vulmon / vulmap Goto Github PK

View Code? Open in Web Editor NEW

920.0 920.0 195.0 23.78 MB

Vulmap Online Local Vulnerability Scanners Project

Home Page: https://vulmon.com

License: GNU General Public License v3.0

PowerShell 48.02% Python 51.98%

vulmap's People

Contributors

Stargazers

Watchers

Forkers

ozelfatih dragon040 miteshkwan meliht pbutler6163 justinhachemeister teicu sasqwatch cclauss c002 nag1bat0r stjordanis rahmiy urieloko c0axial dracv nachogarciaegea gadoi meow-jsx tai-euler fraggler0ck crackercat npc7 threatintel-c hellor00t chickenbone modulexcite daydayup40 5icorgi jack51706 piggypage afgnsu mlynchcogent u53r55 ababook ith4cker flatl1neapt m4rm0k racestart returnhere kt0721 rootorben hernannh cyberfallen teteran r3vy tinydile njahrckstr hakanbayir jwxa2015 martinberra benhe119 byte4sec wpczoe masterscott chaos-monkey-island lnt3rrupt wooluo gan-qi tailless-monkey itcytandchenmeng fourteenminusone lager1 azizfofanagithub pentest-tools cx01 chubbymaggie 5l1v3r1 flywithoutwings longfeide2008 tobey123 r4b3rt keyman9848 heyseafh kamranjaved2662 whois-bogeyman cpyang quinn-yan blackstarkk elleuchx1 bergercookie radenvodka securestep9 wifiuk preventions nvitanovic mr-beardface mkulasi kimusan sarulon sibwara turall th3xace mak2016 t-shield skymysky greatspider135 adampielak smugzombie vedattascier

vulmap's Issues

Read directly from the DPKG or YUM output

It may be possible to read directly from the result of dpkg-l or yum list installed

like this

dpkg -l > softwares
python vulmap.py softwares

This can be very useful in some situations.

JSONDecodeError

I tried to run the script on an Ubuntu 20.04.1 LTS (GNU/Linux 5.4.0-1025-aws x86_64). The simplejson package is the one that came with Ubuntu through apt:

$ apt list --installed | grep simplejson

python3-simplejson/focal,now 3.16.0-2ubuntu2 amd64 [installed,automatic]

This is the result from python3 vulmap-linux.py:

[Info] Default Mode. Check vulnerabilities of installed packages...

Traceback (most recent call last):
  File "vulmap-linux.py", line 312, in <module>
    vulnerabilityScan()
  File "vulmap-linux.py", line 268, in vulnerabilityScan
    outResults(queryData)
  File "vulmap-linux.py", line 102, in outResults
    response = sendRequest(queryData)
  File "vulmap-linux.py", line 93, in sendRequest
    response = (requests.post(url, data=body, headers=headers)).json()
  File "/usr/lib/python3/dist-packages/requests/models.py", line 897, in json
    return complexjson.loads(self.text, **kwargs)
  File "/usr/lib/python3/dist-packages/simplejson/__init__.py", line 518, in loads
    return _default_decoder.decode(s)
  File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 370, in decode
    obj, end = self.raw_decode(s)
  File "/usr/lib/python3/dist-packages/simplejson/decoder.py", line 400, in raw_decode
    return self.scan_once(s, idx=_w(s, idx).end())
simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0)

Improvment suggestion

The tools should add the operating system version in the inventory. So the vulnerabilities associated to Windows system (and affectinf SMB or other built-in module) can be known

API always return "no result"

Hi,

it seems the APIs are broken, as the software always return no results, even if it is vulnerable

{'message': '', 'status': '1004', 'status_message': 'no result'}

The following result is on a machine with known vulnerabilities and a working internet connection:

[Info] Vulnerability scan started...
[Info] Default Mode. Check vulnerabilities of installed packages...

