git.schokokeks.org
Repositories
Help
Report an Issue
freewvs.git
Code
Commits
Branches
Tags
Suche
Strukturansicht:
cb10b7f
Branches
Tags
master
v0.1.1
v0.1.2
v0.1.3
v0.1.4
freewvs.git
freewvs
initial commit
Hanno Böck
commited
cb10b7f
at 2007-11-01 16:35:50
freewvs
Blame
History
Raw
#!/usr/bin/python -tO # freewvs 0.1 - the free web vulnerability scanner # # http://source.schokokeks.org/freewvs/ # # Copyright 2007 Hanno Boeck, schokokeks.org <hanno@schokokeks.org> # # Contributions by # Fabian Fingerle <fabian@datensalat.eu> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see <http://www.gnu.org/licenses/>. import ConfigParser, os, glob, pprint, re, optparse, sys def versioncompare(safe_version,find_version): if safe_version==[""]: return True for i in range(min(len(find_version),len(safe_version))): if int(find_version[i])<int(safe_version[i]): return True if int(find_version[i])>int(safe_version[i]): return False return (len(find_version)<len(safe_version)) def vulnprint(appname,version,safeversion,vuln,filename,subdir): appdir='/'.join(os.path.abspath(filename).split('/')[:-1-subdir]) print "%(appname)s %(version)s (%(safeversion)s) %(vuln)s %(appdir)s" % vars() pp = pprint.PrettyPrinter(indent=4) # Command-line options parser = optparse.OptionParser() parser.add_option("-a", "--all", action="store_true", dest="ALL", help="Show all webapps found, not just vulnerable") parser.add_option("-d", "--debug", action="store_true", dest="DEBUG", help="Show lots of debugging output, mainly useful for development") opts, args = parser.parse_args() # Parse vulnerability database config = ConfigParser.ConfigParser() config.read(glob.glob('/usr/share/freewvs/*.freewvs')) config.read(glob.glob('/usr/local/share/freewvs/*.freewvs')) config.read(glob.glob(os.path.dirname(sys.argv[0])+'/freewvsdb/*.freewvs')) vdb = [] for sect in config.sections(): item={} # base options item['name']=sect item['safe']=config.get(sect,'safe') item['file']=config.get(sect,'file') item['vuln']=config.get(sect,'vuln') item['subdir']=int(config.get(sect,'subdir')) # match magic item['variable']=[] for var in config.get(sect,'variable').split(","): item['variable'].append(re.compile(re.escape(var)+r"[^0-9.]*[.]*([0-9.]*[0-9])[^0-9.]")) # optional options if config.has_option(sect,'extra_match'): item['extra_match']=config.get(sect,'extra_match') else: item['extra_match']=False if config.has_option(sect,'add_minor'): item['add_minor']=config.get(sect,'add_minor') else: item['add_minor']=False if config.has_option(sect,'old_safe'): item['old_safe']=config.get(sect,'old_safe').split(",") else: item['old_safe']=[] vdb.append(item) if opts.DEBUG: pp.pprint(vdb) # start the search for dir in args: for root,NULL,files in os.walk(dir): for filename in files: for item in vdb: if filename == item['file']: mfile=os.path.join(root,filename) file=open(mfile) filestr=file.read() file.close() if item['extra_match']: ematch=(filestr.find(item['extra_match'])!=-1) else: ematch=True findversion=[] for var in item['variable']: var = var.search(filestr) if not var: findversion=False break else: findversion.append(var.group(1)) if findversion and ematch: findversion='.'.join(findversion) # Very ugly phpbb workaround if item['add_minor']: findversion=findversion.split('.') findversion[-1]=str(int(findversion[-1])+int(item['add_minor'])) findversion='.'.join(findversion) if not (versioncompare(item['safe'].split('.'),findversion.split('.'))) or item['old_safe'].count(findversion)>0: if opts.ALL: vulnprint(item['name'],findversion,"ok","",mfile,item['subdir']) else: vulnprint (item['name'],findversion,item['safe'],item['vuln'],mfile,item['subdir']) else: if opts.DEBUG: print "regexp failed for "+item['name']+" on "+mfile