| 0,0 → 1,138 |
|---|
| <?php /* <ViaThinkSoftSignature> |
| D5ywBZegRuOX5CT35IVYKi1Y2lmXoGA7fv9U8Xo/t+6u/jHti2GaiazfQLaikgVgA |
| NDUvsjLNnYRqk5zx0eFyMxVdtQ8esfJ18M8YvmiZX2eZm7wavgqGTHzTKLOlS3TZb |
| WBsQrPgDisqeBjPxKDF9B10ZJNej69YFLZsOrLY35sDIOP9vFkaKleKXXXe+XodxD |
| QZGYEwTV3QZV3/gIm3SSgqSChx/15QTV/saxHNe9xEYdn6JPCNQT6u4Jbdx2F1pxO |
| 4AwSi9g7CFG6IOy859tLRPuUS9/+0j8+VYzvBZWcPq7xbrccJ7Quq9F96H8On8xeT |
| m2ekmGVVVUJfpe6bWeOLtESsarOIi1D+Ywlm3Ctk3sZ8+TONrXbaKS5dHeVPKNTdT |
| wSDSNwmXgYn/DAMw9JJZOwadiWbE+e7yr3DUUnMpk7PTghSCyf89cqOE7Tk+w/a08 |
| N6I6Mt7Ad/W7VP14bmepdbAaNp2ihuR9DSkiqd0Q4gPu9HiDwQeFoLF2uARwPYTLC |
| uJRu6AE833K8v0DHs/Mt1pKtaiAd90ZElDscbACJWFeQDUpI13/RNiU6zNL/IsyMx |
| yQA/2Ehk3kqDKz//EtEev+9wdJBIJeCU8U0+JCrlr1kOJKKo1gbIb+AMsY4ODdw3a |
| DgfGCSeEfjE0ar0FtPNyN5/6Zxyf+m1ziJn8xY6r56vXR7+bPb7nxr4gopF04QJ7z |
| TyZpn8PJKUKVZDmlO7N12j4HPvM4c/KoGh4GyBmIkuuSQWkm5gZbWZiiC5sdPIoA8 |
| JYlLd1fkiOZ0o9Vpcdwa6Si93nrmTDP98zg/DfgFtrZjJSpqcbur66ilhgOw8ZLew |
| pckJL57zC72nuqPbEYhNmJixcMuLGI29g1ISXkvCAnkdSWH1gwLgJfDCJ9pWAjoS5 |
| /eqrFof+4OUG7MD0+xmf3135GYwB0mbUQh+4t3pRDQgHnluXtQnb/93XCBX28qyzV |
| A8zM9dHEhzeJsHxCthOQQshgSliLfACA/0/CCIoSwrLJr3th8VVNoEy9YN2ovfN10 |
| 1n3t3HOAPU9SiWFMfOVTtqy2OmtBcXvMxBotXRGnHsB5vDeNa9XDuLJEJqeL+FmXp |
| sjY5UkayvkliF1qjwVRX7hP64+UDDPVPa+fPg0ITHZTQdawfi8AxRwOzjjH2h/Rbj |
| mNsePALoCoVp/0Oq9kIwxCTWYAHjFY81Tt0GtOHV2Yo9Mh9WGg5VHhDFFbHoC6o0p |
| S5CUM3HaByKWCfqTgNsR4govazSZKqigbBBA5whW4BPMALNukmU/Fiu5NPKF0S4bR |
| xr0g31lTS3K2cTQoKrI8uYbhaG8e53DCkuia3F+/76U2UYV5SelD8/qJO8Z872p88 |
| A== |
| </ViaThinkSoftSignature> */ ?> |
| <?php |
| |
| /* |
| * VNag - Nagios Framework for PHP |
| * Developed by Daniel Marschall, ViaThinkSoft <www.viathinksoft.com> |
| * Licensed under the terms of the Apache 2.0 license |
| * |
| * Revision 2019-11-13 |
| */ |
| |
| declare(ticks=1); |
| |
| class OpenBugBountyCheck extends VNag { |
| protected $argDomain = null; |
| |
| public function __construct() { |
| parent::__construct(); |
| |
| $this->registerExpectedStandardArguments('Vvht'); |
| |
| $this->getHelpManager()->setPluginName('check_openbugbounty'); |
| $this->getHelpManager()->setVersion('1.0'); |
| $this->getHelpManager()->setShortDescription('This plugin checks if a domain has unfixed vulnerabilities listed at OpenBugBounty.org.'); |
| $this->getHelpManager()->setCopyright('Copyright (C) 2011-$CURYEAR$ Daniel Marschall, ViaThinkSoft.'); |
| $this->getHelpManager()->setSyntax('$SCRIPTNAME$ [-d <directory>]'); |
| $this->getHelpManager()->setFootNotes('If you encounter bugs, please contact ViaThinkSoft at www.viathinksoft.com'); |
| |
| // Individual (non-standard) arguments: |
| $this->addExpectedArgument($this->argDomain = new VNagArgument('d', 'domain', VNagArgument::VALUE_REQUIRED, 'domainOrFile', 'Domain or subdomain to be checked or a file containing domain names.')); |
