GLPIScan is now using python3

Add the detection of 5 new plugin
Add of pipenv alternative to standard installation

GLPIScan.py

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
 
 import os, argparse, chalk
 from inc import Config, Infos, Credentials, Files, Plugins
@@ -10,47 +10,47 @@
 print(chalk.white("\\ \\ \\__ \\  \\ \\ \\____  \\ \\  __/ \\ \\ \\  \\ \\___  \\  \\ \\ \\____  \\ \\  __ \\  \\ \\ \\-.  \\ ", bold=True))
 print(chalk.white(" \\ \\_____\\  \\ \\_____\\  \\ \\_\\    \\ \\_\\  \\/\\_____\\  \\ \\_____\\  \\ \\_\\ \\_\\  \\ \\_\\\"\\_\\", bold=True))
 print(chalk.white("  \\/_____/   \\/_____/   \\/_/     \\/_/   \\/_____/   \\/_____/   \\/_/\\/_/   \\/_/ \\/_/", bold=True))
-print(chalk.white("                                                      v1.1 contact[@]digitemis.com\n\n\n", bold=True))
+print(chalk.white("                                                      v1.2 contact[@]digitemis.com\n\n\n", bold=True))
 
 def parsing():
-	parser = argparse.ArgumentParser(description='GLPI Vulnerability Scanner.')
-	parser.add_argument('-u', dest='url', metavar="url", required=True, help='URL of GLPI application')
-	parser.add_argument('-a', dest='allcheck', action='store_true', default=False, help='Perform allcheck')
-	parser.add_argument('-c', dest='credscheck', action='store_true', default=False, help='Perform Credential Check')
-	parser.add_argument('-C', dest='credsfile', action='store_true', default=False, help='Perform Credential Check with specific wordlist (user:password)')
-	parser.add_argument('-f', dest='filescheck', action='store_true', default=False, help='Perform Files Check')
-	parser.add_argument('-p', dest='pluginscheck', action='store_true', default=False, help='Perform Plugin Check')
-	parser.add_argument('-d', dest='debug', action='store_true', default=False, help='Debug mode')
-	args = parser.parse_args()
-
-	Config.DEBUG = args.debug
-	Config.BASE_URL = args.url
-	Config.ALLCHECK = args.allcheck
-	Config.CREDSCHECK = args.credscheck
-	Config.CREDSFILE = args.credsfile
-	Config.FILESCHECK = args.filescheck
-	Config.PLUGINSCHECK = args.pluginscheck
-
-	if Config.DEBUG:
-		print("[DEBUG] Debug mode : ON")
-		print("[DEBUG] GLPI url : " + Config.BASE_URL)
-		print("[DEBUG] Checking everything : " + str(Config.ALLCHECK))
-		print("[DEBUG] Checking Default Creds : " + str(Config.CREDSCHECK))
-		print("[DEBUG] Checking Default File : " + str(Config.FILESCHECK))
-		print("[DEBUG] Checking Default Plugins : " + str(Config.PLUGINSCHECK))
-		print("")
+    parser = argparse.ArgumentParser(description='GLPI Vulnerability Scanner.')
+    parser.add_argument('-u', dest='url', metavar="url", required=True, help='URL of GLPI application')
+    parser.add_argument('-a', dest='allcheck', action='store_true', default=False, help='Perform allcheck')
+    parser.add_argument('-c', dest='credscheck', action='store_true', default=False, help='Perform Credential Check')
+    parser.add_argument('-C', dest='credsfile', action='store_true', default=False, help='Perform Credential Check with specific wordlist (user:password)')
+    parser.add_argument('-f', dest='filescheck', action='store_true', default=False, help='Perform Files Check')
+    parser.add_argument('-p', dest='pluginscheck', action='store_true', default=False, help='Perform Plugin Check')
+    parser.add_argument('-d', dest='debug', action='store_true', default=False, help='Debug mode')
+    args = parser.parse_args()
+
+    Config.DEBUG = args.debug
+    Config.BASE_URL = args.url
+    Config.ALLCHECK = args.allcheck
+    Config.CREDSCHECK = args.credscheck
+    Config.CREDSFILE = args.credsfile
+    Config.FILESCHECK = args.filescheck
+    Config.PLUGINSCHECK = args.pluginscheck
+
+    if Config.DEBUG:
+        print("[DEBUG] Debug mode : ON")
+        print("[DEBUG] GLPI url : " + Config.BASE_URL)
+        print("[DEBUG] Checking everything : " + str(Config.ALLCHECK))
+        print("[DEBUG] Checking Default Creds : " + str(Config.CREDSCHECK))
+        print("[DEBUG] Checking Default File : " + str(Config.FILESCHECK))
+        print("[DEBUG] Checking Default Plugins : " + str(Config.PLUGINSCHECK))
+        print("")
 
