Skip to content
This repository has been archived by the owner on Jul 2, 2024. It is now read-only.

Commit

Permalink
1.0.2
Browse files Browse the repository at this point in the history
  • Loading branch information
whoot committed May 12, 2022
1 parent d544eee commit 9746b0f
Show file tree
Hide file tree
Showing 5 changed files with 30 additions and 12 deletions.
4 changes: 4 additions & 0 deletions doc/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,3 +1,7 @@
## Version 1.0.2

* Bugfix for core and extensions advisory URLs

## Version 1.0.1

* json file is now saved each time. --json parameter is now used for specifying path for json file. Default is the current working directory.
Expand Down
Binary file modified doc/Typo3Scan.png
Loading
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
Binary file modified lib/typo3scan.db
Binary file not shown.
36 changes: 25 additions & 11 deletions lib/update.py
Original file line number Diff line number Diff line change
Expand Up @@ -57,14 +57,22 @@ def load_core_vulns(self):
"""
print('\n[+] Searching for new CORE vulnerabilities...')
update_counter = 0
response = requests.get('https://typo3.org/help/security-advisories/typo3-cms/page-1')
pages = re.findall('<a class=\"page-link\" href=\"/help/security-advisories/typo3-cms/page-([0-9]+)\">', response.text)
last_page = int(pages[-1])
next_page = 2
last_page = 99
cHash = ''

for current_page in range(1, last_page+1):
if current_page == 1:
url = 'https://typo3.org/help/security-advisories/typo3-cms/'
else:
url = 'https://typo3.org/help/security-advisories/typo3-cms/page?tx_news_pi1%5BcurrentPage%5D={}&amp;tx_sfeventmgt_pieventlist%5Baction%5D=list&amp;tx_sfeventmgt_pieventlist%5Bcontroller%5D=Event&amp;cHash={}'.format(current_page, cHash)
response = requests.get(url, timeout=6)
content = re.findall('<a class=\"page-link\" href=\"/help/security-advisories/typo3-cms/page\?tx_news_pi1%5BcurrentPage%5D=([0-9]+)&amp;tx_sfeventmgt_pieventlist%5Baction%5D=list&amp;tx_sfeventmgt_pieventlist%5Bcontroller%5D=Event&amp;cHash=([0-9a-f]+)\"', response.text)
last_page = (content[-1])[0]
cHash = (content[0])[1]
print(' \u251c Page {}/{}'.format(current_page, last_page))
response = requests.get('https://typo3.org/help/security-advisories/typo3-cms/page-{}'.format(current_page), timeout=6)
advisories = re.findall('TYPO3-CORE-SA-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9]', response.text)

for advisory in advisories:
vulnerabilities = []
affected_version_max = '0.0.0'
Expand Down Expand Up @@ -164,7 +172,7 @@ def load_core_vulns(self):
if update_counter == 0:
print('[!] Already up-to-date.\n')
else:
print(' \u2514 Done. Added {} new CORE vulnerabilities to database.\n'.format(update_counter))
print(' \u2514 Done. Added {} new advisories to database.\n'.format(update_counter))
return True

def dlProgress(self, count, blockSize, totalSize):
Expand Down Expand Up @@ -250,13 +258,19 @@ def load_extension_vulns(self):
"""
print('\n[+] Searching for new extension vulnerabilities...')
update_counter = 0
response = requests.get('https://typo3.org/help/security-advisories/typo3-extensions/page-1')
pages = re.findall('<a class=\"page-link\" href=\"/help/security-advisories/typo3-extensions/page-([0-9]+)\">', response.text)
last_page = int(pages[-1])

next_page = 2
last_page = 99
cHash = ''
for current_page in range(1, last_page+1):
if current_page == 1:
url = 'https://typo3.org/help/security-advisories/typo3-extensions/'
else:
url = 'https://typo3.org/help/security-advisories/typo3-extensions/page?tx_news_pi1%5BcurrentPage%5D={}&amp;tx_sfeventmgt_pieventlist%5Baction%5D=list&amp;tx_sfeventmgt_pieventlist%5Bcontroller%5D=Event&amp;cHash={}'.format(current_page, cHash)
response = requests.get(url, timeout=6)
content = re.findall('<a class=\"page-link\" href=\"/help/security-advisories/typo3-extensions/page\?tx_news_pi1%5BcurrentPage%5D=([0-9]+)&amp;tx_sfeventmgt_pieventlist%5Baction%5D=list&amp;tx_sfeventmgt_pieventlist%5Bcontroller%5D=Event&amp;cHash=([0-9a-f]+)\"', response.text)
last_page = (content[-1])[0]
cHash = (content[0])[1]
print(' \u251c Page {}/{}'.format(current_page, last_page))
response = requests.get('https://typo3.org/help/security-advisories/typo3-extensions/page-{}'.format(current_page), timeout=6)
advisories = re.findall('TYPO3-EXT-SA-[0-9][0-9][0-9][0-9]-[0-9][0-9][0-9]', response.text)
for advisory in advisories:
vulnerabilities = []
Expand Down Expand Up @@ -335,5 +349,5 @@ def load_extension_vulns(self):
if update_counter == 0:
print('[!] Already up-to-date.\n')
else:
print(' \u2514 Done. Added {} new EXTENSION vulnerabilities to database.\n'.format(update_counter))
print(' \u2514 Done. Added {} new advisories to database.\n'.format(update_counter))
return True
2 changes: 1 addition & 1 deletion typo3scan.py
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@
# along with this program. If not, see [http://www.gnu.org/licenses/](http://www.gnu.org/licenses/)
#-------------------------------------------------------------------------------

__version__ = '1.0.1'
__version__ = '1.0.2'
__program__ = 'Typo3Scan'
__description__ = 'Automatic Typo3 enumeration tool'
__author__ = 'https://github.com/whoot'
Expand Down

0 comments on commit 9746b0f

Please sign in to comment.