{"id":13505119,"url":"https://github.com/psecio/versionscan","last_synced_at":"2025-04-06T00:06:28.895Z","repository":{"id":12504423,"uuid":"15174046","full_name":"psecio/versionscan","owner":"psecio","description":"A PHP version scanner for reporting possible vulnerabilities","archived":false,"fork":false,"pushed_at":"2019-11-21T16:32:50.000Z","size":877,"stargazers_count":254,"open_issues_count":3,"forks_count":30,"subscribers_count":14,"default_branch":"master","last_synced_at":"2024-05-02T05:54:04.349Z","etag":null,"topics":["cve","php","risk","scans","security"],"latest_commit_sha":null,"homepage":null,"language":"PHP","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/psecio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2013-12-13T21:03:00.000Z","updated_at":"2024-02-22T01:49:09.000Z","dependencies_parsed_at":"2022-09-16T23:10:48.913Z","dependency_job_id":null,"html_url":"https://github.com/psecio/versionscan","commit_stats":null,"previous_names":[],"tags_count":17,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psecio%2Fversionscan","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psecio%2Fversionscan/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psecio%2Fversionscan/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/psecio%2Fversionscan/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/psecio","download_url":"https://codeload.github.com/psecio/versionscan/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":247415966,"owners_count":20935388,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cve","php","risk","scans","security"],"created_at":"2024-08-01T00:00:58.861Z","updated_at":"2025-04-06T00:06:28.870Z","avatar_url":"https://github.com/psecio.png","language":"PHP","funding_links":[],"categories":["\u003ca id=\"8f92ead9997a4b68d06a9acf9b01ef63\"\u003e\u003c/a\u003e扫描器\u0026\u0026安全扫描\u0026\u0026App扫描\u0026\u0026漏洞扫描","Standalone","PHP","\u003ca id=\"132036452bfacf61471e3ea0b7bf7a55\"\u003e\u003c/a\u003e工具"],"sub_categories":["\u003ca id=\"de63a029bda6a7e429af272f291bb769\"\u003e\u003c/a\u003e未分类-Scanner","Bugs finders"],"readme":"versionscan\n===========\n\n[![Build Status](https://secure.travis-ci.org/psecio/versionscan.png?branch=master)](http://travis-ci.org/psecio/versionscan)\n[![Total Downloads](https://img.shields.io/packagist/dt/psecio/versionscan.svg?style=flat-square)](https://packagist.org/packages/psecio/versionscan)\n\nVersionscan is a tool for evaluating your currently installed PHP version\nand checking it against known CVEs and the versions they were fixed in\nto report back potential issues.\n\n**PLEASE NOTE:** Work is still in progress to adapt the tool to linux distributions that backport security fixes. As of right now, this only reports back for the straight up version reported.\n\nInstallation\n------------\n\n### Using Composer\n\n```\n{\n    \"require\": {\n        \"psecio/versionscan\": \"dev-master\"\n    }\n}\n```\n\nThe only current dependency is the Symfony console.\n\nUsage\n------------\n\nTo run the scan against your current PHP version, use:\n\n`bin/versionscan`\n\nThe script will check the `PHP_VERSION` for the current instance and\ngenerate the pass/fail results. The output looks similar to:\n\n```\nExecuting against version: 5.4.24\n+--------+---------------+------+------------------------------------------------------------------------------------------------------+\n| Status | CVE ID        | Risk | Summary                                                                                              |\n+--------+---------------+------+------------------------------------------------------------------------------------------------------+\n| FAIL   | CVE-2014-3597 | 6.8  | Multiple buffer overflows in the php_parserr function in ext/standard/dns.c in PHP before 5.4.32 ... |\n| FAIL   | CVE-2014-3587 | 4.3  | Integer overflow in the cdf_read_property_info function in cdf.c in file through 5.19, as used in... |\n```\n\nResults will be reported back colorized as well to easily show the pass/fail\nof the check.\n\nParameters\n------------\n\nThere are several parameters that can be given to the tool to configure its scans and results:\n\n### PHP Version\n\nIf you'd like to define a PHP version to check other than the one the script finds itself, you can use the `php-version` parameter:\n\n```\nbin/versionscan scan --php-version=4.3.2\n```\n\n### Report Only Failures\n\nYou can also tell the versionscan to only report back the failures and not the passing tests:\n\n```\nbin/versionscan scan --fail-only\n```\n\n### Sorting results\n\nYou can also sort the results either by the CVE ID or by severity (risk rating), with the `sort` parameter\nand either the \"cve\" or \"risk\" value:\n\n```\nbin/versionscan scan --sort=risk\n```\n\n### Output formats\n\nBy default *versionscan* will output information directly to the console in a human-readable result. You can also specify other output formats that may be easier to parse programatically (like JSON). Use the `--format` option to change the output:\n\n```\nvendor/bin/versionscan scan --php-version=5.5 --format=json\n```\n\nSupported output formats are `console`, `json`, `xml` and `html`.\n\nThe HTML output format requires an `--output` option of the directory to write the file:\n\n```\nvendor/bin/versionscan scan --php-version=5.5 --format=html --output=/var/www/output\n```\n\nThe result will be written to a file named something like `versionscan-output-20150808.html`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsecio%2Fversionscan","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpsecio%2Fversionscan","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpsecio%2Fversionscan/lists"}