Rev 9 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 8 | daniel-mar | 1 | <?php /* <ViaThinkSoftSignature> |
| 10 | daniel-mar | 2 | Df9NfmFmHOn8nGetEQpngqn15a+ckYK/yw+2XGr9FP+WXDpB7WLwB+no6P2OcHzm3 |
| 3 | ODFOZ5lZYUWnvFovCkuRtpjcFDiBvFM8hjdRXoGmLfGrUHpr8W10oVbuQtRbTPT0P |
||
| 4 | MsNYV5O+xkCkIsnryk6T6YFiL7zRKHCuj697tTbzVv0fYUGqW4S5rAU7PgJqyBZgr |
||
| 5 | 8azwaT6q4Wof74EEVf4ol5R1uvI6q2zf36Lk7dIObehz189E2+GkXzAWAixbc+scl |
||
| 6 | CzQ3hhVOjZHL6XFz0dkTaUYaJW78A14agFK0lMVB4c9TDzgDYVL325FtkSOgeAduy |
||
| 7 | 5XmIvC8MrOMqyCRPT2qqOlseSkXkrK9zkyy0Cj080Muu3TC6T0jYA0I/HdnlU2ryG |
||
| 8 | n2GQOyPPdTZByDSTijD5288KQ9xgWXuL9I3x7sslll2J3O9HPAkvVsXcn31B3JwAG |
||
| 9 | JqSd4J02jPVx24Vw7GQIQRcMmRnpU5PKInzfLq5QCsx9JBcOISl+RHzkMjZqaJveB |
||
| 10 | 577GXCnxMWfnzYkmBR7PZLvDPr6Vu37Wl5SYSA49OBEAJ20Fen3Yk0IX6UdVPlvRM |
||
| 11 | EA1MgAvw9pHuHzV2fuAegDbRYeUVRzTYd+56Y3v1UcH5UKoML/OT/zi9VHfGKtglm |
||
| 12 | dUALn66c2bKGErATQ6h8mhYMEmszgU1O3va2XCP6GkQkctcCw1Cx4zbtZnCoE8mI0 |
||
| 13 | siWLa+aLIVgRDdBqbR80a8WnBImZRKRP+ZTTSBQ5jDxHC/Vgr9YlNExNpA6BSW9mp |
||
| 14 | v56COWgRMDQH5qCd950fh8jRao5cuhhf75DvUGeai3bx7V3dqwPmieAOaFNUhV2CG |
||
| 15 | iZzUPowmQx0uqaQQx5wxdehxbZUXtMChO9fIA+xdECgeGHIgI+0p31e0SR9xrsZmY |
||
| 16 | +OpHlWRm/KbfM6EdNICh1W7hxAVQwyEhusqVU9jKiDtVzxadipfVw1ou+QT5SgANk |
||
| 17 | ZuwnTxIIs9R2QezRq2yydz45eKW2d5RXb4T77vE1YSPTVaVnAOScAqVrLQK79QX0J |
||
| 18 | sOP+47NGMfp9kUxInGV8UlzgYMBVZTT+ezIXmr6vwlg6Dj27OYReeminNoA/eku3L |
||
| 19 | Fyya17WUAd0vI4ByJsiRWRoJv6z2l1PDtOpwp0uZs57fqyUZJTUIEELdNPu89l10g |
||
| 20 | uK4tpsB4MHsWG9vGLy+1yvVbmD32kM5ZvHgMFktxXx1AzC3gAI52mQ3ljJOZ1LFX+ |
||
| 21 | 3q7nkMcN/HWolPFsRbsuc2rF7R6pQE4mkkVepoAlt+T6UFDnRykr7C+MRZ6k2upun |
||
| 22 | ESXhOqJcuyItT24eizoccENvAVhbGpZ2pfirheqZ0v+FlevvgASyNSUPk+tp/uWMx |
||
| 23 | Q== |
||
| 8 | daniel-mar | 24 | </ViaThinkSoftSignature> */ ?> |
| 25 | <?php |
||
| 26 | |||
| 27 | /* |
||
| 28 | * VNag - Nagios Framework for PHP |
||
| 29 | * Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com> |
||
| 30 | * Licensed under the terms of the Apache 2.0 license |
||
| 31 | * |
||
| 10 | daniel-mar | 32 | * Revision 2019-11-15 |
| 8 | daniel-mar | 33 | */ |
| 34 | |||
| 35 | declare(ticks=1); |
||
| 36 | |||
| 37 | class OpenBugBountyCheck extends VNag { |
||
| 38 | protected $argDomain = null; |
||
| 39 | |||
| 40 | public function __construct() { |
||
| 41 | parent::__construct(); |
||
| 42 | |||
| 43 | $this->registerExpectedStandardArguments('Vvht'); |
||
| 44 | |||
| 45 | $this->getHelpManager()->setPluginName('check_openbugbounty'); |
||
| 46 | $this->getHelpManager()->setVersion('1.0'); |
||
| 47 | $this->getHelpManager()->setShortDescription('This plugin checks if a domain has unfixed vulnerabilities listed at OpenBugBounty.org.'); |
||
| 48 | $this->getHelpManager()->setCopyright('Copyright (C) 2011-$CURYEAR$ Daniel Marschall, ViaThinkSoft.'); |
||
| 49 | $this->getHelpManager()->setSyntax('$SCRIPTNAME$ [-d <directory>]'); |
||
| 50 | $this->getHelpManager()->setFootNotes('If you encounter bugs, please contact ViaThinkSoft at www.viathinksoft.com'); |
||
| 51 | |||
| 52 | // Individual (non-standard) arguments: |
||
| 9 | daniel-mar | 53 | $this->addExpectedArgument($this->argDomain = new VNagArgument('d', 'domain', VNagArgument::VALUE_REQUIRED, 'domainOrFile', 'Domain(s) or subdomain(s), separated by comma, to be checked or a file containing domain names.')); |
| 8 | daniel-mar | 54 | } |
| 55 | |||
| 56 | protected function get_cache_dir() { |
||
| 57 | $homedir = @getenv('HOME'); |
||
| 58 | if ($homedir) { |
||
| 59 | $try = "${homedir}/.vnag_obb_cache"; |
||
| 60 | if (is_dir($try)) return $try; |
||
| 61 | if (@mkdir($try)) return $try; |
||
| 62 | } |
||
| 63 | |||
| 64 | $user = posix_getpwuid(posix_geteuid()); |
||
| 65 | if (isset($user['dir'])) { |
||
| 66 | $homedir = $user['dir']; |
||
| 67 | $try = "${homedir}/.vnag_obb_cache"; |
||
| 68 | if (is_dir($try)) return $try; |
||
| 69 | if (@mkdir($try)) return $try; |
