We've got a standard PHP-based shared hosting for some non-profit organizations. Users can upload over FTP any PHP apps, and we're worrying that some of them aren't properly maintained, f.e. updated.
Are there any scripts or programs that could automatically find what apps are installed, where are they and what versions?
I'd imagine them to work like anti-virus scanners, that is: have a database of "signatures" (for example a set of strings to be matched against .php files). It has been suggested that simple md5/sha1 sums won't work, as many of the configuration files are modified by user.
You may have some luck with a vulnerability scanner like Nitko2, Nessus, Wapiti or SkipFish. They'll likely have the ability to finger what applications are installed, and more importantly, tell you if any of them are vulnerable to any known exploits.
There's nothing already written that will do this out of the box. If you are worried about specific software packages, you can easily do this with some shell scripts.
I'd worry more about ensuring the users cannot do any harm to each other, and that you have working backups of all the sites.