[Status] Total Exploits: 0

Let me know if you need additional details

[Status] Total Exploits: 0 --- I cant download any CVE or exploits

_@DESKTOP-GG23M21-wsl- Vulmap-Linux$ python3 vulmap-linux.py -a
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||

  ██╗        ██╗   ██╗██╗   ██╗██╗     ███╗   ███╗ █████╗ ██████╗
  ╚██╗       ██║   ██║██║   ██║██║     ████╗ ████║██╔══██╗██╔══██╗
   ╚██╗      ██║   ██║██║   ██║██║     ██╔████╔██║███████║██████╔╝
   ██╔╝      ╚██╗ ██╔╝██║   ██║██║     ██║╚██╔╝██║██╔══██║██╔═══╝
  ██╔╝███████╗╚████╔╝ ╚██████╔╝███████╗██║ ╚═╝ ██║██║  ██║██║
  ╚═╝ ╚══════╝ ╚═══╝   ╚═════╝ ╚══════╝╚═╝     ╚═╝╚═╝  ╚═╝╚═╝
===================================================================
\                       Vulmon Mapper v2.2                        /
 \                        www.vulmon.com                         /
  \=============================================================/

[Info] Vulnerability scan started...
[Info] All Exploit Mode. All exploit download mode starting...

[Status] Total Exploits: 0

any ideas?

No RHEL support

Hi,

The Linux script runs only on Debian based distros. When executing on RHEL I get the following:

/bin/sh: dpkg-query: command not found
[Info] Vulnerability scan started...
[Info] Default Mode. Check vulnerabilities of installed packages...

[Status] Total Exploits: 0

The function may be expanded to run a specific one based on the Distro:
https://github.com/vulmon/Vulmap/blob/master/Vulmap-Linux/vulmap-linux.py#L224

Is there going to be support for RHEL, and are you open to pull requests?

Thanks!

scan one asset

how to scan one asset only on local network! or this is not supported!

when I use https://vulmon.com/scannerapi_vv211 to get exploits info, I get response like this: 'message': 'You have reached your monthly 100 requests limit.', 'status': '1015', 'status_message': 'Rate limiting error'. How can I break the limit ?

API Returns No Result Regardless

API is responding but constantly pumping out a 'no result' verdict regardless of what I run it against, even tried running it against a 12 month old version of chrome and got 'no result'. Working internet connect and known vulnerable software but still get the below response, running on win10:

{'message': '', 'status': '1004', 'status_message': 'no result'}
[Info] Vulnerability scan started...
Invoke-WebRequest : The remote server returned an error: (500) Internal Server Error.
At line:110 char:21
return (Invoke-WebRequest -Uri https://vulmon.com/scannerapi_vv21 ...
CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException
FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand
[Info] Default Mode. Check vulnerabilities of installed packages...
[Status] Total Exploits: 0

Let me know if you need additional details

CLICK JACKING

Description :
Click jacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to another page, most likely owned by another application, domain, or both.

Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of stylesheets, iframes, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker.

POC:

UI REDRESSING

WEBSITE IS VULNERABLE TO UI REDRESSING

Impact:
Any User can be lured in to click on whats look like a functionality of the website but is actually an attackers frame button containing some malicious javascript code or redirection code leading the user to a vulnerable site . And as the vulnerability persists even after the user is logged in which makes it even more sever.

Suggested Fix:
Add an iframe destroyer in the page headers.

dpkg-query

/bin/sh: dpkg-query: command not found

Why no automated testing? Travis CI, CircleCI, AppVeyor, Azure Pipelines, etc?

It would be cool to see what Vulmap can find in these free testing environments.

https://docs.travis-ci.com/user/languages/python/#running-python-tests-on-multiple-operating-systems

Replace http with https

I suggest to replace all instances of http with https, e.g.
https://vulmon.com/scannerapi?...
https://vulmon.com/downloadexploit?...
...

return all CVEs for an application

normally, when the CVEs of a vulnerable application are returned, only those with a higher CVSS value are shown.

Would it be possible to return all the CVEs from the application or to have them sorted by date of publication?

improvement suggestion

Dear Team,

In case client machine does not have python installed, can you have plan to release a bash version ? This would be awesome, and great help for the community.

improvement suggestion

Can you improve the Windows Script to make scan on remote computers ?

deleted content

close this issue

Bogus results on Debian 9.x (stretch): file

Hi, I just ran vulmap on my workstation that is running Debian 9 (stretch) plus selected backports. I was shown a large number of exploitable vulnerabilities, most of which seemed bogus.
My hunch is that the long list of ancient CVE-listed bugs for file (see below) is shown because your service does not take into account the epoch in the version number.
If necessary, please refer to deb-version(5) for details on how to interpret version strings on Debian and derivative distributions.

