Skip to content

fgeek/pyfiscan

Repository files navigation

pyfiscan

About

Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users installations to keep up with security-updates. Fingerprints are easy to create and modify as user can write those in YAML-syntax. Pyfiscan also contains tool to create email alerts using templates.

Requirements

  • Python 3
  • Python modules PyYAML docopt chardet
  • GNU/Linux web server

Testing is done mainly with GNU/Linux Debian stable. Windows is not currently supported.

Detects following software

  • Abantecart
  • ATutor
  • b2evolution
  • BigTree CMS
  • Bugzilla
  • Centreon
  • Claroline
  • ClipperCMS
  • CMSimple
  • CMSimple_XH
  • CMSMS
  • Collabtive
  • Concrete5
  • Coppermine
  • Cotonti
  • Croogo
  • CubeCart
  • Dolibarr
  • Dotclear
  • Drupal
  • e107
  • Elefant CMS
  • EspoCRM
  • Etherpad
  • flatCore CMS
  • FluxBB
  • Foswiki
  • FUEL CMS
  • Gallery
  • Gollum
  • HelpDEZk
  • HumHub
  • ImpressCMS
  • ImpressPages
  • Jamroom
  • Joomla
  • Kanboard
  • KCFinder
  • LiteCart
  • Magnolia
  • Mahara
  • MantisBT
  • MediaWiki
  • Microweber
  • MiniBB
  • MODX Revolution
  • MoinMoin
  • MyBB
  • Nibbleblog
  • Open Source Social Network
  • OpenCart (recommends not to use this software)
  • osDate
  • ownCloud
  • Oxwall
  • PBBoard
  • phpBB3
  • PhpGedView
  • phpLiteAdmin
  • phpMyAdmin
  • Piwigo
  • Piwik
  • PmWiki
  • Postfix Admin
  • Redaxo
  • Redmine
  • Roundcube
  • SaurusCMS
  • Serendipity
  • Shaarli
  • Shopware
  • SMF
  • Spina CMS
  • SPIP
  • SQLiteManager
  • SquirrelMail
  • TestLink
  • TikiWiki
  • Trac
  • Vanilla Forums
  • WikkaWiki
  • WordPress
  • Zenario
  • Zenphoto
  • Zikula

Detects following end-of-life software:

  • Bugzilla 4.2 is end-of-life since 2015-11-30
  • Drupal 6 is end-of-life since 2016-02-24
  • Drupal 9.0 is end-of-life
  • Gallery 1
  • Joomla 1.5 is end-of-life since 2012-04-30
  • Joomla 1.6 is end-of-life since 2011-08-19. 1.6.x should be upgraded to 1.6.6 before moving to 1.7.x
  • Joomla 1.7 is end-of-life since 2012-02-24
  • Joomla 2.5
  • MediaWiki 1.18
  • MediaWiki 1.19 is end-of-life since 2015-04-25
  • MediaWiki 1.20
  • MediaWiki 1.21 is end-of-life since 2014-06-25
  • MediaWiki 1.22
  • MediaWiki 1.23 is end-of-life since 2017-05-31
  • MediaWiki 1.24
  • MediaWiki 1.25
  • MediaWiki 1.26 is end-of-life since 2016-11-20
  • MediaWiki 1.27 is end-of-life since 2019-06-06
  • MediaWiki 1.28 is end-of-life since 2017-11-01
  • MediaWiki 1.29 is end-of-life since 2018-06
  • MediaWiki 1.30 is end-of-life since 2019-06-06
  • MediaWiki 1.31 is end-of-life since 2021-09-30
  • MediaWiki 1.32 is end-of-life since 2020-01-23
  • MediaWiki 1.33 is end-of-life since 2020-06-24
  • MediaWiki 1.34 is end-of-life since 2020-11-30
  • MediaWiki 1.36 is end-of-life since 2022-06-03
  • MediaWiki 1.37 is end-of-life since 2022-11-30
  • SaurusCMS
  • ownCloud 4
  • ownCloud 5
  • ownCloud 6
  • ownCloud 7
  • ownCloud 8.0
  • ownCloud 8.1
  • ownCloud 8.2

Installation

sudo apt install python3 python3-pip git virtualenv
git clone https://github.com/fgeek/pyfiscan.git && cd pyfiscan
virtualenv -p python3 venv
source ./venv/bin/activate
pip3 install -r requirements.lst

or you can use BlackArch Linux.

Notes

Happy users

  • DevNet Oy
  • Kapsi Internet-käyttäjät ry
  • Shellit.org
  • Loopia.se

Contributors

  • aapa
  • Ari-Martti Hopiavuori
  • Atte H. "guaqua"
  • Janne Cederberg
  • Joonas Kuorilehto
  • Juhamatti Niemelä
  • Linus Fogelholk
  • motikan2010
  • Olli Pekkola
  • Paul Grant
  • Tuomo Komulainen

About

Free web-application vulnerability and version scanner

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Sponsor this project

Packages

No packages published