2020-09-29 12:08:36 +00:00
|
|
|
|
# VulnyCode - PHP Code Static Analysis [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=VulnyCode%20-%20PHP%20Code%20Static%20Analysis&url=https://github.com/swisskyrepo/Vulny-Code-Static-Analysis)
|
2019-11-13 22:02:45 +00:00
|
|
|
|
|
2020-09-29 12:08:36 +00:00
|
|
|
|
![1.0.0](https://img.shields.io/badge/Version-1.0.0%20Beta-RED) ![Python](https://img.shields.io/badge/Python-3.4+-GREEN) ![Platform](https://img.shields.io/badge/Platforms-Linux%20x64-yellowgreen)
|
2019-11-13 22:02:45 +00:00
|
|
|
|
|
2020-01-09 21:54:56 +00:00
|
|
|
|
Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.
|
|
|
|
|
|
2017-05-21 15:59:11 +00:00
|
|
|
|
```bash
|
2020-09-29 12:08:36 +00:00
|
|
|
|
# HELP
|
2017-05-21 15:59:11 +00:00
|
|
|
|
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis ‹master*›
|
2020-09-29 12:08:36 +00:00
|
|
|
|
╰─$ python3 index.py
|
|
|
|
|
usage: index.py [-h] [--dir DIR] [--plain]
|
|
|
|
|
|
|
|
|
|
optional arguments:
|
|
|
|
|
-h, --help show this help message and exit
|
|
|
|
|
--dir DIR Directory to analyse
|
|
|
|
|
--plain No color in output
|
|
|
|
|
|
|
|
|
|
# Example
|
|
|
|
|
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis ‹master*›
|
|
|
|
|
╰─$ python3 index.py --dir test
|
2017-05-21 15:59:11 +00:00
|
|
|
|
------------------------------------------------------------
|
|
|
|
|
Analyzing 'test' source code
|
|
|
|
|
------------------------------------------------------------
|
|
|
|
|
Potential vulnerability found : File Inclusion
|
|
|
|
|
Line 19 in test/include.php
|
|
|
|
|
Code : include($_GET['patisserie'])
|
|
|
|
|
------------------------------------------------------------
|
|
|
|
|
Potential vulnerability found : Insecure E-mail
|
|
|
|
|
Line 2 in test/mail.php
|
|
|
|
|
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
|
|
|
|
|
Declared at line 1 : $dest = $_GET['who'];
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Currently detecting :
|
2020-09-29 12:08:36 +00:00
|
|
|
|
- Arbitrary Cookie
|
|
|
|
|
- Arbitrary File Deletion
|
|
|
|
|
- Arbitrary Variable Overwrite
|
|
|
|
|
- Cross Site Scripting
|
|
|
|
|
- File Inclusion
|
|
|
|
|
- File Inclusion / Path Traversal
|
|
|
|
|
- File Upload
|
|
|
|
|
- Header Injection
|
|
|
|
|
- Information Leak
|
|
|
|
|
- Insecure E-mail
|
|
|
|
|
- Insecure Weak Random
|
|
|
|
|
- LDAP Injection
|
|
|
|
|
- PHP Object Injection
|
|
|
|
|
- Remote Code Execution
|
|
|
|
|
- Remote Command Execution
|
|
|
|
|
- Server Side Request Forgery
|
|
|
|
|
- Server Side Template Injection
|
|
|
|
|
- SQL Injection
|
|
|
|
|
- URL Redirection
|
|
|
|
|
- Weak Cryptographic Hash
|
|
|
|
|
- XML external entity
|
|
|
|
|
- XPATH Injection
|
|
|
|
|
- Hardcoded credentials
|
|
|
|
|
- High Entropy string
|
2017-11-20 20:56:02 +00:00
|
|
|
|
|
|
|
|
|
> if you want to export each vulnerabilities type into a folder use the "export.sh"
|
2017-08-05 13:23:40 +00:00
|
|
|
|
|
|
|
|
|
Don't forget to read the [license](/LICENSE) ;)
|
2020-09-29 12:08:36 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
|
## Alternatives
|
|
|
|
|
|
|
|
|
|
* [RIPS - A static source code analyser for vulnerabilities in PHP scripts](https://blog.ripstech.com/2016/introducing-the-rips-analysis-engine/)
|
|
|
|
|
* [Cobra - Source Code Security Audit](https://github.com/WhaleShark-Team/cobra)
|
|
|
|
|
* [PHP parser written in Python using PLY](https://github.com/viraptor/phply)
|
|
|
|
|
* [Psalm - A static analysis tool for finding errors in PHP applications](https://psalm.dev/docs/security_analysis/)
|