Monday, October 24, 2011

CrudMiner: find (some) known-vulnerable software in a web root

A while ago I inherited a large webserver full of user-installed PHP software. As it is nearly always the case, when clients are allowed to install their own software, they never actually bother to keep it patched and updated. I looked for a solution that would help me keep an eye on all the crud that my clients are installing, and either notify me when something is known to be vulnerable, or preferably first nag them for a while, and then notify me if they don't update it.

I couldn't find anything, so I wrote CrudMiner to fill that gap.

I need your help, though. The crud.ini file is basically just a drop in the bucket. I need help collecting more information and updating the file with the latest info. Any volunteers? :)

I have submitted it to Fedora for package review, if anyone is interested:

No comments: