2017-05-14 20:56:38 +00:00
|
|
|
|
# PHP_Code_Static_Analysis
|
|
|
|
|
Basic script to detect vulnerabilities into a PHP source code
|
2017-05-21 15:59:11 +00:00
|
|
|
|
```bash
|
|
|
|
|
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis ‹master*›
|
|
|
|
|
╰─$ python index.py --dir test
|
|
|
|
|
------------------------------------------------------------
|
|
|
|
|
Analyzing 'test' source code
|
|
|
|
|
------------------------------------------------------------
|
|
|
|
|
Potential vulnerability found : File Inclusion
|
|
|
|
|
Line 19 in test/include.php
|
|
|
|
|
Code : include($_GET['patisserie'])
|
|
|
|
|
------------------------------------------------------------
|
|
|
|
|
Potential vulnerability found : Insecure E-mail
|
|
|
|
|
Line 2 in test/mail.php
|
|
|
|
|
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
|
|
|
|
|
Declared at line 1 : $dest = $_GET['who'];
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Currently detecting :
|
|
|
|
|
- SQL injection
|
|
|
|
|
- Local File Inclusion
|
|
|
|
|
- Insecure emails
|
|
|
|
|
- Cross Site Scripting
|
2017-08-05 13:23:40 +00:00
|
|
|
|
- Remote Commands Execution
|
|
|
|
|
- LDAP injection
|
|
|
|
|
- XPATH injection
|
|
|
|
|
- Header injection
|
|
|
|
|
- URL redirection
|
|
|
|
|
|
|
|
|
|
Don't forget to read the [license](/LICENSE) ;)
|