SLIDE 1
freewvs freewvs
free web vulnerability scanner Hanno Böck -
- https://freewvs.schokokeks.org/
hboeck.de @hanno
1
Web applications
2
freewvs freewvs https://freewvs.schokokeks.org/ free w eb v - - PowerPoint PPT Presentation
freewvs freewvs https://freewvs.schokokeks.org/ free w eb v - - PowerPoint PPT Presentation
freewvs freewvs https://freewvs.schokokeks.org/ free w eb v ulnerability s canner Hanno Bck - hboeck.de @hanno - 1 Web applications 2 Let's assume you run a popular web application like Drupal, Joomla, Mediawiki etc. 3 Sometimes they
SLIDE 2
SLIDE 3
Let's assume you run a popular web application like Drupal, Joomla, Mediawiki etc.
3
SLIDE 4
Sometimes they have security vulnerabilities
4
SLIDE 5
And you forgot to update
5
SLIDE 6
And then you get hacked
6
SLIDE 7
Your blog now includes javascript to mine cryptocurrency, your server is sending spam and someone is hosting a phishing page
7
SLIDE 8
So better update
8
SLIDE 9
Or use Wordpress, it has auto-updates
9
SLIDE 10
What if you run a server for many users and you want to know if your users update their web application?
10
SLIDE 11
You would like to check
11
SLIDE 12
You need freewvs!
12
SLIDE 13
This is how it works:
$ freewvs /var/www/ Joomla 3.9.11 (3.9.13) CVE-2019-18674 /var/www/example.org nextcloud 14.0.1 (14.0.5) CVE-2019-5449 /var/www/cloud.example.org MediaWiki 1.31.1 (1.31.5) CVE-2019-16738 /var/www/wiki.example.org $
13
SLIDE 14
[ { "name": "MediaWiki", "url": "https://www.mediawiki.org/", "safe": "1.33.1", "old_safe": "1.32.5,1.31.5", "vuln": "CVE-2019-16738", "latest": "1.33.1", "detection": [ { "file": "DefaultSettings.php", "variable": "$wgVersion", "subdir": 1 } ] }, {...} ]
14
SLIDE 15
freewvs freewvs
12 years old and still good Free Soware (CC0) Written in Python 3 Using some string matching and regular expressions to detect applications and version numbers Compares them to data about vulnerable versions
15
SLIDE 16
Try it! https://freewvs.schokokeks.org/
16