云南龙网

  1. 首页 > 云知道 > >

漏洞扫描工具有哪些 常用web漏洞扫描工具推荐( 二 )

云知道


$ pip-auditNo known vulnerabilities found审计给定requirements文件的依赖:
$ pip-audit -r ./requirements.txtNo known vulnerabilities found审计一个requirements文件 , 并排除系统包:
$ pip-audit -r ./requirements.txt -lNo known vulnerabilities found审计依赖中发现的安全漏洞:
$ pip-auditFound 2 known vulnerabilities in 1 packageNameVersion IDFix Versions----------- -------------- ------------Flask 0.5PYSEC-2019-179 1.0Flask 0.5PYSEC-2018-660.12.3审计依赖(包含描述):
$ pip-audit --descFound 2 known vulnerabilities in 1 packageNameVersion IDFix Versions Description----------- -------------- ------------ --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------Flask 0.5PYSEC-2019-179 1.0The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656.Flask 0.5PYSEC-2018-660.12.3The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083.审计JSON格式依赖:
$ pip-audit -f json | jqFound 2 known vulnerabilities in 1 package[{"name": "flask","version": "0.5","vulns": [{"id": "PYSEC-2019-179","fix_versions": ["1.0"],"description": "The Pallets Project Flask before 1.0 is affected by: unexpected memory usage. The impact is: denial of service. The attack vector is: crafted encoded JSON data. The fixed version is: 1. NOTE: this may overlap CVE-2018-1000656."},{"id": "PYSEC-2018-66","fix_versions": ["0.12.3"],"description": "The Pallets Project flask version Before 0.12.3 contains a CWE-20: Improper Input Validation vulnerability in flask that can result in Large amount of memory usage possibly leading to denial of service. This attack appear to be exploitable via Attacker provides JSON data in incorrect encoding. This vulnerability appears to have been fixed in 0.12.3. NOTE: this may overlap CVE-2019-1010083."}]},{"name": "jinja2","version": "3.0.2","vulns": []},{"name": "pip","version": "21.3.1","vulns": []},{"name": "setuptools","version": "57.4.0","vulns": []},{"name": "werkzeug","version": "2.0.2","vulns": []},{"name": "markupsafe","version": "2.0.1","vulns": []}]

【一>所有资源关注我 , 私信回复“资料”获取<一】
1、网络安全学习路线
2、电子书籍(白帽子)
3、安全大厂内部视频
4、100份src文档
5、常见安全面试题
6、ctf大赛经典题目解析
7、全套工具包
8、应急响应笔记
审计并尝试自动审计存在漏洞的依赖:
$ pip-audit --fixFound 2 known vulnerabilities in 1 package and fixed 2 vulnerabilities in 1 packageNameVersion IDFix Versions Applied Fix----- ------- -------------- ------------ ----------------------------------------flask 0.5PYSEC-2019-179 1.0Successfully upgraded flask (0.5 => 1.0)flask 0.5PYSEC-2018-660.12.3Successfully upgraded flask (0.5 => 1.0)许可证协议【漏洞扫描工具有哪些 常用web漏洞扫描工具推荐】本项目的开发与发布遵循 Apache 2.0开源许可证协议 。

推荐阅读


上一篇:linux怎么安装软件包 linux基础入门知识

下一篇:传京东已收购德邦快递 老崔泪洒当场