From owner-freebsd-questions@FreeBSD.ORG  Tue May  5 20:41:14 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 786DD10656F5
	for <freebsd-questions@freebsd.org>;
	Tue,  5 May 2009 20:41:13 +0000 (UTC)
	(envelope-from freebsd.questions@virtualhost.nl)
Received: from mail.virtualhost.nl (mail.virtualhost.nl [89.200.201.133])
	by mx1.freebsd.org (Postfix) with ESMTP id 47F168FC08
	for <freebsd-questions@freebsd.org>;
	Tue,  5 May 2009 20:41:12 +0000 (UTC)
	(envelope-from freebsd.questions@virtualhost.nl)
Received: (qmail 31098 invoked from network); 5 May 2009 22:41:11 +0200
Received: from ip120-12-208-87.adsl2.static.versatel.nl (HELO ?192.168.1.7?)
	(87.208.12.120)
	by mail.virtualhost.nl with SMTP; 5 May 2009 22:41:11 +0200
Message-ID: <4A00A467.9060506@virtualhost.nl>
Date: Tue, 05 May 2009 22:41:11 +0200
From: Jeroen Hofstee <freebsd.questions@virtualhost.nl>
User-Agent: Thunderbird 2.0.0.21 (Windows/20090302)
MIME-Version: 1.0
To: freebsd-questions@freebsd.org
References: <49FC4186.80608@virtualhost.nl>
	<200905052010.26393.mel.flynn+fbsd.questions@mailing.thruhere.net>
In-Reply-To: <200905052010.26393.mel.flynn+fbsd.questions@mailing.thruhere.net>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Subject: Re: local security scanner for vulnerable common opensource
	www	projects
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2009 20:41:15 -0000

Mel Flynn schreef:
> On Saturday 02 May 2009 14:50:14 Jeroen Hofstee wrote:
>  
>> I tried to find a program which could scan the local filesystem and
>> extract a lists of well known web projects (joomla, wordpress etc)
> Not that I'm aware of and it's hell to write and keep current.
>   
k, pitty. Although user can be jailed, it is still a bit unconfortable 
experience for users if their website looks
somewhat different then they are used to; or their message board 
suddenly contains 20000 additional post,
albeit due to their own lack of maintaining the scripts behind it. A 
reminder that their script has known
vulnerabities would therefore be nice, even if it doesn't pose a direct 
risk to the system as a whole.

Most of these open source projects are in the ports, so the portaudit db 
will contain vulnerability information
for them. If I find time, I will have a look if it is possible to match 
against that db.

Jeroen