 2 years ago

31) ```
Hanno Böck add some info from webpage...

Hanno Böck authored 2 years ago

32) 
33) The output will be something like this:
34) 
Hanno Böck format properly

Hanno Böck authored 2 years ago

35) ```
36) Joomla 3.9.11 (3.9.14) CVE-2019-19846 /var/www/example.org
37) nextcloud 14.0.1 (14.0.5) CVE-2019-5449 /var/www/cloud.example.org
38) MediaWiki 1.31.1 (1.31.6) CVE-2019-19709 /var/www/wiki.example.org
39) ```
Hanno Böck add some info from webpage...

Hanno Böck authored 2 years ago

40) 
Hanno Böck add cleaned up version of F...

Hanno Böck authored 4 years ago

41) ## faq
42) 
43) #### What does freewvs do?
44) 
45) It scans your webroot for known vulnerable versions of popular web applications.
46) 
47) #### What does the output tell me?
48) 
49) Output looks like this:
50) 
51) ```
52) Joomla-3 3.9.11 (3.9.13) CVE-2019-18674 /home/joe/websites/joessite/
53) ```
54) 
55) This says that in /home/joe/websites/joessite/, there's a Joomla installation of version 3.9.11. This version is
56) vulnerable to CVE-2019-18674 and you should update to version 3.9.13.
57) 
58) #### CVE-2019-XXXX seems to be very minor, at least it doesn't affect me. Am I safe?
59) 
60) No, as freewvs only checks for the latest vulnerabilities. There may be other vulnerabilities in your version not listed by freewvs. The only way to be sure is to check the upstream changelog.
61) 
62) #### There is no version inside the brackets, what does that mean?
63) 
64) It means your web application has not released a security update. Often this means the software is no longer developed.
65) 
Hanno Böck contributions file

Hanno Böck authored 3 years ago

66) ## contributions
67) 
Hanno Böck fix markdown linK

Hanno Böck authored 3 years ago

68) See [CONTRIBUTIONS.md](CONTRIBUTIONS.md).
Hanno Böck contributions file

Hanno Böck authored 3 years ago

69) 
Hanno Böck add cleaned up version of F...

Hanno Böck authored 4 years ago

70) ## misc
71) 
72) freewvs was developed by [schokokeks.org hosting](https://schokokeks.org/).
73) 
74) It's licensed as CC0.
75)