Rev 8 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
Rev | Author | Line No. | Line |
---|---|---|---|
8 | daniel-mar | 1 | <?php /* <ViaThinkSoftSignature> |
9 | daniel-mar | 2 | kWqDAxadQcLolAtJBJHGdvsMbOHCDuV7iWSIH/9pscpZ6v9PY00h90t5U+hl0YCMK |
3 | orI+CWgQQn4ezt2thMpOKZT/OtGsjCKGkshY3BFj8go9ESdXLEAX4oUgh3+292zDN |
||
4 | 9RGpJIRljZU1eWeiOxUl6V9lSqhbMdIONuAvK0AfKmEwzIA6NmJq4VaXqUedj54WK |
||
5 | YcIOot11dUmeYd3H9lOjjc9hEV33ITVLNt9y5uTdhQ87DfxLOHCsyp1fupWw/aPge |
||
6 | 4pNxirv3MdLWu0AjveExwA7X4BbPTwjZtNaa30ZI5gwzbNyCz9U5aSyxo8Nwu5ahZ |
||
7 | YYMrmjXMVyYtJECtJWmytbE3wlyc7EynAhWSgzZh4Lnlba4MiE9GlTiAuVaGqfibm |
||
8 | loql5DfTGBxkrIjeBI0ErdW61/7nq+Cj8WYtRYKWTpaUVOkmSs2c7rlzISCQXZ7Rd |
||
9 | wCH5vMGY5XXs4pxZtu6JXPDf2ziPkbKQrVCWdjq+vGXrxmVYVJc4CuQzyqtW37pOi |
||
10 | q7zlnDONuV+ps3PjLCVS+7KiOJhlVtG6prcloquABd4ndmE5MpZL7Ykh6h6q8IVVh |
||
11 | sheMcxihKShMJjBavFImh/pY6sOQ8AFB8piKxOYqUiTlrTeJoXuSL+AjRbt4L658i |
||
12 | CPq454YuEqvS6BERttgwcqrt6G8ncnUWnICZofe9qBwUztVGC1l/7a4Ef39GKfgYl |
||
13 | Fu/xPn1dGqEVu3kJfvQPekjd2Qp4IBUu2PotVDxnklrAgv0Fnb5lExJzsyByVp8nq |
||
14 | mkhNFNb/U5aFx8CjNk8x3oGTnfhJy4e04x9WX0VqMhQ/nqzekJVpzr7mOLBYbI8zE |
||
15 | jiOtDH1V+b4CLQ6/3jxWL+Vbt37S5gBkNQEynhOed487hSXBDiSog1iPYYtBSpoaZ |
||
16 | D+G2Cb+wMKRNMNAdL6MaiyYHc0kWrnmfMmxSF0t/Gf6/D7QoJIntAR2QLI9b6JWsp |
||
17 | tZo8kETGAfWfZ7JhPk4/B2o+PH4oMnd6qoDAJ4xI1MRT3vNYJ1aC/wXYUsbVLiWuB |
||
18 | edFi8cXLgrKzDU/fDA7tb+LV8yWbbXV9EF8vdlmAEE1S62CWAmRRchblPsPva2N4l |
||
19 | uigpf38Lk7mLQ7/SamkpAlDXzYUR8cbNEpvUjdeeOTlLf0sWZdou4ON5HDlCnYa21 |
||
20 | D2Hfd+sYFfvfu1u4v7t+BwA/TfC6JV3zChzBtFSq4zrPlpU38duCviCaMlRfeA6os |
||
21 | AZDhcCxjrdNs6P/xGtMXJqeRl6AGQVm4z5DC6zDpDhMqhVGvZ+LnmYLu+9nWcdOin |
||
22 | Jx05Jkks5qChGeVhigG0ACWgznuvqxVrzxsQtO3EaAfF12C1Y2M7Hf3u2BsxB4cb2 |
||
23 | g== |
||
8 | daniel-mar | 24 | </ViaThinkSoftSignature> */ ?> |
25 | <?php |
||
26 | |||
27 | /* |
||
28 | * VNag - Nagios Framework for PHP |
||
29 | * Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com> |
||
30 | * Licensed under the terms of the Apache 2.0 license |
||
31 | * |
||
32 | * Revision 2019-11-13 |
||
33 | */ |
||
34 | |||
35 | declare(ticks=1); |
||
36 | |||
37 | class OpenBugBountyCheck extends VNag { |
||
38 | protected $argDomain = null; |
||
39 | |||
40 | public function __construct() { |
||
41 | parent::__construct(); |
||
42 | |||
43 | $this->registerExpectedStandardArguments('Vvht'); |
||
44 | |||
45 | $this->getHelpManager()->setPluginName('check_openbugbounty'); |
||
46 | $this->getHelpManager()->setVersion('1.0'); |
||
47 | $this->getHelpManager()->setShortDescription('This plugin checks if a domain has unfixed vulnerabilities listed at OpenBugBounty.org.'); |
||
48 | $this->getHelpManager()->setCopyright('Copyright (C) 2011-$CURYEAR$ Daniel Marschall, ViaThinkSoft.'); |
||
49 | $this->getHelpManager()->setSyntax('$SCRIPTNAME$ [-d <directory>]'); |
||
50 | $this->getHelpManager()->setFootNotes('If you encounter bugs, please contact ViaThinkSoft at www.viathinksoft.com'); |
||
51 | |||
52 | // Individual (non-standard) arguments: |
||
9 | daniel-mar | 53 | $this->addExpectedArgument($this->argDomain = new VNagArgument('d', 'domain', VNagArgument::VALUE_REQUIRED, 'domainOrFile', 'Domain(s) or subdomain(s), separated by comma, to be checked or a file containing domain names.')); |
8 | daniel-mar | 54 | } |
55 | |||
56 | protected function get_cache_dir() { |
||
57 | $homedir = @getenv('HOME'); |
||
58 | if ($homedir) { |
||
59 | $try = "${homedir}/.vnag_obb_cache"; |
||
60 | if (is_dir($try)) return $try; |
||
61 | if (@mkdir($try)) return $try; |
||
62 | } |
||
63 | |||
64 | $user = posix_getpwuid(posix_geteuid()); |
||
65 | if (isset($user['dir'])) { |
||
