freewvs freewvs https://freewvs.schokokeks.org/ free w eb v - PowerPoint PPT Presentation

freewvs freewvs https://freewvs.schokokeks.org/ free w eb v ulnerability s canner Hanno Böck - hboeck.de @hanno - 1

Web applications 2

Let's assume you run a popular web application like Drupal, Joomla, Mediawiki etc. 3

Sometimes they have security vulnerabilities 4

And you forgot to update 5

And then you get hacked 6

Your blog now includes javascript to mine cryptocurrency, your server is sending spam and someone is hosting a phishing page 7

So better update 8

Or use Wordpress, it has auto-updates 9

What if you run a server for many users and you want to know if your users update their web application? 10

You would like to check 11

You need freewvs! 12

This is how it works: $ freewvs /var/www/ Joomla 3.9.11 (3.9.13) CVE-2019-18674 /var/www/example.org nextcloud 14.0.1 (14.0.5) CVE-2019-5449 /var/www/cloud.example.org MediaWiki 1.31.1 (1.31.5) CVE-2019-16738 /var/www/wiki.example.org $ 13

[ { "name": "MediaWiki", "url": "https://www.mediawiki.org/", "safe": "1.33.1", "old_safe": "1.32.5,1.31.5", "vuln": "CVE-2019-16738", "latest": "1.33.1", "detection": [ { "file": "DefaultSettings.php", "variable": "$wgVersion", "subdir": 1 } ] }, {...} ] 14

freewvs freewvs 12 years old and still good Free So�ware (CC0) Written in Python 3 Using some string matching and regular expressions to detect applications and version numbers Compares them to data about vulnerable versions 15

Try it! https://freewvs.schokokeks.org/ 16