Versionscan - A Php Version Scanner For Reporting Possible Vulnerabilities


Versionscan is a tool for evaluating your currently installed PHP version together with checking it against known CVEs together with the versions they were fixed inwards to written report dorsum potential issues.
PLEASE NOTE: Work is withal inwards progress to adapt the tool to linux distributions that backport safety fixes. As of correct now, this alone reports dorsum for the straight upward version reported.

Installation

Using Composer
{     "require": {         "psecio/versionscan": "dev-master"     } }
The alone electrical flow dependency is the Symfony console.

Usage
To piece of occupation the scan against your electrical flow PHP version, use:
bin/versionscan
The script volition banking concern agree the PHP_VERSION for the electrical flow illustration together with generate the pass/fail results. The output looks similar to:
Executing against version: 5.4.24 +--------+---------------+------+------------------------------------------------------------------------------------------------------+ | Status | CVE ID        | Risk | Summary                                                                                              | +--------+---------------+------+------------------------------------------------------------------------------------------------------+ | FAIL   | CVE-2014-3597 | 6.8  | Multiple buffer overflows inwards the php_parserr purpose inwards ext/standard/dns.c inwards PHP earlier 5.4.32 ... | | FAIL   | CVE-2014-3587 | 4.3  | Integer overflow inwards the cdf_read_property_info purpose inwards cdf.c inwards file through 5.19, every bit used in... |
Results volition survive reported dorsum colorized every bit good to easily exhibit the pass/fail of the check.

Parameters
There are several parameters that tin survive given to the tool to configure its scans together with results:

PHP Version
If you'd similar to define a PHP version to banking concern agree other than the i the script finds itself, y'all tin utilisation the php-version parameter:
bin/versionscan scan --php-version=4.3.2

Report Only Failures
You tin also say the versionscan to alone written report dorsum the failures together with non the passing tests:
bin/versionscan scan --fail-only

Sorting results
You tin also kind the results either yesteryear the CVE ID or yesteryear severity (risk rating), amongst the sort parameter together with either the "cve" or "risk" value:
bin/versionscan scan --sort=risk

Output formats
By default versionscan volition output information straight to the console inwards a human-readable result. You tin also specify other output formats that may survive easier to parse programatically (like JSON). Use the --format selection to alter the output:
vendor/bin/versionscan scan --php-version=5.5 --format=json
Supported output formats are console, json, xml together with html.
The HTML output format requires an --output selection of the directory to write the file:
vendor/bin/versionscan scan --php-version=5.5 --format=html --output=/var/www/output
The number volition survive written to a file named something similar versionscan-output-20150808.html