 def main():
-	parsing()
-	print(chalk.white("[+] GLPI Scan start : " + Config.BASE_URL + "\n", bold=True))
-	if (Infos.UrlCheck().getInfo()):
-		if (Config.ALLCHECK or Config.CREDSCHECK):
-			Credentials.CredentialsCheck().credentials()
+    parsing()
+    print(chalk.white("[+] GLPI Scan start : " + Config.BASE_URL + "\n", bold=True))
+    if (Infos.UrlCheck().getInfo()):
+        if (Config.ALLCHECK or Config.CREDSCHECK):
+            Credentials.CredentialsCheck().credentials()
 
-		if (Config.ALLCHECK or Config.FILESCHECK):
-			Files.FilesCheck().files()
+        if (Config.ALLCHECK or Config.FILESCHECK):
+            Files.FilesCheck().files()
 
-		if (Config.ALLCHECK or Config.PLUGINSCHECK):
-			Plugins.PluginsCheck().plugins()
+        if (Config.ALLCHECK or Config.PLUGINSCHECK):
+            Plugins.PluginsCheck().plugins()
 
 main()

Pipfile

@@ -0,0 +1,15 @@
+[[source]]
+name = "pypi"
+url = "https://pypi.org/simple"
+verify_ssl = true
+
+[dev-packages]
+
+[packages]
+pychalk = ">=2.0.1"
+requests = ">=2.18.4"
+urllib3 = ">=1.22"
+packaging = ">=19.0"
+
+[requires]
+python_version = "3"

README.md

@@ -4,20 +4,32 @@ GLPIScan is a vulnerability scanner for GLPI.
 
 ## Prerequisites
 
+GLPIScan has been developped for python3.
+
 * pychalk >= 2.0.1 - Recommended: latest 
 * requests >= 2.18.4 - Recommended: latest 
 * urllib3 >= 1.22 - Recommended: latest 
 * packaging >= 19.0 - Recommended: latest 
 
 ## Installation
 
-In order to install GLPIScan, you only need to clone the repository, and install the python dependencies using the requirements.txt
+2 possiblities is offered to install and use GLPIScan
 
+### Classic installation
+In order to install GLPIScan, you only need to clone the repository, and install the python dependencies using the requirements.txt
 
 ```bash
 $ pip install -r requirements.txt
 ```
 
+### Pipenv installation
+It is also possible to use pipenv in order to install all dependencies inside a virtual environnment :
+```bash
+$ python3 -m pip install pipenv 
+$ python3 -m pipenv install
+$ python3 -m pipenv shell
+```
+
 ## Usage
 
 List of options :
@@ -40,7 +52,7 @@ optional arguments:
 Most common usage :
 
 ```bash
-$ python GLPIScan.py -u http://glpi/ -a
+$ python3 GLPIScan.py -u http://glpi/ -a
 ```
 
 ## Further configuration

inc/AjaxTelemetry.py

@@ -1,23 +1,21 @@
-#!/usr/bin/python
-
-import Config
+from inc import Config
 
 import chalk
 
 class AjaxTelemetry:
 
-	def getPluginVersion(self, info, name):
-		try:
-			for plugin in Config.AJAX_TELEMETRY['glpi']['plugins']:
-				if plugin['key'] == name:
-					print(chalk.white('\t[+] Version of [', bold=True) + chalk.yellow(info[1], bold=True) + chalk.white('] : [', bold=True) + chalk.yellow(plugin['version'], bold=True) + chalk.white(']', bold=True))
-					return plugin['version']
-		except:
-			return False
+    def getPluginVersion(self, info, name):
+        try:
+            for plugin in Config.AJAX_TELEMETRY['glpi']['plugins']:
+                if plugin['key'] == name:
+                    print(chalk.white('\t[+] Version of [', bold=True) + chalk.yellow(info[1], bold=True) + chalk.white('] : [', bold=True) + chalk.yellow(plugin['version'], bold=True) + chalk.white(']', bold=True))
+                    return plugin['version']
+        except:
+            return False
 
-	def getGLPIVersion(self):
-		try:
-			Config.VERSION = Config.AJAX_TELEMETRY['glpi']['version']
-			return True
-		except:
-			return False
+    def getGLPIVersion(self):
+        try:
+            Config.VERSION = Config.AJAX_TELEMETRY['glpi']['version']
+            return True
+        except:
+            return False