Rev 9 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
8 | daniel-mar | 1 | <?php /* <ViaThinkSoftSignature> |
10 | daniel-mar | 2 | Df9NfmFmHOn8nGetEQpngqn15a+ckYK/yw+2XGr9FP+WXDpB7WLwB+no6P2OcHzm3 |
3 | ODFOZ5lZYUWnvFovCkuRtpjcFDiBvFM8hjdRXoGmLfGrUHpr8W10oVbuQtRbTPT0P |
||
4 | MsNYV5O+xkCkIsnryk6T6YFiL7zRKHCuj697tTbzVv0fYUGqW4S5rAU7PgJqyBZgr |
||
5 | 8azwaT6q4Wof74EEVf4ol5R1uvI6q2zf36Lk7dIObehz189E2+GkXzAWAixbc+scl |
||
6 | CzQ3hhVOjZHL6XFz0dkTaUYaJW78A14agFK0lMVB4c9TDzgDYVL325FtkSOgeAduy |
||
7 | 5XmIvC8MrOMqyCRPT2qqOlseSkXkrK9zkyy0Cj080Muu3TC6T0jYA0I/HdnlU2ryG |
||
8 | n2GQOyPPdTZByDSTijD5288KQ9xgWXuL9I3x7sslll2J3O9HPAkvVsXcn31B3JwAG |
||
9 | JqSd4J02jPVx24Vw7GQIQRcMmRnpU5PKInzfLq5QCsx9JBcOISl+RHzkMjZqaJveB |
||
10 | 577GXCnxMWfnzYkmBR7PZLvDPr6Vu37Wl5SYSA49OBEAJ20Fen3Yk0IX6UdVPlvRM |
||
11 | EA1MgAvw9pHuHzV2fuAegDbRYeUVRzTYd+56Y3v1UcH5UKoML/OT/zi9VHfGKtglm |
||
12 | dUALn66c2bKGErATQ6h8mhYMEmszgU1O3va2XCP6GkQkctcCw1Cx4zbtZnCoE8mI0 |
||
13 | siWLa+aLIVgRDdBqbR80a8WnBImZRKRP+ZTTSBQ5jDxHC/Vgr9YlNExNpA6BSW9mp |
||
14 | v56COWgRMDQH5qCd950fh8jRao5cuhhf75DvUGeai3bx7V3dqwPmieAOaFNUhV2CG |
||
15 | iZzUPowmQx0uqaQQx5wxdehxbZUXtMChO9fIA+xdECgeGHIgI+0p31e0SR9xrsZmY |
||
16 | +OpHlWRm/KbfM6EdNICh1W7hxAVQwyEhusqVU9jKiDtVzxadipfVw1ou+QT5SgANk |
||
17 | ZuwnTxIIs9R2QezRq2yydz45eKW2d5RXb4T77vE1YSPTVaVnAOScAqVrLQK79QX0J |
||
18 | sOP+47NGMfp9kUxInGV8UlzgYMBVZTT+ezIXmr6vwlg6Dj27OYReeminNoA/eku3L |
||
19 | Fyya17WUAd0vI4ByJsiRWRoJv6z2l1PDtOpwp0uZs57fqyUZJTUIEELdNPu89l10g |
||
20 | uK4tpsB4MHsWG9vGLy+1yvVbmD32kM5ZvHgMFktxXx1AzC3gAI52mQ3ljJOZ1LFX+ |
||
21 | 3q7nkMcN/HWolPFsRbsuc2rF7R6pQE4mkkVepoAlt+T6UFDnRykr7C+MRZ6k2upun |
||
22 | ESXhOqJcuyItT24eizoccENvAVhbGpZ2pfirheqZ0v+FlevvgASyNSUPk+tp/uWMx |
||
23 | Q== |
||
8 | daniel-mar | 24 | </ViaThinkSoftSignature> */ ?> |
25 | <?php |
||
26 | |||
27 | /* |
||
28 | * VNag - Nagios Framework for PHP |
||
29 | * Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com> |
||
30 | * Licensed under the terms of the Apache 2.0 license |
||
31 | * |
||
10 | daniel-mar | 32 | * Revision 2019-11-15 |
8 | daniel-mar | 33 | */ |
34 | |||
35 | declare(ticks=1); |
||
36 | |||
37 | class OpenBugBountyCheck extends VNag { |
||
38 | protected $argDomain = null; |
||
39 | |||
40 | public function __construct() { |
||
41 | parent::__construct(); |
||
42 | |||
43 | $this->registerExpectedStandardArguments('Vvht'); |
||
44 | |||
45 | $this->getHelpManager()->setPluginName('check_openbugbounty'); |
||
46 | $this->getHelpManager()->setVersion('1.0'); |
||
47 | $this->getHelpManager()->setShortDescription('This plugin checks if a domain has unfixed vulnerabilities listed at OpenBugBounty.org.'); |
||
48 | $this->getHelpManager()->setCopyright('Copyright (C) 2011-$CURYEAR$ Daniel Marschall, ViaThinkSoft.'); |
||
49 | $this->getHelpManager()->setSyntax('$SCRIPTNAME$ [-d <directory>]'); |
||
50 | $this->getHelpManager()->setFootNotes('If you encounter bugs, please contact ViaThinkSoft at www.viathinksoft.com'); |
||
51 | |||
52 | // Individual (non-standard) arguments: |
||
9 | daniel-mar | 53 | $this->addExpectedArgument($this->argDomain = new VNagArgument('d', 'domain', VNagArgument::VALUE_REQUIRED, 'domainOrFile', 'Domain(s) or subdomain(s), separated by comma, to be checked or a file containing domain names.')); |
8 | daniel-mar | 54 | } |
55 | |||
56 | protected function get_cache_dir() { |
||
57 | $homedir = @getenv('HOME'); |
||
58 | if ($homedir) { |
||
59 | $try = "${homedir}/.vnag_obb_cache"; |
||
60 | if (is_dir($try)) return $try; |
||
61 | if (@mkdir($try)) return $try; |
||
62 | } |
||
63 | |||
64 | $user = posix_getpwuid(posix_geteuid()); |
||
65 | if (isset($user['dir'])) { |
||
66 | $homedir = $user['dir']; |
||
67 | $try = "${homedir}/.vnag_obb_cache"; |
||
68 | if (is_dir($try)) return $try; |
||
