Display function cleaned

2017-05-21 17:59:11 +02:00 · 2017-05-21 17:59:11 +02:00 · 017f1eb5b1
parent f1e06def4c
commit 017f1eb5b1
3 changed files with 38 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -1,2 +1,23 @@
 # PHP_Code_Static_Analysis
 Basic script to detect vulnerabilities into a PHP source code
+```bash
+╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
+╰─$ python index.py --dir test    
+------------------------------------------------------------
+Analyzing 'test' source code
+------------------------------------------------------------
+Potential vulnerability found : File Inclusion
+Line 19 in test/include.php
+Code : include($_GET['patisserie'])
+------------------------------------------------------------
+Potential vulnerability found : Insecure E-mail
+Line 2 in test/mail.php
+Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
+Declared at line 1 : $dest = $_GET['who'];
+```
+
+Currently detecting :
+ - SQL injection
+ - Local File Inclusion
+ - Insecure emails
+ - Cross Site Scripting
--- a/functions.py
+++ b/functions.py
@ -7,17 +7,26 @@ from indicators import *

 # Display the found vulnerability with basic informations like the line
 def display(path,payload,vulnerability,line,declaration_text,declaration_line):
-	print  "-"*60+"\r\n\033[1m"+"Potential vulnerability found : \033[0m\033[92m" + payload[1]+"\033[0m"
-	print  "\033[1mLine \033[0m\033[92m"+line+"\033[0m in "+path
+	print  "-"*80

-	if not "POST" in vulnerability[1] and not "GET" in vulnerability[1]:
-		print  "\033[1mCode : \033[0m"+payload[0]+'('+vulnerability[0]+"\033[93m"+vulnerability[1]+"\033[0m"+vulnerability[2]+')'
+	# Potential vulnerability found :  SQL Injection
+	print ("\033[1mPotential vulnerability found : \033[92m%s\033[0m")%(payload[1])
+
+	# Line  25  in test/sqli.php
+	print  ("\033[1mLine \033[0m\033[92m%s\033[0m in %s")%(line,path)
+
+	# Code : include($_GET['patisserie'])
+	vuln = vulnerability[0]+"\033[93m"+vulnerability[1]+"\033[0m"+vulnerability[2]
+	print ("\033[1mCode : \033[0m%s(%s)") % (payload[0], vuln)
+
+	# Declared at line 1 : $dest = $_GET['who'];
+	if not "$_" in vulnerability[1]:
 		if declaration_text != "":
 			print "\033[1mDeclared at line \033[0;92m"+declaration_line+"\033[0m : "+ declaration_text
 		else:
 			print "\033[1mUndeclared \033[0m"+ declaration_text+" in the file"
-	else:
-		print  "\033[1mCode : \033[0m"+payload[0]+'('+vulnerability[0]+"\033[93m"+vulnerability[1]+"\033[0m"+vulnerability[2]+')'
+
+


 # Find the line where the vulnerability is located
@ -30,6 +39,7 @@ def find_line_vuln(path,payload,vulnerability,content):


 # Find the line where the entry point is declared
+# TODO: should be an array of the declaration and modifications
 def find_line_declaration(declaration, content):
 	content = content.split('\n')
 	for i in range(len(content)):
--- a/index.py
+++ b/index.py
@ -7,7 +7,7 @@

 # TODO
 # 1. https://www.ripstech.com/blog/2017/why-mail-is-dangerous-in-php/
-# 2. Parcourir les fichiers en recursif avec les includes et afficher toutes les modifications de la variable
+# 2. Parcourir les fichiers en recursif avec les includes et afficher toutes les modifications de la variable - detecter les constantes
 # BUG du echo()

 import sys