fc393f5527a45afe82596c34218d715e15951a7e
Hanno Böck initial commit

Hanno Böck authored 17 years ago

1) #!/usr/bin/python -tO
2) 
3) # freewvs 0.1 - the free web vulnerability scanner
4) #
5) # http://source.schokokeks.org/freewvs/
6) #
7) # Copyright 2007 Hanno Boeck, schokokeks.org <hanno@schokokeks.org>
8) #
9) # Contributions by
10) # Fabian Fingerle <fabian@datensalat.eu>
11) #
12) # This program is free software: you can redistribute it and/or modify
13) # it under the terms of the GNU General Public License as published by
14) # the Free Software Foundation, either version 3 of the License, or
15) # (at your option) any later version.
16) #
17) # This program is distributed in the hope that it will be useful,
18) # but WITHOUT ANY WARRANTY; without even the implied warranty of
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

19) # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.    See the
Hanno Böck initial commit

Hanno Böck authored 17 years ago

20) # GNU General Public License for more details.
21) #
22) # You should have received a copy of the GNU General Public License
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

23) # along with this program.    If not, see <http://www.gnu.org/licenses/>.
Hanno Böck initial commit

Hanno Böck authored 17 years ago

24) 
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

25) import ConfigParser, os, glob, pprint, re, optparse, sys, gettext
Hanno Böck initial commit

Hanno Böck authored 17 years ago

26) 
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

27) gettext.textdomain('freewvs')
28) _ = gettext.gettext
Hanno Böck initial commit

Hanno Böck authored 17 years ago

29) 
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

30) def versioncompare(safe_version, find_version):
31)     if safe_version == [""]:
32)         return True
33)     for i in range(min(len(find_version), len(safe_version))):
34)         if int(find_version[i])<int(safe_version[i]):
35)             return True
36)         if int(find_version[i])>int(safe_version[i]):
37)             return False
38)     return (len(find_version)<len(safe_version))
Hanno Böck initial commit

Hanno Böck authored 17 years ago

39) 
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

40) def vulnprint(appname, version, safeversion, vuln, vfilename, subdir, fancy):
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

41)     appdir = '/'.join(os.path.abspath(vfilename).split('/')[:-1-subdir])
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

42)     if fancy:
43)         print _("Directory: %(appdir)s") % vars()
Hanno Böck indentation fix

Hanno Böck authored 16 years ago

44)         if safeversion!="ok":
Hanno Böck some i18n fixes

Hanno Böck authored 16 years ago

45)             print _("Vulnerable %(appname)s %(version)s found, please update to " \
46)                     "%(safeversion)s or above.") % vars()
47)             if vuln[:3] == "CVE":
48)                 print _("http://cve.mitre.org/cgi-bin/cvename.cgi?name=%(vuln)s") \
49)                         % vars()
50)             else:
51)                 print (vuln)
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

52)         else:
Hanno Böck some i18n fixes

Hanno Böck authored 16 years ago

53)             print _("%(appname)s %(version)s found." ) % vars()
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

54)         print
55)     else:
56)         print "%(appname)s %(version)s (%(safeversion)s) %(vuln)s %(appdir)s" \
57)               % vars()
Hanno Böck initial commit

Hanno Böck authored 17 years ago

58) 
59) pp = pprint.PrettyPrinter(indent=4)
60) 
61) # Command-line options
62) parser = optparse.OptionParser()
63) parser.add_option("-a", "--all", action="store_true", dest="ALL",
64)                   help="Show all webapps found, not just vulnerable")
65) parser.add_option("-d", "--debug", action="store_true", dest="DEBUG",
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

66)                   help="Show lots of debugging output, mainly useful"+ \
67)                   "for development")
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

68) parser.add_option("-f", "--fancy", action="store_true", dest="FANCY",
69)                   help="Show more fancy output")
Hanno Böck initial commit

Hanno Böck authored 17 years ago

70) opts, args = parser.parse_args()
71) 
72) # Parse vulnerability database
73) config = ConfigParser.ConfigParser()
74) config.read(glob.glob('/usr/share/freewvs/*.freewvs'))
75) config.read(glob.glob('/usr/local/share/freewvs/*.freewvs'))
76) config.read(glob.glob(os.path.dirname(sys.argv[0])+'/freewvsdb/*.freewvs'))
77) 
78) vdb = []
79) for sect in config.sections():
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

80)     item = {}
81) 
82)     # base options
83)     item['name'] = sect
84)     item['safe'] = config.get(sect, 'safe')
85)     item['file'] = config.get(sect, 'file')
86)     item['vuln'] = config.get(sect, 'vuln')
87)     item['subdir'] = int(config.get(sect, 'subdir'))
88) 
89)     # match magic
90)     item['variable'] = []
91)     for var in config.get(sect,'variable').split(","):
92)         item['variable'].append(re.compile(re.escape(var)+
93)                                 r"[^0-9.]*[.]*([0-9.]*[0-9])[^0-9.]"))
94) 
95)     # optional options
96)     if config.has_option(sect,'extra_match'):
97)         item['extra_match'] = config.get(sect,'extra_match')
98)     else:
99)         item['extra_match'] = False
100)     if config.has_option(sect,'add_minor'):
101)         item['add_minor'] = config.get(sect,'add_minor')
102)     else:
103)         item['add_minor'] = False
104)     if config.has_option(sect,'old_safe'):
105)         item['old_safe'] = config.get(sect,'old_safe').split(",")
106)     else:
107)         item['old_safe'] = []
108) 
109)     vdb.append(item)
110) if opts.DEBUG:
111)     pp.pprint(vdb)
Hanno Böck initial commit

Hanno Böck authored 17 years ago

112) 
113) 
114) # start the search
115) 
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

116) for fdir in args:
117)     for root, NULL, files in os.walk(fdir):
118)         for filename in files:
119)             for item in vdb:
120)                 if filename == item['file']:
121)                     mfile = os.path.join(root, filename)
122)                     file = open(mfile)
123)                     filestr = file.read()
124)                     file.close()
125) 
126)                     if item['extra_match']:
127)                         ematch = (filestr.find(item['extra_match']) != -1)
128)                     else:
129)                         ematch = True
130) 
131)                     findversion = []
132)                     for var in item['variable']:
133)                         var = var.search(filestr)
134)                         if not var:
135)                             findversion = False
136)                             break
137)                         else:
138)                             findversion.append(var.group(1))
139) 
140)                     if findversion and ematch:
141)                         findversion = '.'.join(findversion)
142) 
143)                         # Very ugly phpbb workaround
144)                         if item['add_minor']:
145)                             findversion = findversion.split('.')
146)                             findversion[-1] = str(int(findversion[-1])+
147)                                             int(item['add_minor']))
148)                             findversion = '.'.join(findversion)
149) 
150)                         if not (versioncompare(item['safe'].split('.'), \
151)                                 findversion.split('.'))) or \
152)                                 item['old_safe'].count(findversion)>0:
153)                             if opts.ALL:
154)                                 if opts.DEBUG:
155)                                     print "File "+mfile
156)                                 vulnprint(item['name'], findversion, \
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

157)                                           "ok", "", mfile, item['subdir'], \
158)                                           opts.FANCY)
Hanno Böck fix lot's of pylint issues...

Hanno Böck authored 16 years ago

159)                         else:
160)                             if opts.DEBUG:
161)                                 print "File "+mfile
162)                             vulnprint (item['name'], findversion, \
163)                                        item['safe'], item['vuln'], \
Hanno Böck add fancy output

Hanno Böck authored 16 years ago

164)                                        mfile, item['subdir'], opts.FANCY)