#!/usr/bin/python3 -O
# freewvs - a free web vulnerability scanner
#
# https://freewvs.schokokeks.org/
#
# Written by schokokeks.org Hosting, https://schokokeks.org
#
# Contributions by
# Hanno Boeck, https://hboeck.de/
# Fabian Fingerle, https://fabian-fingerle.de/
# Bernd Wurst, https://bwurst.org/
#
# To the extent possible under law, the author(s) have dedicated all copyright
# and related and neighboring rights to this software to the public domain
# worldwide. This software is distributed without any warranty.
#
# You should have received a copy of the CC0 Public Domain Dedication along
# with this software. If not, see
# https://creativecommons.org/publicdomain/zero/1.0/
# Nevertheless, in case you use a significant part of this code, we ask (but
# not require, see the license) that you keep the authors' names in place and
# return your changes to the public. We would be especially happy if you tell
# us what you're going to do with this code.
import os
import glob
import re
import argparse
import sys
import json
import pathlib
from xml.sax.saxutils import escape # noqa: DUO107
def versioncompare(safe_version, find_version):
if safe_version == "":
return True
safe_version_tup = [int(x) for x in safe_version.split(".")]
find_version_tup = [int(x) for x in find_version.split(".")]
return find_version_tup < safe_version_tup
def vulnprint(appname, version, safeversion, vuln, vfilename, subdir,
xml):
appdir = '/'.join(os.path.abspath(vfilename).split('/')[:-1 - subdir])
if not xml:
print(f"{appname} {version} ({safeversion}) {vuln} {appdir}")
else:
state = 'vulnerable'
if safeversion == 'ok':