WebSVN – vnag – Blame – /trunk/plugins/openbugbounty/OpenBugBountyCheck.class.php

Rev	Author	Line No.	Line
8	daniel-mar	1	<?php /* <ViaThinkSoftSignature>
		2	D5ywBZegRuOX5CT35IVYKi1Y2lmXoGA7fv9U8Xo/t+6u/jHti2GaiazfQLaikgVgA
		3	NDUvsjLNnYRqk5zx0eFyMxVdtQ8esfJ18M8YvmiZX2eZm7wavgqGTHzTKLOlS3TZb
		4	WBsQrPgDisqeBjPxKDF9B10ZJNej69YFLZsOrLY35sDIOP9vFkaKleKXXXe+XodxD
		5	QZGYEwTV3QZV3/gIm3SSgqSChx/15QTV/saxHNe9xEYdn6JPCNQT6u4Jbdx2F1pxO
		6	4AwSi9g7CFG6IOy859tLRPuUS9/+0j8+VYzvBZWcPq7xbrccJ7Quq9F96H8On8xeT
		7	m2ekmGVVVUJfpe6bWeOLtESsarOIi1D+Ywlm3Ctk3sZ8+TONrXbaKS5dHeVPKNTdT
		8	wSDSNwmXgYn/DAMw9JJZOwadiWbE+e7yr3DUUnMpk7PTghSCyf89cqOE7Tk+w/a08
		9	N6I6Mt7Ad/W7VP14bmepdbAaNp2ihuR9DSkiqd0Q4gPu9HiDwQeFoLF2uARwPYTLC
		10	uJRu6AE833K8v0DHs/Mt1pKtaiAd90ZElDscbACJWFeQDUpI13/RNiU6zNL/IsyMx
		11	yQA/2Ehk3kqDKz//EtEev+9wdJBIJeCU8U0+JCrlr1kOJKKo1gbIb+AMsY4ODdw3a
		12	DgfGCSeEfjE0ar0FtPNyN5/6Zxyf+m1ziJn8xY6r56vXR7+bPb7nxr4gopF04QJ7z
		13	TyZpn8PJKUKVZDmlO7N12j4HPvM4c/KoGh4GyBmIkuuSQWkm5gZbWZiiC5sdPIoA8
		14	JYlLd1fkiOZ0o9Vpcdwa6Si93nrmTDP98zg/DfgFtrZjJSpqcbur66ilhgOw8ZLew
		15	pckJL57zC72nuqPbEYhNmJixcMuLGI29g1ISXkvCAnkdSWH1gwLgJfDCJ9pWAjoS5
		16	/eqrFof+4OUG7MD0+xmf3135GYwB0mbUQh+4t3pRDQgHnluXtQnb/93XCBX28qyzV
		17	A8zM9dHEhzeJsHxCthOQQshgSliLfACA/0/CCIoSwrLJr3th8VVNoEy9YN2ovfN10
		18	1n3t3HOAPU9SiWFMfOVTtqy2OmtBcXvMxBotXRGnHsB5vDeNa9XDuLJEJqeL+FmXp
		19	sjY5UkayvkliF1qjwVRX7hP64+UDDPVPa+fPg0ITHZTQdawfi8AxRwOzjjH2h/Rbj
		20	mNsePALoCoVp/0Oq9kIwxCTWYAHjFY81Tt0GtOHV2Yo9Mh9WGg5VHhDFFbHoC6o0p
		21	S5CUM3HaByKWCfqTgNsR4govazSZKqigbBBA5whW4BPMALNukmU/Fiu5NPKF0S4bR
		22	xr0g31lTS3K2cTQoKrI8uYbhaG8e53DCkuia3F+/76U2UYV5SelD8/qJO8Z872p88
		23	A==
		24	</ViaThinkSoftSignature> */ ?>
		25	<?php
		26
		27	/*
		28	* VNag - Nagios Framework for PHP
		29	* Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com>
		30	* Licensed under the terms of the Apache 2.0 license
		31	*
		32	* Revision 2019-11-13
		33	*/
		34
		35	declare(ticks=1);
		36
		37	class OpenBugBountyCheck extends VNag {
		38	protected $argDomain = null;
		39
		40	public function __construct() {
		41	parent::__construct();
		42
		43	$this->registerExpectedStandardArguments('Vvht');
		44
		45	$this->getHelpManager()->setPluginName('check_openbugbounty');
		46	$this->getHelpManager()->setVersion('1.0');
		47	$this->getHelpManager()->setShortDescription('This plugin checks if a domain has unfixed vulnerabilities listed at OpenBugBounty.org.');
		48	$this->getHelpManager()->setCopyright('Copyright (C) 2011-$CURYEAR$ Daniel Marschall, ViaThinkSoft.');
		49	$this->getHelpManager()->setSyntax('$SCRIPTNAME$ [-d <directory>]');
		50	$this->getHelpManager()->setFootNotes('If you encounter bugs, please contact ViaThinkSoft at www.viathinksoft.com');
		51
		52	// Individual (non-standard) arguments:
		53	$this->addExpectedArgument($this->argDomain = new VNagArgument('d', 'domain', VNagArgument::VALUE_REQUIRED, 'domainOrFile', 'Domain or subdomain to be checked or a file containing domain names.'));
