Features

Scan for Outdated Software

Description

Scan for outdated software with known publicly exploitable vulnerabilities from the CVE and CNVD databases.

Features

Checks for vulnerable software listed in the CVE and CNVD databases.
Uses proof-of-concept (PoC) scanning to highlight only exploitable vulnerabilities and minimize false positives.
Can scan thousands of web servers simultaneously.

Inputs

Required

urls: a list of URLs

https://foo.example.com
https://bar.example.com

Optional

header: Header(s) to include in HTTP requests
header-file: File with header(s) to include in HTTP requests
rate-limit: Maximum number of requests to send per second per machine (default: 300)

Outputs

findings: JSONLines records of finding details.

{"finding": "WordPress HTML5 Video Player - SQL Injection", "location": "https://foo.example.com/?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-", "severity": "critical", "hostname": "foo.example.com", "domain_name": "example.com", "method": "GET", "description": "WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks"}
{"finding": "Citrix Gateway and Citrix ADC - Cross-Site Scripting", "location": "https://bar.example.com/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>", "severity": "medium", "hostname": "bar.example.com", "domain_name": "example.com", "method": "GET", "description": "Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation."}

Changelog

v1.0.0
- Initial release
v1.1.0
- Added header-file input

Library

Inputs

Outputs

​Features

​Scan for Outdated Software

​Description

​Features

​Inputs

​Required

​Optional

​Outputs

​Changelog

Features

Scan for Outdated Software

Description

Features

Inputs

Required

Optional

Outputs

Changelog