VersionInferrer

Requirements

Python 3
pip
SQLite or PostgreSQL or both (for easier distribution of the index)

Installation

Download VersionInferrer by cloning this repository, e.g. via

git clone https://github.com/wichmannpas/VersionInferrer.git

Install the required Python packages via:

pip install -r requirements.txt

Optional: If you want to use PostgreSQL, you need to install psycopg2:

pip install psycopg2-binary

or pip install --no-binary :all: psycopg2 (see official documentation) if you want to build the binary yourself (requires a C toolchain).

Configuration

Copy settings_local.py.example to settings_local.py.

Edit settings_local.py to override the default settings in settings.py, e.g. the configuration for PostgreSQL database name, user and password.

Using a prepared Index

Under Releases of VersionInferrer's GitHub repository, there are ready to use indexes which are updated irregularily. By using these precomputed indexes, a lot of computing time is saved which is needed to create the index and this also saves a significant amount of disk space (~30 MB vs. ~5 GB).

Creating the Index

Note: This step is not necessary if a prepared index is used!

Note: Initially, this takes quite a while! On a fairly modern computer (Intel Core i7 2.6 GHz, 16 GB RAM, NVMe SSD) it took about 4,5 hours! After that, subsequent runs of ./update_index.py will only add versions that are not indexed, yet. This will result in much faster, incremental updates of the index.

Note: The index will take some disk space (~800 MB for the database and ~4 GB for the cache with different software versions). Therefore make sure to have enough disk space!

Simply run:

./update_index.py

Distributing the Index

To distribute the index, the larger PostgreSQL database base can be squeezed into a much smaller SQLite database which is even smaller when compressed.

For converting the PostgreSQL database to SQLite, the postgres_to_sqlite in the project root can be used: ./postgres_to_sqlite POSTGRES_DB SQLITE_DB

Usage

Note: On first usage, VersionInferrer will download CVE statistics since 2002 up to now. Depending on your computer and network connection, this will take while (a few minutes).

Single site

Run ./analyze_site.py and pass a URL with the website to analyze, e.g.:

./analyze_site.py https://example.com

For more options see ./analyze_site.py --help.

Multiple sites

VersionInferrer includes a tool for scanning a large list of websites: ./scan_sites.py.

This tool can either scan a manually submitted list in form of a text file with multiple URLs, each on a separate line, by specifiying the name of this file with the --urls-from-file option.

Alternatively, if no list is given, the Majestic Million list is taken automatically.

For further help and more options see ./scan_sites.py --help.

Name	Name	Last commit message	Last commit date
Latest commit TrellixVulnTeam and wichmannpas Adding tarfile member sanitization to extractall() Nov 25, 2022 d53433d · Nov 25, 2022 History 315 Commits
analysis	analysis	Analysis: primary URL rewrite: Fix for absolute paths	Sep 17, 2020
backends	backends	Complete index retrieval: respect alternative names as well	Aug 26, 2020
base	base	further code style	Mar 5, 2019
cve	cve	Update URL for NVD CVE feed and fix new schema	Apr 13, 2021
definitions	definitions	Definitions: Add Gitlab and Jitsi, Deb provider: support debs with XZ	Sep 16, 2020
files	files	extensionless file: do not consider for analysis	Nov 19, 2020
indexing	indexing	further code style	Mar 5, 2019
providers	providers	Adding tarfile member sanitization to extractall()	Nov 25, 2022
scanning	scanning	further code style	Mar 5, 2019
tests	tests	Utils: Add most_recent_version function	Dec 23, 2017
vendor	vendor	vendor/update: Use bash instead of sh to fix push/popd on Debian	Jan 15, 2018
.gitignore	.gitignore	gitignore: pycharm	Mar 5, 2019
LICENSE	LICENSE	Add LICENSE	Dec 24, 2017
Makefile	Makefile	Add tests for resource and utils	Sep 29, 2017
README.md	README.md	Add more information about index and scan_sites.py	Jan 17, 2019
__init__.py	__init__.py	Draft for definitions, providers, software packages; git provider	Aug 1, 2017
analyze_site.py	analyze_site.py	Complete index retrieval: respect alternative names as well	Aug 26, 2020
compare_versions.py	compare_versions.py	Add version comparison script	Aug 19, 2020
evaluate_scan_results.py	evaluate_scan_results.py	further code style	Mar 5, 2019
pairwise_comparison.py	pairwise_comparison.py	Add pairwise comparison script	Apr 9, 2018
postgres_to_sqlite	postgres_to_sqlite	postgres_to_sqlite: explicitly ignore scan_result table	Feb 17, 2018
requirements-evaluation.txt	requirements-evaluation.txt	Evaluation: aggregate vulnerable versions	Jan 13, 2018
requirements.txt	requirements.txt	Git provider: Use pygit2 to directly extract data from raw repositories	Sep 27, 2018
scan_sites.py	scan_sites.py	scan sites: allow log file configuration	Dec 11, 2018
settings.py	settings.py	Do not regard <a> tags	Sep 16, 2020
settings_local.py.example	settings_local.py.example	Split settings to local settings; do not source local settings for unit	Nov 3, 2017
update_cve.py	update_cve.py	Add CVE statistics wrapper	Jan 12, 2018
update_index.py	update_index.py	Abstract syntax tree: disable tree construction due to max recursion	Jan 2, 2018

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

VersionInferrer

Requirements

Installation

Configuration

Using a prepared Index

Creating the Index

Distributing the Index

Usage

Single site

Multiple sites

About

Releases

Packages

Contributors 3

Languages

License

wichmannpas/VersionInferrer

Folders and files

Latest commit

History

Repository files navigation

VersionInferrer

Requirements

Installation

Configuration

Using a prepared Index

Creating the Index

Distributing the Index

Usage

Single site

Multiple sites

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 3

Languages

Packages