From 7e1d2a35b83f4a3b0e1828dadba6b8f2e2d8257a Mon Sep 17 00:00:00 2001
From: Swissky <swisskysec@protonmail.com>
Date: Mon, 20 Nov 2017 21:56:02 +0100
Subject: [PATCH] Hardcoded credential

---
 README.md              |  3 +++
 detection.py           | 30 +++++++++++++++++++++++++++++-
 export.sh              |  1 +
 test/configuration.php |  5 +++++
 4 files changed, 38 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 27f3a28..7fbafa2 100644
--- a/README.md
+++ b/README.md
@@ -26,5 +26,8 @@ Currently detecting :
  - XPATH injection
  - Header injection
  - URL redirection
+ - Hardcoded credential
+
+> if you want to export each vulnerabilities type into a folder use the "export.sh"
 
 Don't forget to read the [license](/LICENSE) ;)
diff --git a/detection.py b/detection.py
index 487562f..f6d2929 100644
--- a/detection.py
+++ b/detection.py
@@ -18,7 +18,35 @@ def analysis(path):
     content = content_file.read()
     content = clean_source_and_format(content)
 
-    # Detection of RCE/SQLI/LFI/RFI/RFU/XSS
+    # Hardcoded credentials (work as an exception, it's not function based)
+    credz = ['pass', 'secret', 'token', 'pwd']
+    for credential in credz:
+
+         content_pure = content.replace(' ','')
+         regex = re.compile("\$"+credential+".*?=[\"|'][^\$]+[\"|']", re.I)
+         matches = regex.findall(content_pure)
+
+         # If we find a variable with a constant for a given indicator
+         for vuln_content in matches:
+             payload = ["","Hardcoded Credential",[]]
+
+             # Get the line
+             line_vuln = -1
+             splitted_content = content.split('\n')
+             for i in range(len( splitted_content )):
+                 regex = re.compile("\$"+credential+".*?=", re.I)
+                 matches = regex.findall(splitted_content[i])
+                 if len(matches) > 0:
+                     line_vuln = i
+
+             declaration_text = vuln_content
+             line_declaration = str(line_vuln)
+             occurence = 1
+
+             display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vuln_content, occurence)
+
+
+    # Detection of RCE/SQLI/LFI/RFI/RFU/XSS/...
     for payload in payloads:
       regex   = re.compile(payload[0]+regex_indicators)
       matches = regex.findall(content)
diff --git a/export.sh b/export.sh
index 5627285..19790bc 100755
--- a/export.sh
+++ b/export.sh
@@ -12,6 +12,7 @@ cat Report/exported.txt | grep "Insecure E-mail" -A4 > Report/Insecure_E-mail.tx
 cat Report/exported.txt | grep "PHP Object Injection" -A4 > Report/PHP_Object_Injection.txt
 cat Report/exported.txt | grep "Header Injection" -A4 > Report/Header_Injection.txt
 cat Report/exported.txt | grep "URL Redirection" -A4 > Report/URL_Redirection.txt
+cat Report/exported.txt | grep "Hardcoded Credential" -A4 > Report/Hardcoded_Credential.txt
 
 
 echo "Found :"
diff --git a/test/configuration.php b/test/configuration.php
index 9ffc527..045f7a6 100644
--- a/test/configuration.php
+++ b/test/configuration.php
@@ -6,4 +6,9 @@
 	$DB_PASS = "password";
 	$DB_CHALL_ONE = "graduatecms";
 	$DB_CHALL_TWO = "androidcompare";
+  $secret_flag ="a2'&vkzg%";
+  $token = "1213144142353962062";
+  $pwd   = "mysuper_cr3dz";
+  $pass  = $pwd.$token;
+  $Pass  = "case!nsenSitiveP@ss"
  ?>