swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Vulny-Code-Static-Analysis/README.md

24 lines
831 B
Markdown
Raw Normal View History

Initial commit
2017-05-14 20:56:38 +00:00
# PHP_Code_Static_Analysis
Basic script to detect vulnerabilities into a PHP source code
Display function cleaned
2017-05-21 15:59:11 +00:00
```bash
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis master*
╰─$ python index.py --dir test
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];
```
Currently detecting :
- SQL injection
- Local File Inclusion
- Insecure emails
- Cross Site Scripting