69 | if (@mkdir($try)) return $try; |
||
70 | } |
||
71 | |||
72 | if (isset($user['name'])) { |
||
73 | $username = $user['name']; |
||
74 | $try = "/tmp/vnag_obb_cache"; |
||
75 | if (is_dir($try)) return $try; |
||
76 | if (@mkdir($try)) return $try; |
||
77 | } |
||
78 | |||
79 | return false; // should usually never happen |
||
80 | } |
||
81 | |||
82 | function num_open_bugs($domain, $max_cache_time = 3600) { // TODO: make cache time configurable via config |
||
83 | $domain = strtolower($domain); |
||
84 | $cache_file = $this->get_cache_dir() . '/' . md5($domain); |
||
85 | |||
86 | if (file_exists($cache_file) && (time()-filemtime($cache_file) < $max_cache_time)) { |
||
87 | $cont = file_get_contents($cache_file); |
||
88 | } else { |
||
89 | $url = 'https://www.openbugbounty.org/api/1/search/?domain='.urlencode($domain); |
||
90 | $cont = file_get_contents($url); |
||
91 | file_put_contents($cache_file, $cont); |
||
92 | } |
||
93 | |||
94 | $fixed = 0; |
||
95 | $unfixed = 0; |
||
96 | |||
97 | $xml = simplexml_load_string($cont); |
||
98 | foreach ($xml as $x) { |
||
99 | if ($x->fixed == '1') $fixed++; |
||
100 | if ($x->fixed == '0') $unfixed++; |
||
101 | } |
||
102 | |||
103 | return array($fixed, $unfixed); |
||
104 | } |
||
105 | |||
106 | protected function cbRun($optional_args=array()) { |
||
107 | $domain = $this->argDomain->getValue(); |
||
108 | if (empty($domain)) { |
||
109 | throw new Exception("Please specify a domain or subdomain."); |
||
110 | } |
||
111 | |||
112 | if (file_exists($domain)) { |
||
9 | daniel-mar | 113 | // Possibility 1: File containing a list of domains |
8 | daniel-mar | 114 | $domains = file($domain); |
115 | $sum_fixed = 0; |
||
116 | $sum_unfixed = 0; |
||
117 | $count = 0; |
||
118 | foreach ($domains as $domain) { |
||
119 | $domain = trim($domain); |
||
120 | if ($domain == '') continue; |
||
121 | if ($domain[0] == '#') continue; |
||
122 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
||
123 | $sum_fixed += $fixed; |
||
124 | $sum_unfixed += $unfixed; |
||
125 | $count++; |
||
10 | daniel-mar | 126 | $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", $unfixed > 0 ? VNag::VERBOSITY_SUMMARY : VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
8 | daniel-mar | 127 | } |
128 | if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
129 | if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
||
130 | $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
||
10 | daniel-mar | 131 | } else if (strpos($domain, ',') !== false) { |
9 | daniel-mar | 132 | // Possibility 2: Domains separated with comma |
133 | $domains = explode(',', $domain); |
||
134 | $sum_fixed = 0; |
||
135 | $sum_unfixed = 0; |
||
136 | $count = 0; |
||
137 | foreach ($domains as $domain) { |
||
138 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
||
139 | $sum_fixed += $fixed; |
||
140 | $sum_unfixed += $unfixed; |
||
141 | $count++; |
||
10 | daniel-mar | 142 | $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", $unfixed > 0 ? VNag::VERBOSITY_SUMMARY : VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
9 | daniel-mar | 143 | } |
144 | if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
145 | if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
||
146 | $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
||
8 | daniel-mar | 147 | } else { |
9 | daniel-mar | 148 | // Possibility 3: Single domain |
8 | daniel-mar | 149 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
150 | if ($unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
151 | if ($unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when bug is disclosed |
||
152 | $this->setHeadline("$fixed fixed and $unfixed unfixed issues found at $domain", true); |
||
153 | } |
||
154 | } |
||
155 | } |
||
9 | daniel-mar | 156 |