freewvs.git

1) # freewvs
2) 
3) A local web vulnerability scanner.
4) 

5) freewvs is a tool to search webroots for known vulnerable versions of web applications.

6) 

7) ## install
8) 
9) You can install [freewvs via pip](https://pypi.org/project/freewvs/):
10) 

11) ```
12) pip install freewvs
13) ```

14) 

15) Alternatively, you can run freewvs directly from the git source.

16) 

17) If you install via pip, you need to update the freewvs database first:

18) 

19) ```
20) update-freewvsdb
21) ```

22) 
23) ## usage
24) 
25) Just run freewvs with a path, e.g.:
26) 

27) ```

28) freewvs /var/www

29) ```

30) 
31) The output will be something like this:
32) 

33) ```
34) Joomla 3.9.11 (3.9.14) CVE-2019-19846 /var/www/example.org
35) nextcloud 14.0.1 (14.0.5) CVE-2019-5449 /var/www/cloud.example.org
36) MediaWiki 1.31.1 (1.31.6) CVE-2019-19709 /var/www/wiki.example.org
37) ```

38) 

39) ## faq
40) 
41) #### What does freewvs do?
42) 
43) It scans your webroot for known vulnerable versions of popular web applications.
44) 
45) #### What does the output tell me?
46) 

47) The output looks like this:

48) 
49) ```
50) Joomla-3 3.9.11 (3.9.13) CVE-2019-18674 /home/joe/websites/joessite/
51) ```
52) 

53) This says that in /home/joe/websites/joessite/, there's a Joomla installation of version
54) 3.9.11. This version is vulnerable to CVE-2019-18674, and you should update it to
55) version 3.9.13.

56) 
57) #### CVE-2019-XXXX seems to be very minor, at least it doesn't affect me. Am I safe?
58) 

59) No, as freewvs only checks for the latest vulnerabilities. There may be other
60) vulnerabilities in your version not listed by freewvs. The only way to be sure is to
61) check the upstream changelog.

62) 

63) #### There is no version inside the brackets. What does that mean?

64) 

65) It means your web application has not released a security update. Often, this means the
66) software is no longer developed.

67) 

68) ## contributions
69) 

70) See [CONTRIBUTIONS.md](CONTRIBUTIONS.md).

71) 

72) ## misc
73) 
74) freewvs was developed by [schokokeks.org hosting](https://schokokeks.org/).
75) 

76) It's licensed under the 0BSD license.

77)