Pyfiscan is free web-application vulnerability and version scanner and can be used to locate out-dated versions of common web-applications in Linux-servers. Example use case is hosting-providers keeping eye on their users installations to keep up with security-updates. Fingerprints are easy to create and modify as user can write those in YAML-syntax. Pyfiscan also contains tool to create email alerts using templates.

• Python 3
• Python modules PyYAML docopt chardet
• GNU/Linux web server

Testing is done mainly with GNU/Linux Debian stable. Windows is not currently supported.

• Abantecart
• ATutor
• b2evolution
• BigTree CMS
• Bugzilla
• Centreon
• Claroline
• ClipperCMS
• CMSimple
• CMSimple_XH
• CMSMS
• Collabtive
• Concrete5
• Coppermine
• Cotonti
• Croogo
• CubeCart
• Dolibarr
• Dotclear
• Drupal
• e107
• Elefant CMS
• EspoCRM
• Etherpad
• flatCore CMS
• FluxBB
• Foswiki
• FUEL CMS
• Gallery
• Gollum
• HelpDEZk
• HumHub
• ImpressCMS
• ImpressPages
• Jamroom
• Joomla
• Kanboard
• KCFinder
• LiteCart
• Magnolia
• Mahara
• MantisBT
• MediaWiki
• Microweber
• MiniBB
• MODX Revolution
• MoinMoin
• MyBB
• Nibbleblog
• Open Source Social Network
• OpenCart (recommends not to use this software)
• osDate
• ownCloud
• Oxwall
• PBBoard
• phpBB3
• PhpGedView
• phpLiteAdmin
• phpMyAdmin
• Piwigo
• Piwik
• PmWiki
• Postfix Admin
• Redaxo
• Redmine
• Roundcube
• SaurusCMS
• Serendipity
• Shaarli
• Shopware
• SMF
• Spina CMS
• SPIP
• SQLiteManager
• SquirrelMail
• TestLink
• TikiWiki
• Trac
• Vanilla Forums
• WikkaWiki
• WordPress
• Zenario
• Zenphoto
• Zikula

• Bugzilla 4.2 is end-of-life since 2015-11-30
• Drupal 6 is end-of-life since 2016-02-24
• Drupal 9.0 is end-of-life
• Gallery 1
• Joomla 1.5 is end-of-life since 2012-04-30
• Joomla 1.6 is end-of-life since 2011-08-19. 1.6.x should be upgraded to 1.6.6 before moving to 1.7.x
• Joomla 1.7 is end-of-life since 2012-02-24
• Joomla 2.5
• MediaWiki 1.18
• MediaWiki 1.19 is end-of-life since 2015-04-25
• MediaWiki 1.20
• MediaWiki 1.21 is end-of-life since 2014-06-25
• MediaWiki 1.22
• MediaWiki 1.23 is end-of-life since 2017-05-31
• MediaWiki 1.24
• MediaWiki 1.25
• MediaWiki 1.26 is end-of-life since 2016-11-20
• MediaWiki 1.27 is end-of-life since 2019-06-06
• MediaWiki 1.28 is end-of-life since 2017-11-01
• MediaWiki 1.29 is end-of-life since 2018-06
• MediaWiki 1.30 is end-of-life since 2019-06-06
• MediaWiki 1.31 is end-of-life since 2021-09-30
• MediaWiki 1.32 is end-of-life since 2020-01-23
• MediaWiki 1.33 is end-of-life since 2020-06-24
• MediaWiki 1.34 is end-of-life since 2020-11-30
• MediaWiki 1.36 is end-of-life since 2022-06-03
• MediaWiki 1.37 is end-of-life since 2022-11-30
• SaurusCMS
• ownCloud 4
• ownCloud 5
• ownCloud 6
• ownCloud 7
• ownCloud 8.0
• ownCloud 8.1
• ownCloud 8.2

sudo apt install python3 python3-pip git virtualenv
git clone https://github.com/fgeek/pyfiscan.git && cd pyfiscan
virtualenv -p python3 venv
source ./venv/bin/activate
pip3 install -r requirements.lst

or you can use BlackArch Linux.

• WordPress
  • Announcing a secure SWFUpload fork
• Joomla
  • Upgrade should be done using "Extension manager -> Upgrade" in version 1.6.6 and later
  • Release and support cycle
  • Setup Security checklist
  • Upgrading and migrating Joomla
  • Joomla 2.x creates random SQL table prefix
  • Joomla 3.x informs and shows user a button to remove installation-directory
  • Creates ./configuration.php in installation
  • Creates robots.txt, which contains word "Joomla"
• SMF
  • End of life of SMF 1.0
  • Installer requests users with button to delete install.php
• TikiWiki
  • End of life of TikiWiki 7.x
  • 8.4 is last release of TikiWiki 8.x
  • End of life of TikiWiki 8.x
• MediaWiki
  • End of Life of 1.18.x
• Gallery
  • Not installed when config.php is missing.
  • http://codex.galleryproject.org/Gallery2:Security
  • Upgrade using: http://example.org/gallery3/index.php/upgrade php index.php upgrade
• phpBB (version unknown)
  • Open installation is not a vulnerability since web-interface requests user to authenticate by inserting random data to file.
• Coppermine
  • Not installed when include/config.inc.php is missing.
• Owncloud
  • status.php outputs: {"installed":"true","version":"5.0.6","versionstring":"5.0.5","edition":""}
• Piwigo
  • Not installed if local/config/database.inc.php is missing.
• Claroline
  • Not installed when platform/conf/claro_main.conf.php is missing.
  • Installation pages request user to remove claroline/install/ directory.

• DevNet Oy
• Kapsi Internet-käyttäjät ry
• Shellit.org
• Loopia.se

• aapa
• Ari-Martti Hopiavuori
• Atte H. "guaqua"
• Janne Cederberg
• Joonas Kuorilehto
• Juhamatti Niemelä
• Linus Fogelholk
• motikan2010
• Olli Pekkola
• Paul Grant
• Tuomo Komulainen