PRP: Dolibarr ERP fingerprint db and update scripts

google / tsunami-security-scanner-plugins

This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.

Apache License 2.0

860 stars 178 forks source link

PRP: Dolibarr ERP fingerprint db and update scripts #333

Open vishwaraj101 opened 11 months ago

vishwaraj101 commented 11 months ago

This will detect the instances of Dolibarr Dolibarr is an Open Source ERP & CRM for business for SMEs, Large Companies, Freelancers, Foundations) It is currently used by 5000+ instances as per shodan query

This will detect the dolibarr version from 6-18.0.0

tooryx commented 5 months ago

Hi @vishwaraj101,

Thanks for your request! This vulnerability is in scope for the reward program. Please submit our participation form and you can start working on the development.

Please keep in mind that the Tsunami Scanner Team will only be able to work at one issue at a time for each participant so please hold on the implementation work for any other requests you might have.

Thanks!

vishwaraj101 commented 5 months ago

Thanks

tooryx commented 4 months ago

Hi @vishwaraj101,

Did you push your changes? I do not see a PR associated with this request.

~tooryx

vishwaraj101 commented 4 months ago

Hi @tooryx I am new to this could you please guide me where to get started to start changing the files ?

vishwaraj101 commented 4 months ago

Hi @tooryx you can point me toward appropriate resource and i will begin implementing this. Let me know

tooryx commented 4 months ago

Hi @vishwaraj101,

Please see https://github.com/google/tsunami-security-scanner-plugins/issues/134#issuecomment-1095307025

~tooryx

vishwaraj101 commented 4 months ago

hi @tooryx checked 134 comment sorry to bother you again i am still not getting how to properly contribute to the tsunami plugin i mean what i read i understood partially but would appreciate something like step by step process to contribute to

tooryx commented 4 months ago

I will try to provide more details when I have a bit more time

vishwaraj101 commented 4 months ago

Hi @tooryx could you please help me unblock on this after this i will be on my own since this is my first time but i do feel tsunami contribution could have been made less complex!

tooryx commented 4 months ago

Hi @vishwaraj101,

Here is an example of a fingerprint PR: https://github.com/google/tsunami-security-scanner-plugins/pull/326/files The most important one if the update.sh that will pull the docker images for the application and generate the fingerprints for it. The .binproto file should be generated by the update.sh for every version in versions.txt

~tooryx

vishwaraj101 commented 4 months ago

hi @tooryx the person has customised the update.sh file according to the drupal case it's not straight forward ctrl +c ctrl +v what if the project don't have the docker image then ?

tooryx commented 4 months ago

In case you still have questions on the fingerprint development process, you can also refer to the documentation we have for it: https://github.com/google/tsunami-security-scanner-plugins/blob/master/google/fingerprinters/web/README.md