Pyfiscan – Locate Outdated Software Versions

Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users installations to keep up with security-updates. Fingerprints are easy to create and modify as user can write those in YAML-syntax. Pyfiscan also contains tool to create email alerts using templates.

Pyfiscan Requirements

• Python 2.7
• Python modules PyYAML docopt
• GNU/Linux web server

Testing is done mainly with GNU/Linux Debian stable. Windows is not currently supported.

Detects following software

• Bugzilla
• CMSMS
• Centreon
• Claroline
• Collabtive
• Concrete5
• Coppermine
• Cotonti
• Croogo
• Dolibarr
• Dotclear
• Drupal
• EspoCRM
• FluxBB
• Foswiki
• Gallery
• Gollum
• HelpDEZk
• ImpressCMS
• ImpressPages
• Jamroom
• Joomla
• MODX Revolution
• Magnolia
• Mahara
• MantisBT
• MediaWiki
• Microweber

• MoinMoin
• MyBB
• Nibbleblog
• OpenCart
• PBBoard
• Piwigo
• PmWiki
• Roundcube
• SMF
• SPIP
• Serendipity
• SquirrelMail
• TestLink
• TikiWiki
• TinyTinyRSS
• Trac
• WikkaWiki
• WordPress
• Zenphoto
• Zikula
• Zimbra
• e107
• osDate
• ownCloud
• phpBB3
• phpMyAdmin

Installation

git clone https://github.com/fgeek/pyfiscan.git && cd pyfiscan
pip install -r requirements.lst

Usage:

 pyfiscan.py [--check-modes] [-p] [-l LEVEL] [-a NAME]
 pyfiscan.py -r <directory> [-l LEVEL] [-a NAME]
 pyfiscan.py --home <directory> [--check-modes] [-p] [-l LEVEL] [-a NAME]
 pyfiscan.py --check <FILE>
 pyfiscan.py --file <FILE> [-l LEVEL] [-a NAME]
 pyfiscan.py [-h|--help]
 pyfiscan.py --version

Options:

• -r DIR – Scans directories recursively.
• -p – Enable post process for php5.fcgi file checks.
• –home DIR – Specifies where the home-directories are located.
• –check FILE – Rechecks entries in old CSV files.
• –file FILE – Scan using list of filename/paths in FILE (e.g. locate output)
• –check-modes - Check using execution bit if we are allowed to traverse directories.
• -l LEVEL – Specifies logging level: info, debug.
• -a NAME – Scans only specific applications. Delimiter: ,

If you do not spesify recursive-option predefined directories are scanned, which are:

/home/user/sites/vhost/www
 /home/user/sites/vhost/secure-www
 /home/user/public_html

Source && Download