Exemplo n.º 1
0
def print_versions(items):
    names = set([p['name'] for p in items])
    for n in sorted(names):
        versions_found = list()
        for p in items:
            if p['name'] == n:
                version = p.get('version')
                if version:
                    version = str(version)
                    version = version.replace("*", "0")
                    versions_found.append(
                        distutils.version.LooseVersion(version))
        highest_version = "??"
        if versions_found:
            versions_found.sort()
            highest_version = "%s" % (versions_found[-1])
        print("|")
        print("|--%s (%s)" %
              (colored(n, 'blue'), colored(highest_version, 'yellow')))
        metas = dict()
        for p in items:
            if p['name'] == n:
                meta = p.get('meta')
                if meta:
                    for (k, v) in meta.items():
                        metas[k] = v
        if metas:
            for (k, v) in metas.items():
                print("|")
                print("|---- %s => %s" %
                      (colored(k, 'blue'), colored(str(v), 'yellow')))
def print_versions(items):
    names = set([p['name'] for p in items])
    for n in sorted(names):
        versions_found = list()
        for p in items:
            if p['name'] == n:
                version = p.get('version')
                if version:
                    version = str(version)
                    version = version.replace("*", "0")
                    versions_found.append(distutils.version.LooseVersion(version))
        highest_version = "??"
        if versions_found:
            versions_found.sort()
            highest_version = "%s" % (versions_found[-1])
        print("|")
        print("|--%s (%s)" % (colored(n, 'blue'), colored(highest_version, 'yellow')))
        metas = dict()
        for p in items:
            if p['name'] == n:
                meta = p.get('meta')
                if meta:
                    for (k, v) in meta.items():
                        metas[k] = v
        if metas:
            for (k, v) in metas.items():
                print("|")
                print("|---- %s => %s" % (colored(k, 'blue'), colored(str(v), 'yellow')))
Exemplo n.º 3
0
def scan_page(url):
    retval = False
    try:
        hashes = dict()
        scripts = dict()
        content = _retrieve_content(url)
        for match in re.finditer(r"<script[^>]+src=['\"]?([^>]+.js)\b",
                                 content):
            script = urlparse.urljoin(url, match.group(1))
            if script not in scripts:
                _ = _retrieve_content(script)
                if _:
                    scripts[script] = _
                    hashes[hashlib.sha1(_).hexdigest()] = script
        if scripts:
            definitions = _get_definitions()
            for _ in definitions["dont check"]["extractors"]["uri"]:
                for script in dict(scripts):
                    if re.search(_, script):
                        del scripts[script]
            for library, definition in definitions.items():
                version = None
                for item in definition["extractors"].get("hashes", {}).items():
                    if item[0] in hashes:
                        version = item[1]
                for part in ("filename", "uri"):
                    for regex in (
                            _.replace(RETIRE_JS_VERSION_MARKER,
                                      "(?P<version>[^\s]+)")
                            for _ in definition["extractors"].get(part, [])):
                        for script in scripts:
                            match = re.search(regex, script)
                            version = match.group(
                                "version") if match else version
                for script, content in scripts.items():
                    for regex in (_.replace(RETIRE_JS_VERSION_MARKER,
                                            "(?P<version>[^\s]+)")
                                  for _ in definition["extractors"].get(
                                      "filecontent", [])):
                        match = re.search(regex, content)
                        version = match.group("version") if match else version
                if version:
                    for vulnerability in definition["vulnerabilities"]:
                        _ = vulnerability.get("atOrAbove", 0)
                        if distutils.version.LooseVersion(
                                str(_)
                        ) <= version < distutils.version.LooseVersion(
                                vulnerability["below"]):
                            print " [x] %s %sv%s (< v%s) (info: '%s')" % (
                                library, ("" if not _ else "(v%s <) " % _),
                                version.replace(".min", ""),
                                vulnerability["below"], "; ".join(
                                    vulnerability["info"]))
                            retval = True
    except KeyboardInterrupt:
        print "\r (x) Ctrl-C pressed"
    return retval
Exemplo n.º 4
0
    def _sdk_url_deprecated(cls, version):
        version_no_dots = version.replace('.', '')

        return SDK_OLD_DOWNLOAD_URL % (version_no_dots, version)
Exemplo n.º 5
0
def scan_page(url):
    retval = False
    try:
        hashes = dict()
        scripts = dict()
        content = _retrieve_content(url)
        for match in re.finditer(r"<script[^>]+src=['\"]?([^>]+.js)\b", content):
            script = urlparse.urljoin(url, match.group(1))
            if script not in scripts:
                _ = _retrieve_content(script)
                if _:
                    scripts[script] = _
                    hashes[hashlib.sha1(_).hexdigest()] = script
        if scripts:
            definitions = _get_definitions()
            for _ in definitions["dont check"]["extractors"]["uri"]:
                for script in dict(scripts):
                    if re.search(_, script):
                        del scripts[script]
            for library, definition in definitions.items():
                version = None
                for item in definition["extractors"].get("hashes", {}).items():
                    if item[0] in hashes:
                        version = item[1]
                for part in ("filename", "uri"):
                    for regex in (_.replace(RETIRE_JS_VERSION_MARKER, "(?P<version>[^\s]+)") for _ in definition["extractors"].get(part, [])):
                        for script in scripts:
                            match = re.search(regex, script)
                            version = match.group("version") if match else version
                for script, content in scripts.items():
                    for regex in (_.replace(RETIRE_JS_VERSION_MARKER, "(?P<version>[^\s]+)") for _ in definition["extractors"].get("filecontent", [])):
                        match = re.search(regex, content)
                        version = match.group("version") if match else version
                if version:
                    for vulnerability in definition["vulnerabilities"]:
                        _ = vulnerability.get("atOrAbove", 0)
                        if distutils.version.LooseVersion(str(_)) <= version < distutils.version.LooseVersion(vulnerability["below"]):
                            print " [x] %s %sv%s (< v%s) (info: '%s')" % (library, ("" if not _ else "(v%s <) " % _), version.replace(".min", ""), vulnerability["below"], "; ".join(vulnerability["info"]))
                            retval = True
    except KeyboardInterrupt:
        print "\r (x) Ctrl-C pressed"
    return retval