Hardcoded credential

pull/3/head
Swissky 2017-11-20 21:56:02 +01:00
parent 5ea956e411
commit 7e1d2a35b8
4 changed files with 38 additions and 1 deletions

View File

@ -26,5 +26,8 @@ Currently detecting :
- XPATH injection - XPATH injection
- Header injection - Header injection
- URL redirection - URL redirection
- Hardcoded credential
> if you want to export each vulnerabilities type into a folder use the "export.sh"
Don't forget to read the [license](/LICENSE) ;) Don't forget to read the [license](/LICENSE) ;)

View File

@ -18,7 +18,35 @@ def analysis(path):
content = content_file.read() content = content_file.read()
content = clean_source_and_format(content) content = clean_source_and_format(content)
# Detection of RCE/SQLI/LFI/RFI/RFU/XSS # Hardcoded credentials (work as an exception, it's not function based)
credz = ['pass', 'secret', 'token', 'pwd']
for credential in credz:
content_pure = content.replace(' ','')
regex = re.compile("\$"+credential+".*?=[\"|'][^\$]+[\"|']", re.I)
matches = regex.findall(content_pure)
# If we find a variable with a constant for a given indicator
for vuln_content in matches:
payload = ["","Hardcoded Credential",[]]
# Get the line
line_vuln = -1
splitted_content = content.split('\n')
for i in range(len( splitted_content )):
regex = re.compile("\$"+credential+".*?=", re.I)
matches = regex.findall(splitted_content[i])
if len(matches) > 0:
line_vuln = i
declaration_text = vuln_content
line_declaration = str(line_vuln)
occurence = 1
display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vuln_content, occurence)
# Detection of RCE/SQLI/LFI/RFI/RFU/XSS/...
for payload in payloads: for payload in payloads:
regex = re.compile(payload[0]+regex_indicators) regex = re.compile(payload[0]+regex_indicators)
matches = regex.findall(content) matches = regex.findall(content)

View File

@ -12,6 +12,7 @@ cat Report/exported.txt | grep "Insecure E-mail" -A4 > Report/Insecure_E-mail.tx
cat Report/exported.txt | grep "PHP Object Injection" -A4 > Report/PHP_Object_Injection.txt cat Report/exported.txt | grep "PHP Object Injection" -A4 > Report/PHP_Object_Injection.txt
cat Report/exported.txt | grep "Header Injection" -A4 > Report/Header_Injection.txt cat Report/exported.txt | grep "Header Injection" -A4 > Report/Header_Injection.txt
cat Report/exported.txt | grep "URL Redirection" -A4 > Report/URL_Redirection.txt cat Report/exported.txt | grep "URL Redirection" -A4 > Report/URL_Redirection.txt
cat Report/exported.txt | grep "Hardcoded Credential" -A4 > Report/Hardcoded_Credential.txt
echo "Found :" echo "Found :"

View File

@ -6,4 +6,9 @@
$DB_PASS = "password"; $DB_PASS = "password";
$DB_CHALL_ONE = "graduatecms"; $DB_CHALL_ONE = "graduatecms";
$DB_CHALL_TWO = "androidcompare"; $DB_CHALL_TWO = "androidcompare";
$secret_flag ="a2'&vkzg%";
$token = "1213144142353962062";
$pwd = "mysuper_cr3dz";
$pass = $pwd.$token;
$Pass = "case!nsenSitiveP@ss"
?> ?>