https://freewvs.schokokeks.org/
free web vulnerability scanner
Web applications
Let's assume you run a popular web application like Drupal, Joomla, MediaWiki etc.
Sometimes they have security vulnerabilities
And you forgot to update
And then you get hacked
Your blog now includes JavaScript to mine cryptocurrency, your server is sending spam and someone is hosting a phishing page
So better update
Or use Wordpress, it has auto-updates
What if you run a server for many users and you want to know if your users update their web application?
You would like to check
You need freewvs!
This is how it works:
$ freewvs /var/www/
Joomla 3.9.11 (3.9.13) CVE-2019-18674 /var/www/example.org
nextcloud 14.0.1 (14.0.5) CVE-2019-5449 /var/www/cloud.example.org
MediaWiki 1.31.1 (1.31.5) CVE-2019-16738 /var/www/wiki.example.org
$
[
{
"name": "MediaWiki",
"url": "https://www.mediawiki.org/",
"safe": "1.33.1",
"old_safe": "1.32.5,1.31.5",
"vuln": "CVE-2019-16738",
"latest": "1.33.1",
"detection": [
{
"file": "DefaultSettings.php",
"variable": "$wgVersion",
"subdir": 1
}
]
},
{...}
]
Try it!