Webapp-Scanner
Webhosting customers are messies, at least some of them - or (sadly, that's the truth) the bigger part of them. Some people still think they can run the same blog software or CMS for years without ever caring about upgrading. I tell my customers over and over how important it is, to keep their website up-to-date and don't let any outdated code lying around. Still, as long as their website doesn't get hacked or defaced, they don't really seem to care.
If you're in the same situation as me and you are providing webhosting services to your friends or customers, read on.
Purpose
The onlime/webapp-scanner script scans the user directories and reports the installed CMS packages and what version it is running. It can be set to report just outdated packages and scan specific users. It has the ability to search for common versions of the following packages:
- WordPress
- Typo3
- Joomla
- Drupal
- e107
- Mambo
- MediaWiki
- OpenX
- osCommerce2
- phpBB3
- Piwigo
- Redmine
- X-Cart
- XOOPS
- ZenCart
The script is based on Software Version finder by James Dooley. I have extended it to also scan for Typo3 installations and provide some more output.
Installation
$ cd /opt/
$ git clone https://github.com/onlime/webapp-scanner.git webapp-scanner
$ cd webapp-scanner
$ chmod +x webapp-scanner.sh
That's it. If you wish to scan all your customers homes, make sure you run this as root. It won't alter any files on your system, simply scan it.
For more convenience, add the following alias to your ~/.bashrc or globally to /etc/profile:
alias webappscanner='/opt/webapp-scanner/webapp-scanner.sh'
Usage
For usage please consult the README on Github.
Sample output:
Scanning the whole /var/www recursively for any webapps (this will also report webapps that are up-to-date):
$ webappscanner --directory /var/www/
Typo3_4.5 4.5.25 4.5.32 /var/www/web123/public_html/www/
Typo3_4.5 4.5.30 4.5.32 /var/www/web345/public_html/www/
Typo3_4.7 4.7.17 4.7.17 /var/www/web678/public_html/www/
Joomla_1.5 1.5.15 1.5.999 /var/www/web111/public_html/old/
Joomla_1.5 1.5.26 1.5.999 /var/www/web222/public_html/www/
Joomla_3.2 3.1.5 3.2.2 /var/www/web101/public_html/www/
Joomla_3.2 3.0.3 3.2.2 /var/www/web202/public_html/www/
Joomla_3.2 3.2.2 3.2.2 /var/www/web303/public_html/relaunch/
WordPress 3.8 3.8.1 /var/www/web110/public_html/www/
WordPress 3.8.1 3.8.1 /var/www/web120/public_html/www/
CSV output:
In addition to the default output, we will get an additional version status code:
- 0:
OK(version equals or is greater than current version) - 1:
WARNING(version is greater than minimal version but not >= current version) - 2:
CRITICAL(version is lower than minimal version)
sample output:
$ webappscanner --directory /var/www/ --csv
Typo3_4.5,4.5.25,4.5.32,1,/var/www/web123/public_html/www/
Typo3_4.5,4.5.30,4.5.32,1,/var/www/web345/public_html/www/
Typo3_4.7,4.7.17,4.7.17,0,/var/www/web678/public_html/www/
Joomla_1.5,1.5.15,1.5.999,1,/var/www/web111/public_html/old/
Joomla_1.5,1.5.26,1.5.999,1,/var/www/web222/public_html/www/
Joomla_3.2,3.1.5,3.2.2,2,/var/www/web101/public_html/www/
Joomla_3.2,3.0.3,3.2.2,2,/var/www/web202/public_html/www/
Joomla_3.2,3.2.2,3.2.2,0,/var/www/web303/public_html/relaunch/
WordPress,3.8,3.8.1,1,/var/www/web110/public_html/www/
WordPress,3.8.1,3.8.1,0,/var/www/web120/public_html/www/
With the CSV output you are able to use our webapp-scanner in your own application. You could e.g. warn your customers on a weekly basis about their outdated web applications. As a responsible web hosting provider, you should force them earlier or later to upgrade their installations to the latest versions. Also, you should provide them with HOWTO's, instructions, or personal support to ease the upgrade process of their web applications.
