v0.6.2
This commit is contained in:
whoot
@@ -1,3 +1,8 @@
|
|||||||
|
## Version 0.6.2
|
||||||
|
|
||||||
|
* Bugfix in extension vulnerability parsing
|
||||||
|
* Bugfix on database reset
|
||||||
|
|
||||||
## Version 0.6.1
|
## Version 0.6.1
|
||||||
|
|
||||||
* Bugfix of URL determination
|
* Bugfix of URL determination
|
||||||
|
|||||||
@@ -33,7 +33,7 @@ class DB_Init:
|
|||||||
c.execute('''DROP TABLE IF EXISTS extensions''')
|
c.execute('''DROP TABLE IF EXISTS extensions''')
|
||||||
c.execute('''DROP TABLE IF EXISTS extension_vulns''')
|
c.execute('''DROP TABLE IF EXISTS extension_vulns''')
|
||||||
c.execute('''DROP TABLE IF EXISTS core_vulns''')
|
c.execute('''DROP TABLE IF EXISTS core_vulns''')
|
||||||
c.execute('''DROP TABLE IF EXISTS settings''')
|
c.execute('''DROP TABLE IF EXISTS UserAgents''')
|
||||||
conn.commit()
|
conn.commit()
|
||||||
|
|
||||||
# Create table extensions
|
# Create table extensions
|
||||||
@@ -42,11 +42,11 @@ class DB_Init:
|
|||||||
|
|
||||||
# Create table extension_vulns
|
# Create table extension_vulns
|
||||||
c.execute('''CREATE TABLE IF NOT EXISTS extension_vulns
|
c.execute('''CREATE TABLE IF NOT EXISTS extension_vulns
|
||||||
(advisory text, extensionkey text, vulnerability text, branch_max integer, affected_version_max text, branch_max integer, affected_version_min text)''')
|
(advisory text, extensionkey text, vulnerability text, affected_version_max text, affected_version_min text)''')
|
||||||
|
|
||||||
# Create table core_vulns
|
# Create table core_vulns
|
||||||
c.execute('''CREATE TABLE IF NOT EXISTS core_vulns
|
c.execute('''CREATE TABLE IF NOT EXISTS core_vulns
|
||||||
(advisory text, vulnerability text, subcomponent text, branch_max integer, affected_version_max text, branch_max integer, affected_version_min text, cve text)''')
|
(advisory text, vulnerability text, subcomponent text, affected_version_max text, affected_version_min text, cve text)''')
|
||||||
|
|
||||||
# Create table UserAgents
|
# Create table UserAgents
|
||||||
c.execute('''CREATE TABLE IF NOT EXISTS UserAgents
|
c.execute('''CREATE TABLE IF NOT EXISTS UserAgents
|
||||||
@@ -83,7 +83,7 @@ class DB_Init:
|
|||||||
if conn:
|
if conn:
|
||||||
conn.rollback()
|
conn.rollback()
|
||||||
print(e)
|
print(e)
|
||||||
sys.exit(-1)
|
exit(-1)
|
||||||
|
|
||||||
finally:
|
finally:
|
||||||
if conn:
|
if conn:
|
||||||
|
|||||||
BIN
lib/typo3scan.db
BIN
lib/typo3scan.db
Binary file not shown.
