vulnerability-check The simple script to perform Vulnerability Assessment
This simple script uses open source software (nmap, vFeed and DPE) and performs almost same task as Nessus or AVDS.
- vFeed – Aggregated Vulnerability Database – http://www.toolswatch.org/vfeed/
- DPE – Default Password Enumeration – http://www.toolswatch.org/dpe/
install
Debian/Ubuntu required packages:
$ sudo apt-get install nmap python2.7 php5-cli php5-sqlite -y
$ git clone https://code.google.com/p/vulnerability-check/ $ git clone https://github.com/toolswatch/vFeed.git && cd vFeed/ && python vfeed_update.py && cd .. $ mkdir dpe && cd dpe && wget http://www.toolswatch.org/dpe/dpeparser.py && python dpeparser.py -u && cd ../vulnerability-check/
vulnerability check
$ nmap -sV scanme.nmap.org -oX scanme.xml $ php vc.php ../vFeed/vfeed.db ../dpe/dpe_db.xml scanme.xml http://code.google.com/p/vulnerability-check/ (C) 2013 Adam Ziaja <adam@adamziaja.com> http://adamziaja.com 74.207.244.221 cpe:/a:openbsd:openssh:5.3p1 cpe:/a:apache:http_server:2.2.14 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6750 The Apache HTTP Server 1.x and 2.x allows remote attackers to cause a denial of service (daemon outage) via partial HTTP requests, as demonstrated by Slowloris, related to the lack of the mod_reqtimeout module in versions before 2.2.15. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2939 Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via a wildcard in the last directory component in the pathname in an FTP URI. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0408 The ap_proxy_ajp_request function in mod_proxy_ajp.c in mod_proxy_ajp in the Apache HTTP Server 2.2.x before 2.2.15 does not properly handle certain situations in which a client sends no request body, which allows remote attackers to cause a denial of service (backend server outage) via a crafted request, related to use of a 500 error code instead of the appropriate 400 error code. [...]
$ php vc.php ../vFeed/vfeed.db ../dpe/dpe_db.xml 192.168.13.37.xml http://code.google.com/p/vulnerability-check/ (C) 2013 Adam Ziaja <adam@adamziaja.com> http://adamziaja.com 192.168.13.37 cpe:/a:apache:axis2:1.5.2 https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2010-0219 Apache Axis2, as used in dswsbobje.war in SAP BusinessObjects Enterprise XI 3.2, CA ARCserve D2D r15, and other products, has a default password of axis2 for the admin account, which makes it easier for remote attackers to execute arbitrary code by uploading a crafted web service. https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-5785 Apache Axis2/Java 1.6.2 and earlier does not verify that the server hostname matches a domain name in the subject s Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate. username=admin password=axis2
(username and password from CVE-2010-0219)
[button size=medium style=round color=red align=none url=http://code.google.com/p/vulnerability-check/]Download[/button]
Tool submitted by Adam Ziaja (Author itself)