Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities
Tuesday, September 10, 2019
Edit
Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities - Hi friends mederc, In the article that you read this time with the title Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities, We have prepared this article well for you to read and retrieve information from it. hopefully fill the posts
Article Linux,
Article PHP,
Article PHP Version Scanner,
Article Reporting,
Article Scan,
Article Scanner,
Article Versionscan,
Article Vulnerability Scanner, we write this you can understand. Alright, happy reading.
Title : Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities
link : Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities
Installation
Using Composer
Usage
To piece of occupation the scan against your electrical flow PHP version, use:
The script volition banking concern agree the
Parameters
There are several parameters that tin survive given to the tool to configure its scans together with results:
PHP Version
If you'd similar to define a PHP version to banking concern agree other than the i the script finds itself, y'all tin utilisation the
Report Only Failures
You tin also say the versionscan to alone written report dorsum the failures together with non the passing tests:
Sorting results
You tin also kind the results either yesteryear the CVE ID or yesteryear severity (risk rating), amongst the
Output formats
By default versionscan volition output information straight to the console inwards a human-readable result. You tin also specify other output formats that may survive easier to parse programatically (like JSON). Use the
The HTML output format requires an
You are now reading the article Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities with the link address https://mederc.blogspot.com/2019/09/versionscan-php-version-scanner-for.html
Title : Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities
link : Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities
Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities
Versionscan is a tool for evaluating your currently installed PHP version together with checking it against known CVEs together with the versions they were fixed inwards to written report dorsum potential issues.
PLEASE NOTE: Work is withal inwards progress to adapt the tool to linux distributions that backport safety fixes. As of correct now, this alone reports dorsum for the straight upward version reported.
Installation
Using Composer
{ "require": { "psecio/versionscan": "dev-master" } }
The alone electrical flow dependency is the Symfony console.Usage
To piece of occupation the scan against your electrical flow PHP version, use:
bin/versionscan
The script volition banking concern agree the
PHP_VERSION
for the electrical flow illustration together with generate the pass/fail results. The output looks similar to:Executing against version: 5.4.24 +--------+---------------+------+------------------------------------------------------------------------------------------------------+ | Status | CVE ID | Risk | Summary | +--------+---------------+------+------------------------------------------------------------------------------------------------------+ | FAIL | CVE-2014-3597 | 6.8 | Multiple buffer overflows inwards the php_parserr purpose inwards ext/standard/dns.c inwards PHP earlier 5.4.32 ... | | FAIL | CVE-2014-3587 | 4.3 | Integer overflow inwards the cdf_read_property_info purpose inwards cdf.c inwards file through 5.19, every bit used in... |
Results volition survive reported dorsum colorized every bit good to easily exhibit the pass/fail of the check.Parameters
There are several parameters that tin survive given to the tool to configure its scans together with results:
PHP Version
If you'd similar to define a PHP version to banking concern agree other than the i the script finds itself, y'all tin utilisation the
php-version
parameter:bin/versionscan scan --php-version=4.3.2
Report Only Failures
You tin also say the versionscan to alone written report dorsum the failures together with non the passing tests:
bin/versionscan scan --fail-only
Sorting results
You tin also kind the results either yesteryear the CVE ID or yesteryear severity (risk rating), amongst the
sort
parameter together with either the "cve" or "risk" value:bin/versionscan scan --sort=risk
Output formats
By default versionscan volition output information straight to the console inwards a human-readable result. You tin also specify other output formats that may survive easier to parse programatically (like JSON). Use the
--format
selection to alter the output:vendor/bin/versionscan scan --php-version=5.5 --format=json
Supported output formats are console
, json
, xml
together with html
.The HTML output format requires an
--output
selection of the directory to write the file:vendor/bin/versionscan scan --php-version=5.5 --format=html --output=/var/www/output
The number volition survive written to a file named something similar versionscan-output-20150808.html
Thus the article Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities
That's all the article Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities this time, hopefully can benefit you all. okay, see you in another article posting.
You are now reading the article Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities with the link address https://mederc.blogspot.com/2019/09/versionscan-php-version-scanner-for.html