GLPIScan is a vulnerability scanner for GLPI.
GLPIScan has been developped for python3.
- pychalk >= 2.0.1 - Recommended: latest
- requests >= 2.18.4 - Recommended: latest
- urllib3 >= 1.22 - Recommended: latest
- packaging >= 19.0 - Recommended: latest
2 possiblities is offered to install and use GLPIScan
In order to install GLPIScan, you only need to clone the repository, and install the python dependencies using the requirements.txt
$ pip install -r requirements.txt
It is also possible to use pipenv in order to install all dependencies inside a virtual environnment :
$ python3 -m pip install pipenv
$ python3 -m pipenv install
$ python3 -m pipenv shell
List of options :
usage: GLPIScan.py [-h] -u url [-a] [-c] [-C credsfile] [-f] [-p] [-d]
GLPI Vulnerability Scanner.
optional arguments:
-h, --help show this help message and exit
-u url URL of GLPI application
-a Perform allcheck
-e Perform vunerability Check
-c Perform Credential Check
-C credsfile Perform Credential Check with specific wordlist file (user:password)
-f Perform Files Check
-p Perform Plugin Check
-d Debug mode
Most common usage :
$ python3 GLPIScan.py -u https://glpi/ -a
The inc/Config.py file contain addiditional parameters.
The parameter "PROXY" allow you to configure a proxy :
PROXY = {"http" : "https://127.0.0.1:8080", "https" : "https://127.0.0.1:8080"}
The parameter "HEADER" allow you yo add custom header to each request
HEADERS = {"X-FORWARDED-FOR" : "127.0.0.1"}
The parameter "VERSION" allow you force the version of the scanned GLPI (if you already know the version) :
VERSION = "9.4.0" # for GLPI version 9.4.0