Rev 8 | Go to most recent revision | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 8 | daniel-mar | 1 | <?php /* <ViaThinkSoftSignature> |
| 9 | daniel-mar | 2 | kWqDAxadQcLolAtJBJHGdvsMbOHCDuV7iWSIH/9pscpZ6v9PY00h90t5U+hl0YCMK |
| 3 | orI+CWgQQn4ezt2thMpOKZT/OtGsjCKGkshY3BFj8go9ESdXLEAX4oUgh3+292zDN |
||
| 4 | 9RGpJIRljZU1eWeiOxUl6V9lSqhbMdIONuAvK0AfKmEwzIA6NmJq4VaXqUedj54WK |
||
| 5 | YcIOot11dUmeYd3H9lOjjc9hEV33ITVLNt9y5uTdhQ87DfxLOHCsyp1fupWw/aPge |
||
| 6 | 4pNxirv3MdLWu0AjveExwA7X4BbPTwjZtNaa30ZI5gwzbNyCz9U5aSyxo8Nwu5ahZ |
||
| 7 | YYMrmjXMVyYtJECtJWmytbE3wlyc7EynAhWSgzZh4Lnlba4MiE9GlTiAuVaGqfibm |
||
| 8 | loql5DfTGBxkrIjeBI0ErdW61/7nq+Cj8WYtRYKWTpaUVOkmSs2c7rlzISCQXZ7Rd |
||
| 9 | wCH5vMGY5XXs4pxZtu6JXPDf2ziPkbKQrVCWdjq+vGXrxmVYVJc4CuQzyqtW37pOi |
||
| 10 | q7zlnDONuV+ps3PjLCVS+7KiOJhlVtG6prcloquABd4ndmE5MpZL7Ykh6h6q8IVVh |
||
| 11 | sheMcxihKShMJjBavFImh/pY6sOQ8AFB8piKxOYqUiTlrTeJoXuSL+AjRbt4L658i |
||
| 12 | CPq454YuEqvS6BERttgwcqrt6G8ncnUWnICZofe9qBwUztVGC1l/7a4Ef39GKfgYl |
||
| 13 | Fu/xPn1dGqEVu3kJfvQPekjd2Qp4IBUu2PotVDxnklrAgv0Fnb5lExJzsyByVp8nq |
||
| 14 | mkhNFNb/U5aFx8CjNk8x3oGTnfhJy4e04x9WX0VqMhQ/nqzekJVpzr7mOLBYbI8zE |
||
| 15 | jiOtDH1V+b4CLQ6/3jxWL+Vbt37S5gBkNQEynhOed487hSXBDiSog1iPYYtBSpoaZ |
||
| 16 | D+G2Cb+wMKRNMNAdL6MaiyYHc0kWrnmfMmxSF0t/Gf6/D7QoJIntAR2QLI9b6JWsp |
||
| 17 | tZo8kETGAfWfZ7JhPk4/B2o+PH4oMnd6qoDAJ4xI1MRT3vNYJ1aC/wXYUsbVLiWuB |
||
| 18 | edFi8cXLgrKzDU/fDA7tb+LV8yWbbXV9EF8vdlmAEE1S62CWAmRRchblPsPva2N4l |
||
| 19 | uigpf38Lk7mLQ7/SamkpAlDXzYUR8cbNEpvUjdeeOTlLf0sWZdou4ON5HDlCnYa21 |
||
| 20 | D2Hfd+sYFfvfu1u4v7t+BwA/TfC6JV3zChzBtFSq4zrPlpU38duCviCaMlRfeA6os |
||
| 21 | AZDhcCxjrdNs6P/xGtMXJqeRl6AGQVm4z5DC6zDpDhMqhVGvZ+LnmYLu+9nWcdOin |
||
| 22 | Jx05Jkks5qChGeVhigG0ACWgznuvqxVrzxsQtO3EaAfF12C1Y2M7Hf3u2BsxB4cb2 |
||
| 23 | g== |
||
| 8 | daniel-mar | 24 | </ViaThinkSoftSignature> */ ?> |
| 25 | <?php |
||
| 26 | |||
| 27 | /* |
||
| 28 | * VNag - Nagios Framework for PHP |
||
| 29 | * Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com> |
||
| 30 | * Licensed under the terms of the Apache 2.0 license |
||
| 31 | * |
||
| 32 | * Revision 2019-11-13 |
||
| 33 | */ |
||
| 34 | |||
| 35 | declare(ticks=1); |
||
| 36 | |||
| 37 | class OpenBugBountyCheck extends VNag { |
||
| 38 | protected $argDomain = null; |
||
| 39 | |||
| 40 | public function __construct() { |
||
| 41 | parent::__construct(); |
||
| 42 | |||
| 43 | $this->registerExpectedStandardArguments('Vvht'); |
||
| 44 | |||
| 45 | $this->getHelpManager()->setPluginName('check_openbugbounty'); |
||
| 46 | $this->getHelpManager()->setVersion('1.0'); |
||
| 47 | $this->getHelpManager()->setShortDescription('This plugin checks if a domain has unfixed vulnerabilities listed at OpenBugBounty.org.'); |
||
| 48 | $this->getHelpManager()->setCopyright('Copyright (C) 2011-$CURYEAR$ Daniel Marschall, ViaThinkSoft.'); |
||
| 49 | $this->getHelpManager()->setSyntax('$SCRIPTNAME$ [-d <directory>]'); |
||
| 50 | $this->getHelpManager()->setFootNotes('If you encounter bugs, please contact ViaThinkSoft at www.viathinksoft.com'); |
||
| 51 | |||
| 52 | // Individual (non-standard) arguments: |
||
| 9 | daniel-mar | 53 | $this->addExpectedArgument($this->argDomain = new VNagArgument('d', 'domain', VNagArgument::VALUE_REQUIRED, 'domainOrFile', 'Domain(s) or subdomain(s), separated by comma, to be checked or a file containing domain names.')); |
| 8 | daniel-mar | 54 | } |
| 55 | |||
| 56 | protected function get_cache_dir() { |
||
| 57 | $homedir = @getenv('HOME'); |
||
| 58 | if ($homedir) { |
||
| 59 | $try = "${homedir}/.vnag_obb_cache"; |
||
| 60 | if (is_dir($try)) return $try; |
||
| 61 | if (@mkdir($try)) return $try; |
||
| 62 | } |
||
| 63 | |||
| 64 | $user = posix_getpwuid(posix_geteuid()); |
||
| 65 | if (isset($user['dir'])) { |
||
| 66 | $homedir = $user['dir']; |
||