||
| 70 | } |
||
| 71 | |||
| 72 | if (isset($user['name'])) { |
||
| 73 | $username = $user['name']; |
||
| 74 | $try = "/tmp/vnag_obb_cache"; |
||
| 75 | if (is_dir($try)) return $try; |
||
| 76 | if (@mkdir($try)) return $try; |
||
| 77 | } |
||
| 78 | |||
| 79 | return false; // should usually never happen |
||
| 80 | } |
||
| 81 | |||
| 82 | function num_open_bugs($domain, $max_cache_time = 3600) { // TODO: make cache time configurable via config |
||
| 83 | $domain = strtolower($domain); |
||
| 84 | $cache_file = $this->get_cache_dir() . '/' . md5($domain); |
||
| 85 | |||
| 86 | if (file_exists($cache_file) && (time()-filemtime($cache_file) < $max_cache_time)) { |
||
| 87 | $cont = file_get_contents($cache_file); |
||
| 88 | } else { |
||
| 89 | $url = 'https://www.openbugbounty.org/api/1/search/?domain='.urlencode($domain); |
||
| 90 | $cont = file_get_contents($url); |
||
| 91 | file_put_contents($cache_file, $cont); |
||
| 92 | } |
||
| 93 | |||
| 94 | $fixed = 0; |
||
| 95 | $unfixed = 0; |
||
| 96 | |||
| 97 | $xml = simplexml_load_string($cont); |
||
| 98 | foreach ($xml as $x) { |
||
| 99 | if ($x->fixed == '1') $fixed++; |
||
| 100 | if ($x->fixed == '0') $unfixed++; |
||
| 101 | } |
||
| 102 | |||
| 103 | return array($fixed, $unfixed); |
||
| 104 | } |
||
| 105 | |||
| 106 | protected function cbRun($optional_args=array()) { |
||
| 107 | $domain = $this->argDomain->getValue(); |
||
| 108 | if (empty($domain)) { |
||
| 109 | throw new Exception("Please specify a domain or subdomain."); |
||
| 110 | } |
||
| 111 | |||
| 112 | if (file_exists($domain)) { |
||
| 9 | daniel-mar | 113 | // Possibility 1: File containing a list of domains |
| 8 | daniel-mar | 114 | $domains = file($domain); |
| 115 | $sum_fixed = 0; |
||
| 116 | $sum_unfixed = 0; |
||
| 117 | $count = 0; |
||
| 118 | foreach ($domains as $domain) { |
||
| 119 | $domain = trim($domain); |
||
| 120 | if ($domain == '') continue; |
||
| 121 | if ($domain[0] == '#') continue; |
||
| 122 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
||
| 123 | $sum_fixed += $fixed; |
||
| 124 | $sum_unfixed += $unfixed; |
||
| 125 | $count++; |
||
| 10 | daniel-mar | 126 | $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", $unfixed > 0 ? VNag::VERBOSITY_SUMMARY : VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
| 8 | daniel-mar | 127 | } |
| 128 | if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
| 129 | if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
||
| 130 | $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
||
| 10 | daniel-mar | 131 | } else if (strpos($domain, ',') !== false) { |
| 9 | daniel-mar | 132 | // Possibility 2: Domains separated with comma |
| 133 | $domains = explode(',', $domain); |
||
| 134 | $sum_fixed = 0; |
||
| 135 | $sum_unfixed = 0; |
||
| 136 | $count = 0; |
||
| 137 | foreach ($domains as $domain) { |
||
| 138 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
||
| 139 | $sum_fixed += $fixed; |
||
| 140 | $sum_unfixed += $unfixed; |
||
| 141 | $count++; |
||
| 10 | daniel-mar | 142 | $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", $unfixed > 0 ? VNag::VERBOSITY_SUMMARY : VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
| 9 | daniel-mar | 143 | } |
| 144 | if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
| 145 | if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
||
| 146 | $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
||
| 8 | daniel-mar | 147 | } else { |
| 9 | daniel-mar | 148 | // Possibility 3: Single domain |
| 8 | daniel-mar | 149 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
| 150 | if ($unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
| 151 | if ($unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when bug is disclosed |
||
| 152 | $this->setHeadline("$fixed fixed and $unfixed unfixed issues found at $domain", true); |
||
| 153 | } |
||
| 154 | } |
||
| 155 | } |
||
| 9 | daniel-mar | 156 |