[*] Vulnerability Found!
[>] Product: file 1:5.30-1+deb9u2
[+] CVEID: CVE-2004-1304	Score: 10	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2004-1304
	[*] Available Exploits!!!
	[!] Exploit ID: EDB&qid URL: http://vulmon.com/exploitdetails?qidtp=EDB&qid=24784 (File ELF 4.x - Header Buffer Overflow)
[+] CVEID: CVE-2009-3930	Score: 9.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2009-3930
[+] CVEID: CVE-2007-1536	Score: 9.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2007-1536
	[*] Available Exploits!!!
	[!] Exploit ID: EDB&qid URL: http://vulmon.com/exploitdetails?qidtp=EDB&qid=29753 (File(1) 4.13 - Command File_PrintF Integer Underflow)
[+] CVEID: CVE-2007-2026	Score: 7.8	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2007-2026
[+] CVEID: CVE-2014-9653	Score: 7.5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-9653
[+] CVEID: CVE-2019-8907	Score: 6.8	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2019-8907
[+] CVEID: CVE-2019-8904	Score: 6.8	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2019-8904
[+] CVEID: CVE-2019-8905	Score: 6.8	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2019-8905
[+] CVEID: CVE-2019-8906	Score: 6.8	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2019-8906
[+] CVEID: CVE-2009-1515	Score: 6.8	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2009-1515
[+] CVEID: CVE-2007-2799	Score: 5.1	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2007-2799
[+] CVEID: CVE-2014-9652	Score: 5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-9652
[+] CVEID: CVE-2014-9621	Score: 5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-9621
[+] CVEID: CVE-2014-9620	Score: 5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-9620
[+] CVEID: CVE-2014-8116	Score: 5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-8116
[+] CVEID: CVE-2014-8117	Score: 5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-8117
[+] CVEID: CVE-2014-3478	Score: 5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-3478
[+] CVEID: CVE-2014-3538	Score: 5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-3538
[+] CVEID: CVE-2013-7345	Score: 5	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2013-7345
[+] CVEID: CVE-2003-0102	Score: 4.6	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2003-0102
	[*] Available Exploits!!!
	[!] Exploit ID: EDB&qid URL: http://vulmon.com/exploitdetails?qidtp=EDB&qid=22324 (File 3.x - Local Stack Overflow Code Execution (1))
	[!] Exploit ID: EDB&qid URL: http://vulmon.com/exploitdetails?qidtp=EDB&qid=22325 (File 3.x - Local Stack Overflow Code Execution (2))
[+] CVEID: CVE-2018-10360	Score: 4.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2018-10360
[+] CVEID: CVE-2014-3587	Score: 4.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-3587
[+] CVEID: CVE-2014-3479	Score: 4.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-3479
[+] CVEID: CVE-2014-3487	Score: 4.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-3487
[+] CVEID: CVE-2014-0207	Score: 4.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-0207
[+] CVEID: CVE-2014-3480	Score: 4.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-3480
[+] CVEID: CVE-2014-2270	Score: 4.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2014-2270
[+] CVEID: CVE-2012-1571	Score: 4.3	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2012-1571
[+] CVEID: CVE-2017-1000249	Score: 2.1	URL: http://vulmon.com/vulnerabilitydetails?qid=CVE-2017-1000249

Vulmap started...
Collecting software inventory...
Software inventory collected
Vulnerability scanning started...
Checked 89 items
Vulmon.com Api returned message:
Done.

Downloading fails on w10 version 1803

(OS Build 17134.2026)

For some reason it fails for me:

PS C:\Users\USERNAME> iex(New-Object Net.WebClient).DownloadString('https://raw.githubusercontent.com/vulmon/Vulmap/master
/Vulmap-Windows/vulmap-windows.ps1')
>>
Exception calling "DownloadString" with "1" argument(s): "The request was aborted: Could not create SSL/TLS secure chan
nel."
At line:1 char:1
+ iex(New-Object Net.WebClient).DownloadString('https://raw.githubuserc ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : WebException

Firefox Vulnerability Version checking bug

These CVE's are dated 10 years before this firefox version was even released.

firefox 69.0.3 CVE-2009-2469 10 https://vulmon.com/vulnerabilitydetails?qid=CVE-2009-2469
firefox 69.0.3 CVE-2007-2176 10 https://vulmon.com/vulnerabilitydetails?qid=CVE-2007-2176