{"id":13492568,"url":"https://github.com/fgeek/pyfiscan","last_synced_at":"2026-03-11T20:02:12.731Z","repository":{"id":8586213,"uuid":"10219238","full_name":"fgeek/pyfiscan","owner":"fgeek","description":"Free web-application vulnerability and version scanner","archived":false,"fork":false,"pushed_at":"2025-03-01T09:32:37.000Z","size":3411,"stargazers_count":574,"open_issues_count":0,"forks_count":117,"subscribers_count":38,"default_branch":"master","last_synced_at":"2025-10-11T16:19:49.361Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"other","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fgeek.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":"roadmap.txt","authors":null,"dei":null,"publiccode":null,"codemeta":null},"funding":{"patreon":"hsalo"}},"created_at":"2013-05-22T12:22:28.000Z","updated_at":"2025-09-19T13:23:09.000Z","dependencies_parsed_at":"2023-02-18T23:31:14.729Z","dependency_job_id":"47c9cc29-c3b5-4e5e-935d-5ae852dde1fd","html_url":"https://github.com/fgeek/pyfiscan","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/fgeek/pyfiscan","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fgeek%2Fpyfiscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fgeek%2Fpyfiscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fgeek%2Fpyfiscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fgeek%2Fpyfiscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fgeek","download_url":"https://codeload.github.com/fgeek/pyfiscan/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fgeek%2Fpyfiscan/sbom","scorecard":{"id":398413,"data":{"date":"2025-08-11","repo":{"name":"github.com/fgeek/pyfiscan","commit":"bea806afc4997be9dab17770a49e305c8c54b5d1"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3,"checks":[{"name":"Dangerous-Workflow","score":-1,"reason":"no workflows found","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Packaging","score":-1,"reason":"packaging workflow not detected","details":["Warn: no GitHub/GitLab publishing workflow detected."],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Token-Permissions","score":-1,"reason":"No tokens found","details":null,"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Code-Review","score":0,"reason":"Found 2/30 approved changesets -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Pinned-Dependencies","score":-1,"reason":"no dependencies found","details":null,"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"Vulnerabilities","score":10,"reason":"0 existing vulnerabilities detected","details":null,"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}},{"name":"License","score":9,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Warn: project license file does not contain an FSF or OSI license."],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":0,"reason":"branch protection not enabled on development/release branches","details":["Warn: branch protection not enabled for branch 'master'"],"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 2 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}}]},"last_synced_at":"2025-08-18T19:34:20.971Z","repository_id":8586213,"created_at":"2025-08-18T19:34:20.972Z","updated_at":"2025-08-18T19:34:20.972Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30398175,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-11T18:46:22.935Z","status":"ssl_error","status_checked_at":"2026-03-11T18:46:17.045Z","response_time":84,"last_error":"SSL_read: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-07-31T19:01:07.148Z","updated_at":"2026-03-11T20:02:12.709Z","avatar_url":"https://github.com/fgeek.png","language":"Python","readme":"# pyfiscan\n\nAbout\n-----\n\nPyfiscan is free web-application vulnerability and version scanner and can be\nused to locate out-dated versions of common web-applications in Linux-servers.