Category

Vulnerability Scanning

Inputs

urls
file
required
List of web server URLs
header
string
Header(s) to include in HTTP requests
rate-limit
string
Maximum number of requests to send per second per machine
header-file
file
Header(s) to include in HTTP requests

Outputs

findings

Scan for Outdated Software

Description

Scan for outdated software with known publicly exploitable vulnerabilities from the CVE and CNVD databases.

Features

  • Checks for vulnerable software listed in the CVE and CNVD databases.
  • Uses proof-of-concept (PoC) scanning to highlight only exploitable vulnerabilities and minimize false positives.
  • Can scan thousands of web servers simultaneously.

Inputs

Required

  • urls: a list of URLs
https://foo.example.com

https://bar.example.com

Optional

  • header: Header(s) to include in HTTP requests
  • header-file: File with header(s) to include in HTTP requests
  • rate-limit: Maximum number of requests to send per second per machine (default: 300)

Outputs

  • findings: JSONLines records of finding details.
{"finding": "WordPress HTML5 Video Player - SQL Injection", "location": "https://foo.example.com/?rest_route=/h5vp/v1/view/1&id=1'+AND+(SELECT+1+FROM+(SELECT(SLEEP(6)))a)--+-", "severity": "critical", "hostname": "foo.example.com", "domain_name": "example.com", "method": "GET", "description": "WordPress HTML5 Video Player plugin is vulnerable to SQL injection. An unauthenticated attacker can exploit this vulnerability to perform SQL injection attacks"}

{"finding": "Citrix Gateway and Citrix ADC - Cross-Site Scripting", "location": "https://bar.example.com/oauth/idp/logout?post_logout_redirect_uri=%0d%0a%0d%0a<script>alert(document.domain)</script>", "severity": "medium", "hostname": "bar.example.com", "domain_name": "example.com", "method": "GET", "description": "Citrix ADC and Citrix Gateway versions before 13.1 and 13.1-45.61, 13.0 and 13.0-90.11, 12.1 and 12.1-65.35 contain a cross-site scripting vulnerability due to improper input validation."}

Changelog

  • v1.0.0
    • Initial release
  • v1.1.0
    • Added header-file input
  • v1.2.0
    • Added recursive scanning to detect vulnerabilities at every level of the input URL paths