| 67 | $try = "${homedir}/.vnag_obb_cache"; |
||
| 68 | if (is_dir($try)) return $try; |
||
| 69 | if (@mkdir($try)) return $try; |
||
| 70 | } |
||
| 71 | |||
| 72 | if (isset($user['name'])) { |
||
| 73 | $username = $user['name']; |
||
| 74 | $try = "/tmp/vnag_obb_cache"; |
||
| 75 | if (is_dir($try)) return $try; |
||
| 76 | if (@mkdir($try)) return $try; |
||
| 77 | } |
||
| 78 | |||
| 79 | return false; // should usually never happen |
||
| 80 | } |
||
| 81 | |||
| 82 | function num_open_bugs($domain, $max_cache_time = 3600) { // TODO: make cache time configurable via config |
||
| 83 | $domain = strtolower($domain); |
||
| 84 | $cache_file = $this->get_cache_dir() . '/' . md5($domain); |
||
| 85 | |||
| 86 | if (file_exists($cache_file) && (time()-filemtime($cache_file) < $max_cache_time)) { |
||
| 87 | $cont = file_get_contents($cache_file); |
||
| 88 | } else { |
||
| 89 | $url = 'https://www.openbugbounty.org/api/1/search/?domain='.urlencode($domain); |
||
| 90 | $cont = file_get_contents($url); |
||
| 91 | file_put_contents($cache_file, $cont); |
||
| 92 | } |
||
| 93 | |||
| 94 | $fixed = 0; |
||
| 95 | $unfixed = 0; |
||
| 96 | |||
| 97 | $xml = simplexml_load_string($cont); |
||
| 98 | foreach ($xml as $x) { |
||
| 99 | if ($x->fixed == '1') $fixed++; |
||
| 100 | if ($x->fixed == '0') $unfixed++; |
||
| 101 | } |
||
| 102 | |||
| 103 | return array($fixed, $unfixed); |
||
| 104 | } |
||
| 105 | |||
| 106 | protected function cbRun($optional_args=array()) { |
||
| 107 | $domain = $this->argDomain->getValue(); |
||
| 108 | if (empty($domain)) { |
||
| 109 | throw new Exception("Please specify a domain or subdomain."); |
||
| 110 | } |
||
| 111 | |||
| 112 | if (file_exists($domain)) { |
||
| 9 | daniel-mar | 113 | // Possibility 1: File containing a list of domains |
| 8 | daniel-mar | 114 | $domains = file($domain); |
| 115 | $sum_fixed = 0; |
||
| 116 | $sum_unfixed = 0; |
||
| 117 | $count = 0; |
||
| 118 | foreach ($domains as $domain) { |
||
| 119 | $domain = trim($domain); |
||
| 120 | if ($domain == '') continue; |
||
| 121 | if ($domain[0] == '#') continue; |
||
| 122 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
||
| 123 | $sum_fixed += $fixed; |
||
| 124 | $sum_unfixed += $unfixed; |
||
| 125 | $count++; |
||
| 126 | if ($unfixed > 0) $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
||
| 127 | } |
||
| 128 | if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
| 129 | if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
||
| 130 | $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
||
| 9 | daniel-mar | 131 | } if (strpos($domain, ',') !== false) { |
| 132 | // Possibility 2: Domains separated with comma |
||
| 133 | $domains = explode(',', $domain); |
||
| 134 | $sum_fixed = 0; |
||
| 135 | $sum_unfixed = 0; |
||
| 136 | $count = 0; |
||
| 137 | foreach ($domains as $domain) { |
||
| 138 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
||
| 139 | $sum_fixed += $fixed; |
||
| 140 | $sum_unfixed += $unfixed; |
||
| 141 | $count++; |
||
| 142 | if ($unfixed > 0) $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
||
| 143 | } |
||
| 144 | if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
| 145 | if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
||
| 146 | $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
||
| 8 | daniel-mar | 147 | } else { |
| 9 | daniel-mar | 148 | // Possibility 3: Single domain |
| 8 | daniel-mar | 149 | list($fixed, $unfixed) = $this->num_open_bugs($domain); |
| 150 | if ($unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
||
| 151 | if ($unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when bug is disclosed |
||
| 152 | $this->setHeadline("$fixed fixed and $unfixed unfixed issues found at $domain", true); |
||
| 153 | } |
||
| 154 | } |
||
| 155 | } |
||
| 9 | daniel-mar | 156 |