def print_versions(items):
names = set([p['name'] for p in items])
for n in sorted(names):
versions_found = list()
for p in items:
if p['name'] == n:
version = p.get('version')
if version:
version = str(version)
version = version.replace("*", "0")
versions_found.append(
distutils.version.LooseVersion(version))
highest_version = "??"
if versions_found:
versions_found.sort()
highest_version = "%s" % (versions_found[-1])
print("|")
print("|--%s (%s)" %
(colored(n, 'blue'), colored(highest_version, 'yellow')))
metas = dict()
for p in items:
if p['name'] == n:
meta = p.get('meta')
if meta:
for (k, v) in meta.items():
metas[k] = v
if metas:
for (k, v) in metas.items():
print("|")
print("|---- %s => %s" %
(colored(k, 'blue'), colored(str(v), 'yellow')))
def print_versions(items):
names = set([p['name'] for p in items])
for n in sorted(names):
versions_found = list()
for p in items:
if p['name'] == n:
version = p.get('version')
if version:
version = str(version)
version = version.replace("*", "0")
versions_found.append(distutils.version.LooseVersion(version))
highest_version = "??"
if versions_found:
versions_found.sort()
highest_version = "%s" % (versions_found[-1])
print("|")
print("|--%s (%s)" % (colored(n, 'blue'), colored(highest_version, 'yellow')))
metas = dict()
for p in items:
if p['name'] == n:
meta = p.get('meta')
if meta:
for (k, v) in meta.items():
metas[k] = v
if metas:
for (k, v) in metas.items():
print("|")
print("|---- %s => %s" % (colored(k, 'blue'), colored(str(v), 'yellow')))
def scan_page(url):
retval = False
try:
hashes = dict()
scripts = dict()
content = _retrieve_content(url)
for match in re.finditer(r"<script[^>]+src=['\"]?([^>]+.js)\b",
content):
script = urlparse.urljoin(url, match.group(1))
if script not in scripts:
_ = _retrieve_content(script)
if _:
scripts[script] = _
hashes[hashlib.sha1(_).hexdigest()] = script
if scripts:
definitions = _get_definitions()
for _ in definitions["dont check"]["extractors"]["uri"]:
for script in dict(scripts):
if re.search(_, script):
del scripts[script]
for library, definition in definitions.items():
version = None
for item in definition["extractors"].get("hashes", {}).items():
if item[0] in hashes:
version = item[1]
for part in ("filename", "uri"):
for regex in (
_.replace(RETIRE_JS_VERSION_MARKER,
"(?P<version>[^\s]+)")
for _ in definition["extractors"].get(part, [])):
for script in scripts:
match = re.search(regex, script)
version = match.group(
"version") if match else version
for script, content in scripts.items():
for regex in (_.replace(RETIRE_JS_VERSION_MARKER,
"(?P<version>[^\s]+)")
for _ in definition["extractors"].get(
"filecontent", [])):
match = re.search(regex, content)
version = match.group("version") if match else version
if version:
for vulnerability in definition["vulnerabilities"]:
_ = vulnerability.get("atOrAbove", 0)
if distutils.version.LooseVersion(
str(_)
) <= version < distutils.version.LooseVersion(
vulnerability["below"]):
print " [x] %s %sv%s (< v%s) (info: '%s')" % (
library, ("" if not _ else "(v%s <) " % _),
version.replace(".min", ""),
vulnerability["below"], "; ".join(
vulnerability["info"]))
retval = True
except KeyboardInterrupt:
print "\r (x) Ctrl-C pressed"
return retval
def _sdk_url_deprecated(cls, version):
version_no_dots = version.replace('.', '')
return SDK_OLD_DOWNLOAD_URL % (version_no_dots, version)
def scan_page(url):
retval = False
try:
hashes = dict()
scripts = dict()
content = _retrieve_content(url)
for match in re.finditer(r"<script[^>]+src=['\"]?([^>]+.js)\b", content):
script = urlparse.urljoin(url, match.group(1))
if script not in scripts:
_ = _retrieve_content(script)
if _:
scripts[script] = _
hashes[hashlib.sha1(_).hexdigest()] = script
if scripts:
definitions = _get_definitions()
for _ in definitions["dont check"]["extractors"]["uri"]:
for script in dict(scripts):
if re.search(_, script):
del scripts[script]
for library, definition in definitions.items():
version = None
for item in definition["extractors"].get("hashes", {}).items():
if item[0] in hashes:
version = item[1]
for part in ("filename", "uri"):
for regex in (_.replace(RETIRE_JS_VERSION_MARKER, "(?P<version>[^\s]+)") for _ in definition["extractors"].get(part, [])):
for script in scripts:
match = re.search(regex, script)
version = match.group("version") if match else version
for script, content in scripts.items():
for regex in (_.replace(RETIRE_JS_VERSION_MARKER, "(?P<version>[^\s]+)") for _ in definition["extractors"].get("filecontent", [])):
match = re.search(regex, content)
version = match.group("version") if match else version
if version:
for vulnerability in definition["vulnerabilities"]:
_ = vulnerability.get("atOrAbove", 0)
if distutils.version.LooseVersion(str(_)) <= version < distutils.version.LooseVersion(vulnerability["below"]):
print " [x] %s %sv%s (< v%s) (info: '%s')" % (library, ("" if not _ else "(v%s <) " % _), version.replace(".min", ""), vulnerability["below"], "; ".join(vulnerability["info"]))
retval = True
except KeyboardInterrupt:
print "\r (x) Ctrl-C pressed"
return retval
