Vulny-Code-Static-Analysis/README.md

# VulnyCode - PHP Code Static Analysis [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=VulnyCode%20-%20PHP%20Code%20Static%20Analysis&url=https://github.com/swisskyrepo/Vulny-Code-Static-Analysis) - Deprecated

![1.0.0](https://img.shields.io/badge/Version-1.0.0%20Beta-RED) ![Python](https://img.shields.io/badge/Python-3.4+-GREEN) ![Platform](https://img.shields.io/badge/Platforms-Linux%20x64-yellowgreen) 


:warning: **Deprecated**, you should use semgrep rules instead of this script: `semgrep --config=./semgrep/ vulns/*.php`
Most of the semgrep rules provided in this repository are from https://github.com/returntocorp/semgrep-rules


Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.

```bash
# HELP
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python3 index.py           
usage: index.py [-h] [--dir DIR] [--plain]

optional arguments:
  -h, --help  show this help message and exit
  --dir DIR   Directory to analyse
  --plain     No color in output

# Example
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python3 index.py --dir vulns    
------------------------------------------------------------
Analyzing 'vulns' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in vulns/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in vulns/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];
```

Currently detecting :
- Arbitrary Cookie
- Arbitrary File Deletion
- Arbitrary Variable Overwrite
- Cross Site Scripting
- File Inclusion
- File Inclusion / Path Traversal
- File Upload
- Header Injection
- Information Leak
- Insecure E-mail
- Insecure Weak Random
- LDAP Injection
- PHP Object Injection
- Remote Code Execution
- Remote Command Execution
- Server Side Request Forgery
- Server Side Template Injection
- SQL Injection
- URL Redirection
- Weak Cryptographic Hash
- XML external entity
- XPATH Injection
- Hardcoded credentials
- High Entropy string

> if you want to export each vulnerabilities type into a folder use the "export.sh"

Don't forget to read the [license](/LICENSE) ;)


## Alternatives

* [RIPS - A static source code analyser for vulnerabilities in PHP scripts](https://blog.ripstech.com/2016/introducing-the-rips-analysis-engine/)
* [Cobra - Source Code Security Audit](https://github.com/WhaleShark-Team/cobra)
* [PHP parser written in Python using PLY](https://github.com/viraptor/phply)
* [Psalm - A static analysis tool for finding errors in PHP applications](https://psalm.dev/docs/security_analysis/)
-												Semgrep rules to replace this script

											
										
										
											2022-04-30 13:00:48 +00:00
+								# VulnyCode - PHP Code Static Analysis [![Tweet](https://img.shields.io/twitter/url/http/shields.io.svg?style=social)](https://twitter.com/intent/tweet?text=VulnyCode%20-%20PHP%20Code%20Static%20Analysis&url=https://github.com/swisskyrepo/Vulny-Code-Static-Analysis) - Deprecated
-												Update README.md
											
										
										
											2019-11-13 22:02:45 +00:00
-												XXE / SSRF / Cookies and more use-cases

											
										
										
											2020-09-29 12:08:36 +00:00
+								![1.0.0](https://img.shields.io/badge/Version-1.0.0%20Beta-RED) ![Python](https://img.shields.io/badge/Python-3.4+-GREEN) ![Platform](https://img.shields.io/badge/Platforms-Linux%20x64-yellowgreen)
-												Update README.md
											
										
										
											2019-11-13 22:02:45 +00:00
-												Semgrep rules to replace this script

											
										
										
											2022-04-30 13:00:48 +00:00
 								:warning: **Deprecated**, you should use semgrep rules instead of this script: `semgrep --config=./semgrep/ vulns/*.php`
 								Most of the semgrep rules provided in this repository are from https://github.com/returntocorp/semgrep-rules
-												Fix maximum recursion error + catch hardcoded password in define()

											
										
										
											2020-01-09 21:54:56 +00:00
+								Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.
-												Display function cleaned

											
										
										
											2017-05-21 15:59:11 +00:00
+								```bash
-												XXE / SSRF / Cookies and more use-cases

											
										
										
											2020-09-29 12:08:36 +00:00
+								# HELP
-												Display function cleaned

											
										
										
											2017-05-21 15:59:11 +00:00
+								╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
-												XXE / SSRF / Cookies and more use-cases

											
										
										
											2020-09-29 12:08:36 +00:00
+								╰─$ python3 index.py
 								usage: index.py [-h] [--dir DIR] [--plain]
 								optional arguments:
 								  -h, --help  show this help message and exit
 								  --dir DIR   Directory to analyse
 								  --plain     No color in output
 								# Example
 								╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
-												Semgrep rules to replace this script

											
										
										
											2022-04-30 13:00:48 +00:00
+								╰─$ python3 index.py --dir vulns
-												Display function cleaned

											
										
										
											2017-05-21 15:59:11 +00:00
+								------------------------------------------------------------
-												Semgrep rules to replace this script

											
										
										
											2022-04-30 13:00:48 +00:00
+								Analyzing 'vulns' source code
-												Display function cleaned

											
										
										
											2017-05-21 15:59:11 +00:00
+								------------------------------------------------------------
 								Potential vulnerability found : File Inclusion
-												Semgrep rules to replace this script

											
										
										
											2022-04-30 13:00:48 +00:00
+								Line 19 in vulns/include.php
-												Display function cleaned

											
										
										
											2017-05-21 15:59:11 +00:00
+								Code : include($_GET['patisserie'])
 								------------------------------------------------------------
 								Potential vulnerability found : Insecure E-mail
-												Semgrep rules to replace this script

											
										
										
											2022-04-30 13:00:48 +00:00
+								Line 2 in vulns/mail.php
-												Display function cleaned

											
										
										
											2017-05-21 15:59:11 +00:00
+								Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
 								Declared at line 1 : $dest = $_GET['who'];
 								```
 								Currently detecting :
-												XXE / SSRF / Cookies and more use-cases

											
										
										
											2020-09-29 12:08:36 +00:00
+								- Arbitrary Cookie
 								- Arbitrary File Deletion
 								- Arbitrary Variable Overwrite
 								- Cross Site Scripting
 								- File Inclusion
 								- File Inclusion / Path Traversal
 								- File Upload
 								- Header Injection
 								- Information Leak
 								- Insecure E-mail
 								- Insecure Weak Random
 								- LDAP Injection
 								- PHP Object Injection
 								- Remote Code Execution
 								- Remote Command Execution
 								- Server Side Request Forgery
 								- Server Side Template Injection
 								- SQL Injection
 								- URL Redirection
 								- Weak Cryptographic Hash
 								- XML external entity
 								- XPATH Injection
 								- Hardcoded credentials
 								- High Entropy string
-												Hardcoded credential

											
										
										
											2017-11-20 20:56:02 +00:00
 								> if you want to export each vulnerabilities type into a folder use the "export.sh"
-												More indicators : Header injection , URL redirect, SQL etc

											
										
										
											2017-08-05 13:23:40 +00:00
 								Don't forget to read the [license](/LICENSE) ;)
-												XXE / SSRF / Cookies and more use-cases

											
										
										
											2020-09-29 12:08:36 +00:00
 								## Alternatives
 								* [RIPS - A static source code analyser for vulnerabilities in PHP scripts](https://blog.ripstech.com/2016/introducing-the-rips-analysis-engine/)
 								* [Cobra - Source Code Security Audit](https://github.com/WhaleShark-Team/cobra)
 								* [PHP parser written in Python using PLY](https://github.com/viraptor/phply)
 								* [Psalm - A static analysis tool for finding errors in PHP applications](https://psalm.dev/docs/security_analysis/)