@@ -153,19 +153,18 @@ class Update:
|
|||||||
exit(-1)
|
exit(-1)
|
||||||
|
|
||||||
# Add vulnerability details to database
|
# Add vulnerability details to database
|
||||||
for ext_vuln in vulnerabilities:
|
for core_vuln in vulnerabilities:
|
||||||
c.execute('SELECT * FROM core_vulns WHERE advisory=? AND vulnerability=? AND subcomponent=? AND affected_version_max=? AND affected_version_min=? AND cve=?', (ext_vuln[0], ext_vuln[1], ext_vuln[2], ext_vuln[3], ext_vuln[4], ext_vuln[5],))
|
c.execute('SELECT * FROM core_vulns WHERE advisory=? AND vulnerability=? AND subcomponent=? AND affected_version_max=? AND affected_version_min=? AND cve=?', (core_vuln[0], core_vuln[1], core_vuln[2], core_vuln[3], core_vuln[4], core_vuln[5],))
|
||||||
data = c.fetchall()
|
data = c.fetchall()
|
||||||
if not data:
|
if not data:
|
||||||
update_counter+=1
|
update_counter+=1
|
||||||
c.execute('INSERT INTO core_vulns VALUES (?,?,?,?,?,?)', (ext_vuln[0], ext_vuln[1], ext_vuln[2], ext_vuln[3], ext_vuln[4], ext_vuln[5],))
|
c.execute('INSERT INTO core_vulns VALUES (?,?,?,?,?,?)', (core_vuln[0], core_vuln[1], core_vuln[2], core_vuln[3], core_vuln[4], core_vuln[5]))
|
||||||
conn.commit()
|
conn.commit()
|
||||||
else:
|
else:
|
||||||
if update_counter == 0:
|
if update_counter == 0:
|
||||||
print('[!] Already up-to-date.\n')
|
print('[!] Already up-to-date.\n')
|
||||||
else:
|
else:
|
||||||
print('[+] Done.')
|
print(' \u2514 Done. Added {} new CORE vulnerabilities to database.\n'.format(update_counter))
|
||||||
print('[!] Added {} new CORE vulnerabilities to database.\n'.format(update_counter))
|
|
||||||
return True
|
return True
|
||||||
|
|
||||||
def dlProgress(self, count, blockSize, totalSize):
|
def dlProgress(self, count, blockSize, totalSize):
|
||||||
@@ -191,7 +190,7 @@ class Update:
|
|||||||
infile.close()
|
infile.close()
|
||||||
outfile.close()
|
outfile.close()
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print ('\n', e)
|
print('\n', e)
|
||||||
|
|
||||||
def load_extensions(self):
|
def load_extensions(self):
|
||||||
"""
|
"""
|
||||||
@@ -275,10 +274,14 @@ class Update:
|
|||||||
extensionkey = re.findall('Extension[s]?:\s?(.*?)<', beauty_html)
|
extensionkey = re.findall('Extension[s]?:\s?(.*?)<', beauty_html)
|
||||||
# Sometimes there are multiple extensions in an advisory
|
# Sometimes there are multiple extensions in an advisory
|
||||||
if len(extensionkey) == 0: # If only one extension affected
|
if len(extensionkey) == 0: # If only one extension affected
|
||||||
extensionkey = [advisory_info[advisory_info.find('('):]]
|
if not '(' in advisory_info:
|
||||||
|
extensionkey = [advisory_info[advisory_info.rfind(' ')+1:]]
|
||||||
|
else:
|
||||||
|
extensionkey = [advisory_info[advisory_info.find('('):]]
|
||||||
for item in range (0, len(extensionkey)):
|
for item in range (0, len(extensionkey)):
|
||||||
extensionkey_item = extensionkey[item]
|
extensionkey_item = extensionkey[item]
|
||||||
extensionkey_item = extensionkey_item[extensionkey_item.rfind('(')+1:extensionkey_item.rfind(')')]
|
if '(' in extensionkey_item:
|
||||||
|
extensionkey_item = extensionkey_item[extensionkey_item.rfind('(')+1:extensionkey_item.rfind(')')]
|
||||||
description = vulnerability[item]
|
description = vulnerability[item]
|
||||||
version_item = affected_versions[item]
|
version_item = affected_versions[item]
|
||||||
version_item = version_item.replace("and all versions below", "- 0.0.0")
|
version_item = version_item.replace("and all versions below", "- 0.0.0")
|
||||||
|
|||||||
@@ -18,7 +18,7 @@
|
|||||||
# along with this program. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
|
# along with this program. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
|
||||||
#-------------------------------------------------------------------------------
|
#-------------------------------------------------------------------------------
|
||||||
|
|
||||||
__version__ = '0.6.1'
|
__version__ = '0.6.2'
|
||||||
__program__ = 'Typo3Scan'
|
__program__ = 'Typo3Scan'
|
||||||
__description__ = 'Automatic Typo3 enumeration tool'
|
__description__ = 'Automatic Typo3 enumeration tool'
|
||||||
__author__ = 'https://github.com/whoot'
|
__author__ = 'https://github.com/whoot'
|
||||||
|
|||||||
Reference in New Issue
Block a user