\nExample use case is hosting-providers keeping eye on their users installations\nto keep up with security-updates. Fingerprints are easy to create and modify as\nuser can write those in YAML-syntax. Pyfiscan also contains tool to create\nemail alerts using templates.\n\nRequirements\n------------\n\n* Python 3\n* Python modules PyYAML docopt chardet\n* GNU/Linux web server\n\nTesting is done mainly with [GNU/Linux Debian](http://www.debian.org/) stable.\nWindows is not currently supported.\n\nDetects following software\n--------------------------\n\n* Abantecart\n* ATutor\n* b2evolution\n* BigTree CMS\n* Bugzilla\n* Centreon\n* Claroline\n* ClipperCMS\n* CMSimple\n* CMSimple_XH\n* CMSMS\n* Collabtive\n* Concrete5\n* Coppermine\n* Cotonti\n* Croogo\n* CubeCart\n* Dolibarr\n* Dotclear\n* Drupal\n* e107\n* Elefant CMS\n* EspoCRM\n* Etherpad\n* flatCore CMS\n* FluxBB\n* Foswiki\n* FUEL CMS\n* Gallery\n* Gollum\n* HelpDEZk\n* HumHub\n* ImpressCMS\n* ImpressPages\n* Jamroom\n* Joomla\n* Kanboard\n* KCFinder\n* LiteCart\n* Magnolia\n* Mahara\n* MantisBT\n* MediaWiki\n* Microweber\n* MiniBB\n* MODX Revolution\n* MoinMoin\n* MyBB\n* Nibbleblog\n* Open Source Social Network\n* OpenCart (recommends not to use this software)\n* osDate\n* ownCloud\n* Oxwall\n* PBBoard\n* phpBB3\n* PhpGedView\n* phpLiteAdmin\n* phpMyAdmin\n* Piwigo\n* Piwik\n* PmWiki\n* Postfix Admin\n* Redaxo\n* Redmine\n* Roundcube\n* SaurusCMS\n* Serendipity\n* Shaarli\n* Shopware\n* SMF\n* Spina CMS\n* SPIP\n* SQLiteManager\n* SquirrelMail\n* TestLink\n* TikiWiki\n* Trac\n* Vanilla Forums\n* WikkaWiki\n* WordPress\n* Zenario\n* Zenphoto\n* Zikula\n\nDetects following end-of-life software:\n---------------------------------------\n\n* Bugzilla 4.2 is end-of-life since [2015-11-30](https://bugzillaupdate.wordpress.com/2015/07/29/bugzilla-4-2-will-be-eol-on-20151130/)\n* Drupal 6 is end-of-life since [2016-02-24](https://www.drupal.org/drupal-6-eol)\n* Drupal 9.0 is end-of-life\n* Gallery 1\n* Joomla 1.5 is end-of-life since 2012-04-30\n* Joomla 1.6 is end-of-life since [2011-08-19](http://www.joomla.org/announcements/release-news/5380-joomla-170-released.html). 1.6.x should be upgraded to 1.6.6 before moving to 1.7.x\n* Joomla 1.7 is end-of-life since [2012-02-24](http://www.joomla.org/announcements/release-news/5411-joomla-175-released.html)\n* Joomla 2.5\n* MediaWiki 1.18\n* MediaWiki 1.19 is end-of-life since [2015-04-25](https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-May/000177.html)\n* MediaWiki 1.20\n* MediaWiki 1.21 is end-of-life since [2014-06-25](http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-June/000153.html)\n* MediaWiki 1.22\n* MediaWiki 1.23 is end-of-life since [2017-05-31](https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-May/000210.html)\n* MediaWiki 1.24\n* MediaWiki 1.25\n* MediaWiki 1.26 is end-of-life since [2016-11-20](https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-November/000204.html)\n* MediaWiki 1.27 is end-of-life since [2019-06-06](https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000231.html)\n* MediaWiki 1.28 is end-of-life since [2017-11-01](https://lists.wikimedia.org/pipermail/mediawiki-announce/2017-November/000214.html)\n* MediaWiki 1.29 is end-of-life since [2018-06](https://lists.wikimedia.org/pipermail/mediawiki-announce/2018-September/000223.html)\n* MediaWiki 1.30 is end-of-life since [2019-06-06](https://lists.wikimedia.org/pipermail/mediawiki-announce/2019-June/000231.html)\n* MediaWiki 1.31 is end-of-life since [2021-09-30](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/QA6DPFJ2RPJ5LWOJICI6Z6DOC57NFQ3R/)\n* MediaWiki 1.32 is end-of-life since [2020-01-23](https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-January/000245.html)\n* MediaWiki 1.33 is end-of-life since [2020-06-24](https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-June/000253.html)\n* MediaWiki 1.34 is end-of-life since [2020-11-30](https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-November/000266.html)\n* MediaWiki 1.36 is end-of-life since [2022-06-03](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/X3437NFUH47AOPM5YJYL3KR5PIGDITTJ/)\n* MediaWiki 1.37 is end-of-life since [2022-11-30](https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/U2IWQL3BHVQHYVFIX766JJJIS4PRQZMA/)\n* SaurusCMS\n* ownCloud 4\n* ownCloud 5\n* ownCloud 6\n* ownCloud 7\n* ownCloud 8.0\n* ownCloud 8.1\n* ownCloud 8.2\n\nInstallation\n------------\n\n    sudo apt install python3 python3-pip git virtualenv\n    git clone https://github.com/fgeek/pyfiscan.git \u0026\u0026 cd pyfiscan\n    virtualenv -p python3 venv\n    source ./venv/bin/activate\n    pip3 install -r requirements.lst\n\nor you can use [BlackArch Linux](http://www.blackarch.org/).\n\nNotes\n-----\n\n* WordPress\n  * [Announcing a secure SWFUpload fork](http://make.wordpress.org/core/2013/06/21/secure-swfupload/)\n* Joomla\n  * Upgrade should be done using \"Extension manager -\u003e Upgrade\" in version 1.6.6 and later\n  * [Release and support cycle](http://docs.joomla.org/Release_and_support_cycle)\n  * [Setup Security checklist](http://docs.joomla.org/Security_Checklist_4_-_Joomla_Setup)\n  * [Upgrading and migrating Joomla](http://docs.joomla.org/Upgrading_and_Migrating_Joomla)\n  * Joomla 2.x creates random SQL table prefix\n  * Joomla 3.x informs and shows user a button to remove installation-directory\n  * Creates ./configuration.php in installation\n  * Creates robots.txt, which contains word \"Joomla\"\n* SMF\n  * [End of life of SMF 1.0](http://www.simplemachines.org/community/index.php?P=e9a84908ee7f5c03d14c5ece4b58406e\u0026topic=472913.0)\n  * Installer requests users with button to delete install.php\n* TikiWiki\n  * [End of life of TikiWiki 7.x](http://info.tiki.org/article182-Tiki-8-1-Now-Available-End-of-Life-for-Tiki-7-x)\n  * [8.4 is last release of TikiWiki 8.x](http://info.tiki.org/article191-Tiki-Releases-8-4)\n  * [End of life of TikiWiki 8.x](http://info.tiki.org/article195-Tiki-Releases-9-0)\n* MediaWiki\n  * [End of Life of 1.18.x](http://www.mediawiki.org/wiki/Version_lifecycle)\n* Gallery\n  * Not installed when config.php is missing.\n  * http://codex.galleryproject.org/Gallery2:Security\n  * Upgrade using:\n      http://example.org/gallery3/index.php/upgrade\n      php index.php upgrade\n* phpBB (version unknown)\n  * Open installation is not a vulnerability since web-interface requests user to authenticate by inserting random data to file.\n* Coppermine\n  * Not installed when include/config.inc.php is missing.\n* Owncloud\n  * status.php outputs: {\"installed\":\"true\",\"version\":\"5.0.6\",\"versionstring\":\"5.0.5\",\"edition\":\"\"}\n* Piwigo\n  * Not installed if local/config/database.inc.php is missing.\n* Claroline\n  * Not installed when platform/conf/claro_main.conf.php is missing.\n  * Installation pages request user to remove claroline/install/ directory.\n\nHappy users\n-----------\n\n* DevNet Oy\n* Kapsi Internet-käyttäjät ry\n* Shellit.org\n* Loopia.se\n\nContributors\n------------\n\n* aapa\n* Ari-Martti Hopiavuori\n* Atte H. \"guaqua\"\n* Janne Cederberg\n* Joonas Kuorilehto\n* Juhamatti Niemelä\n* Linus Fogelholk\n* motikan2010\n* Olli Pekkola\n* Paul Grant\n* Tuomo Komulainen\n","funding_links":["https://patreon.com/hsalo"],"categories":["Python","\u003ca id=\"8f92ead9997a4b68d06a9acf9b01ef63\"\u003e\u003c/a\u003e扫描器\u0026\u0026安全扫描\u0026\u0026App扫描\u0026\u0026漏洞扫描","Miscellaneous","Python (1887)","\u003ca id=\"132036452bfacf61471e3ea0b7bf7a55\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"de63a029bda6a7e429af272f291bb769\"\u003e\u003c/a\u003e未分类-Scanner","CMS"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffgeek%2Fpyfiscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Ffgeek%2Fpyfiscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Ffgeek%2Fpyfiscan/lists"}