From owner-freebsd-questions@FreeBSD.ORG Sat May 2 12:50:22 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id D7698106566C for ; Sat, 2 May 2009 12:50:22 +0000 (UTC) (envelope-from freebsd.questions@virtualhost.nl) Received: from mail.virtualhost.nl (mail.virtualhost.nl [89.200.201.133]) by mx1.freebsd.org (Postfix) with ESMTP id 3239D8FC15 for ; Sat, 2 May 2009 12:50:16 +0000 (UTC) (envelope-from freebsd.questions@virtualhost.nl) Received: (qmail 49695 invoked from network); 2 May 2009 14:50:14 +0200 Received: from ip120-12-208-87.adsl2.static.versatel.nl (HELO ?192.168.1.7?) (87.208.12.120) by mail.virtualhost.nl with SMTP; 2 May 2009 14:50:14 +0200 Message-ID: <49FC4186.80608@virtualhost.nl> Date: Sat, 02 May 2009 14:50:14 +0200 From: Jeroen Hofstee User-Agent: Thunderbird 2.0.0.21 (Windows/20090302) MIME-Version: 1.0 To: freebsd-questions@freebsd.org Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: local security scanner for vulnerable common opensource www projects X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 02 May 2009 12:50:23 -0000 I tried to find a program which could scan the local filesystem and extract a lists of well known web projects (yoomla, wordpress etc), extract the installed version number and match it against a database of known vulnerabilities. Similiar to portaudit, but then for the standard scripts users install themselves. I was unable to find such a program in the ports. Does such an utilities exists for FreeBSD ? Jeroen