66 | $homedir = $user['dir']; |
||
67 | $try = "${homedir}/.vnag_obb_cache"; |
||
68 | if (is_dir($try)) return $try; |
||
69 | if (@mkdir($try)) return $try; |
||
70 | } |
||
71 | |||
72 | if (isset($user['name'])) { |
||
73 | $username = $user['name']; |
||
74 | $try = "/tmp/vnag_obb_cache"; |
||
75 | if (is_dir($try)) return $try; |
||
76 | if (@mkdir($try)) return $try; |
||
77 | } |
||
78 | |||
79 | return false; // should usually never happen |
||
80 | } |
||
81 | |||
82 | function num_open_bugs($domain, $max_cache_time = 3600) { // TODO: make cache time configurable via config |
||
83 | $domain = strtolower($domain); |
||
84 | $cache_file = $this->get_cache_dir() . '/' . md5($domain); |
||
85 | |||
86 | if (file_exists($cache_file) && (time()-filemtime($cache_file) < $max_cache_time)) { |
||
87 | $cont = file_get_contents($cache_file); |
||
88 | } else { |
||
89 | $url = 'https://www.openbugbounty.org/api/1/search/?domain='.urlencode($domain); |
||
90 | $cont = file_get_contents($url); |
||
91 | file_put_contents($cache_file, $cont); |
||
92 | } |
||
93 | |||
94 | $fixed = 0; |
||
95 | $unfixed = 0; |
||
96 | |||
97 | $xml = simplexml_load_string($cont); |
||
98 | foreach ($xml as $x) { |
||
99 | if ($x->fixed == '1') $fixed++; |
||
100 | if ($x->fixed == '0') $unfixed++; |
||
101 | } |
||
102 | |||
103 | return array($fixed, $unfixed); |
||
104 | } |
||
105 | |||
106 | protected function cbRun($optional_args=array()) { |
||
107 | $domain = $this->argDomain->getValue(); |
||
108 | if (empty($domain)) { |
||
109 | throw new Exception("Please specify a domain or subdomain."); |
||
110 | } |
||
111 | |||
112 | if (file_exists($domain)) { |
||
9 | daniel-mar | 113 | // Possibility 1: File containing a list of domains |
8 | daniel-mar | 114 | $domains = file($domain); |
115 | $sum_fixed = 0; |
||
116 | $sum_unfixed = 0; |
||
117 | $count = 0; |
||
118 | foreach ($domains as $domain) { |
||
119 | $domain = trim($domain); |
||
120 | if ($domain == '') continue; |
||
121 | if ($domain[0] == '#') continue; |
||
122 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
||
123 | $sum_fixed += $fixed; |
||
124 | $sum_unfixed += $unfixed; |
||
125 | $count++; |
||
126 | if ($unfixed > 0) $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
||
127 | } |
||
128 | if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
129 | if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
||
130 | $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
||
9 | daniel-mar | 131 | } if (strpos($domain, ',') !== false) { |
132 | // Possibility 2: Domains separated with comma |
||
133 | $domains = explode(',', $domain); |
||
134 | $sum_fixed = 0; |
||
135 | $sum_unfixed = 0; |
||
136 | $count = 0; |
||
137 | foreach ($domains as $domain) { |
||
138 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
||
139 | $sum_fixed += $fixed; |
||
140 | $sum_unfixed += $unfixed; |
||
141 | $count++; |
||
142 | if ($unfixed > 0) $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
||
143 | } |
||
144 | if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
145 | if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
||
146 | $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
||
8 | daniel-mar | 147 | } else { |
9 | daniel-mar | 148 | // Possibility 3: Single domain |
8 | daniel-mar | 149 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
150 | if ($unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
151 | if ($unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when bug is disclosed |
||
152 | $this->setHeadline("$fixed fixed and $unfixed unfixed issues found at $domain", true); |
||
153 | } |
||
154 | } |
||
155 | } |
||
9 | daniel-mar | 156 |