def print_versions(items): names = set([p['name'] for p in items]) for n in sorted(names): versions_found = list() for p in items: if p['name'] == n: version = p.get('version') if version: version = str(version) version = version.replace("*", "0") versions_found.append( distutils.version.LooseVersion(version)) highest_version = "??" if versions_found: versions_found.sort() highest_version = "%s" % (versions_found[-1]) print("|") print("|--%s (%s)" % (colored(n, 'blue'), colored(highest_version, 'yellow'))) metas = dict() for p in items: if p['name'] == n: meta = p.get('meta') if meta: for (k, v) in meta.items(): metas[k] = v if metas: for (k, v) in metas.items(): print("|") print("|---- %s => %s" % (colored(k, 'blue'), colored(str(v), 'yellow')))
def print_versions(items): names = set([p['name'] for p in items]) for n in sorted(names): versions_found = list() for p in items: if p['name'] == n: version = p.get('version') if version: version = str(version) version = version.replace("*", "0") versions_found.append(distutils.version.LooseVersion(version)) highest_version = "??" if versions_found: versions_found.sort() highest_version = "%s" % (versions_found[-1]) print("|") print("|--%s (%s)" % (colored(n, 'blue'), colored(highest_version, 'yellow'))) metas = dict() for p in items: if p['name'] == n: meta = p.get('meta') if meta: for (k, v) in meta.items(): metas[k] = v if metas: for (k, v) in metas.items(): print("|") print("|---- %s => %s" % (colored(k, 'blue'), colored(str(v), 'yellow')))
def scan_page(url): retval = False try: hashes = dict() scripts = dict() content = _retrieve_content(url) for match in re.finditer(r"<script[^>]+src=['\"]?([^>]+.js)\b", content): script = urlparse.urljoin(url, match.group(1)) if script not in scripts: _ = _retrieve_content(script) if _: scripts[script] = _ hashes[hashlib.sha1(_).hexdigest()] = script if scripts: definitions = _get_definitions() for _ in definitions["dont check"]["extractors"]["uri"]: for script in dict(scripts): if re.search(_, script): del scripts[script] for library, definition in definitions.items(): version = None for item in definition["extractors"].get("hashes", {}).items(): if item[0] in hashes: version = item[1] for part in ("filename", "uri"): for regex in ( _.replace(RETIRE_JS_VERSION_MARKER, "(?P<version>[^\s]+)") for _ in definition["extractors"].get(part, [])): for script in scripts: match = re.search(regex, script) version = match.group( "version") if match else version for script, content in scripts.items(): for regex in (_.replace(RETIRE_JS_VERSION_MARKER, "(?P<version>[^\s]+)") for _ in definition["extractors"].get( "filecontent", [])): match = re.search(regex, content) version = match.group("version") if match else version if version: for vulnerability in definition["vulnerabilities"]: _ = vulnerability.get("atOrAbove", 0) if distutils.version.LooseVersion( str(_) ) <= version < distutils.version.LooseVersion( vulnerability["below"]): print " [x] %s %sv%s (< v%s) (info: '%s')" % ( library, ("" if not _ else "(v%s <) " % _), version.replace(".min", ""), vulnerability["below"], "; ".join( vulnerability["info"])) retval = True except KeyboardInterrupt: print "\r (x) Ctrl-C pressed" return retval
def _sdk_url_deprecated(cls, version): version_no_dots = version.replace('.', '') return SDK_OLD_DOWNLOAD_URL % (version_no_dots, version)
def scan_page(url): retval = False try: hashes = dict() scripts = dict() content = _retrieve_content(url) for match in re.finditer(r"<script[^>]+src=['\"]?([^>]+.js)\b", content): script = urlparse.urljoin(url, match.group(1)) if script not in scripts: _ = _retrieve_content(script) if _: scripts[script] = _ hashes[hashlib.sha1(_).hexdigest()] = script if scripts: definitions = _get_definitions() for _ in definitions["dont check"]["extractors"]["uri"]: for script in dict(scripts): if re.search(_, script): del scripts[script] for library, definition in definitions.items(): version = None for item in definition["extractors"].get("hashes", {}).items(): if item[0] in hashes: version = item[1] for part in ("filename", "uri"): for regex in (_.replace(RETIRE_JS_VERSION_MARKER, "(?P<version>[^\s]+)") for _ in definition["extractors"].get(part, [])): for script in scripts: match = re.search(regex, script) version = match.group("version") if match else version for script, content in scripts.items(): for regex in (_.replace(RETIRE_JS_VERSION_MARKER, "(?P<version>[^\s]+)") for _ in definition["extractors"].get("filecontent", [])): match = re.search(regex, content) version = match.group("version") if match else version if version: for vulnerability in definition["vulnerabilities"]: _ = vulnerability.get("atOrAbove", 0) if distutils.version.LooseVersion(str(_)) <= version < distutils.version.LooseVersion(vulnerability["below"]): print " [x] %s %sv%s (< v%s) (info: '%s')" % (library, ("" if not _ else "(v%s <) " % _), version.replace(".min", ""), vulnerability["below"], "; ".join(vulnerability["info"])) retval = True except KeyboardInterrupt: print "\r (x) Ctrl-C pressed" return retval