| } |
| |
| protected function get_cache_dir() { |
| $homedir = @getenv('HOME'); |
| if ($homedir) { |
| $try = "${homedir}/.vnag_obb_cache"; |
| if (is_dir($try)) return $try; |
| if (@mkdir($try)) return $try; |
| } |
| |
| $user = posix_getpwuid(posix_geteuid()); |
| if (isset($user['dir'])) { |
| $homedir = $user['dir']; |
| $try = "${homedir}/.vnag_obb_cache"; |
| if (is_dir($try)) return $try; |
| if (@mkdir($try)) return $try; |
| } |
| |
| if (isset($user['name'])) { |
| $username = $user['name']; |
| $try = "/tmp/vnag_obb_cache"; |
| if (is_dir($try)) return $try; |
| if (@mkdir($try)) return $try; |
| } |
| |
| return false; // should usually never happen |
| } |
| |
| function num_open_bugs($domain, $max_cache_time = 3600) { // TODO: make cache time configurable via config |
| $domain = strtolower($domain); |
| $cache_file = $this->get_cache_dir() . '/' . md5($domain); |
| |
| if (file_exists($cache_file) && (time()-filemtime($cache_file) < $max_cache_time)) { |
| $cont = file_get_contents($cache_file); |
| } else { |
| $url = 'https://www.openbugbounty.org/api/1/search/?domain='.urlencode($domain); |
| $cont = file_get_contents($url); |
| file_put_contents($cache_file, $cont); |
| } |
| |
| $fixed = 0; |
| $unfixed = 0; |
| |
| $xml = simplexml_load_string($cont); |
| foreach ($xml as $x) { |
| if ($x->fixed == '1') $fixed++; |
| if ($x->fixed == '0') $unfixed++; |
| } |
| |
| return array($fixed, $unfixed); |
| } |
| |
| protected function cbRun($optional_args=array()) { |
| $domain = $this->argDomain->getValue(); |
| if (empty($domain)) { |
| throw new Exception("Please specify a domain or subdomain."); |
| } |
| |
| if (file_exists($domain)) { |
| $domains = file($domain); |
| $sum_fixed = 0; |
| $sum_unfixed = 0; |
| $count = 0; |
| foreach ($domains as $domain) { |
| $domain = trim($domain); |
| if ($domain == '') continue; |
| if ($domain[0] == '#') continue; |
| list($fixed, $unfixed) = $this->num_open_bugs($domain); |
| $sum_fixed += $fixed; |
| $sum_unfixed += $unfixed; |
| $count++; |
| if ($unfixed > 0) $this->addVerboseMessage("$fixed fixed and $unfixed unfixed issues found at $domain", VNag::VERBOSITY_ADDITIONAL_INFORMATION); |
| } |
| if ($sum_unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
| if ($sum_unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when some bugs are disclosed |
| $this->setHeadline("$sum_fixed fixed and $sum_unfixed unfixed issues found at $count domains", true); |
| } else { |
| list($fixed, $unfixed) = $this->num_open_bugs($domain); |
| if ($unfixed == 0) $this->setStatus(VNag::STATUS_OK); |
| if ($unfixed > 0) $this->setStatus(VNag::STATUS_WARNING); // TODO: Critical, when bug is disclosed |
| $this->setHeadline("$fixed fixed and $unfixed unfixed issues found at $domain", true); |
| } |
| |
| } |
| } |