		54	}
		55
		56	protected function get_cache_dir() {
		57	$homedir = @getenv('HOME');
		58	if ($homedir) {
		59	$try = "${homedir}/.vnag_obb_cache";
		60	if (is_dir($try)) return $try;
		61	if (@mkdir($try)) return $try;
		62	}
		63
		64	$user = posix_getpwuid(posix_geteuid());
		65	if (isset($user['dir'])) {
		66	$homedir = $user['dir'];
		67	$try = "${homedir}/.vnag_obb_cache";
		68	if (is_dir($try)) return $try;
		69	if (@mkdir($try)) return $try;
		70	}
		71
		72	if (isset($user['name'])) {
		73	$username = $user['name'];
		74	$try = "/tmp/vnag_obb_cache";
		75	if (is_dir($try)) return $try;
		76	if (@mkdir($try)) return $try;
		77	}
		78
		79	return false; // should usually never happen
		80	}
		81
		82	function num_open_bugs($domain, $max_cache_time = 3600) { // TODO: make cache time configurable via config
		83	$domain = strtolower($domain);
		84	$cache_file = $this->get_cache_dir() . '/' . md5($domain);
		85
		86	if (file_exists($cache_file) && (time()-filemtime($cache_file) < $max_cache_time)) {
		87	$cont = file_get_contents($cache_file);
		88	} else {
		89	$url = 'https://www.openbugbounty.org/api/1/search/?domain='.urlencode($domain);
		90	$cont = file_get_contents($url);
		91	file_put_contents($cache_file, $cont);
		92	}
		93
		94	$fixed = 0;
		95	$unfixed = 0;
		96
		97	$xml = simplexml_load_string($cont);
		98	foreach ($xml as $x) {
		99	if ($x->fixed == '1') $fixed++;
		100	if ($x->fixed == '0') $unfixed++;
		101	}
		102
		103	return array($fixed, $unfixed);
		104	}
		105
		106	protected function cbRun($optional_args=array()) {
		107	$domain = $this->argDomain->getValue();
		108	if (empty($domain)) {
		109	throw new Exception("Please specify a domain or subdomain.");
		110	}
		111
		112	if (file_exists($domain)) {
		113	$domains = file($domain);
		114	$sum_fixed = 0;
		115	$sum_unfixed = 0;
		116	$count = 0;
		117	foreach ($domains as $domain) {
		118	$domain = trim($domain);
		119	if ($domain == '') continue;
		120	if ($domain[0] == '#') continue;
		121	list($fixed, $unfixed) = $this->num_open_bugs($domain);
		122	$sum_fixed += $fixed;
		123	$sum_unfixed += $unfixed;
		124	$count++;
		125	if ($unfixed > 0) $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", VNag::VERBOSITY_ADDITIONAL_INFORMATION);
		126	}
		127	if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK);
		128	if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed
		129	$this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true);
		130	} else {
		131	list($fixed, $unfixed) = $this->num_open_bugs($domain);
		132	if ($unfixed == 0) $this->setStatus(VNag::STATUS_OK);
		133	if ($unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when bug is disclosed
		134	$this->setHeadline("$fixed fixed and $unfixed unfixed issues found at $domain", true);
		135	}
		136
		137	}
		138	}

Subversion Repositories vnag

vnag/trunk/plugins/openbugbounty/OpenBugBountyCheck.class.php @ 59 – Rev 8