One of the lesser checked but more serious OWASP Top 10 vulnerabilities is the use of libraries or modules with known vulnerabilities. This can often mean versions of web frameworks that are out of date, but it also includes JavaScript libraries that perform specific functions. In this circumstance, we are checking jQuery; I have checked other libraries with this script but for the purposes of an example, but I will stick to jQuery.
We will create a script that identifies whether a site uses jQuery, retrieve it's version number, and then compare that against the latest version number to determine whether it is up to date.
The following is our script:
import requests
import re
from bs4 import BeautifulSoup
import sys
scripts = []
if len(sys.argv) != 2:
print "usage: %s url" % (sys.argv[0])
sys.exit(0)
tarurl = sys.argv[1]
url = requests.get(tarurl)
soup = BeautifulSoup(url.text)
for line in soup.find_all('script'):
newline = line.get('src')
scripts.append...