local security scanner for vulnerable common opensource www projects

Mel Flynn mel.flynn+fbsd.questions at mailing.thruhere.net
Tue May 5 18:10:29 UTC 2009

On Saturday 02 May 2009 14:50:14 Jeroen Hofstee wrote:
> I tried to find a program which could scan the local filesystem and
> extract a lists of well known
> web projects (yoomla, wordpress etc), extract the installed version
> number and match it against
> a database of known vulnerabilities. Similiar to portaudit, but then for
> the standard scripts users
> install themselves. I was unable to find such a program in the ports.
> Does such an utilities exists for FreeBSD ?

Not that I'm aware of and it's hell to write and keep current.
There's 2 good policies for this kind of thing:
- Don't allow any plugins of any kind to be installed via CMS/Gallery software 
etc. and deal with the complaints
- Put them in a seperate jail and make sure client understands he's 
responsible for getting hacked and loosing hours of work by installing unsafe 


More information about the freebsd-questions mailing list