Hardcoded credential

2017-11-20 21:56:02 +01:00 · 2017-11-20 21:56:02 +01:00 · 7e1d2a35b8
parent 5ea956e411
commit 7e1d2a35b8
4 changed files with 38 additions and 1 deletions
--- a/README.md
+++ b/README.md
@ -26,5 +26,8 @@ Currently detecting :
 - XPATH injection
 - Header injection
 - URL redirection
+ - Hardcoded credential
+
+> if you want to export each vulnerabilities type into a folder use the "export.sh"

 Don't forget to read the [license](/LICENSE) ;)
--- a/detection.py
+++ b/detection.py
@ -18,7 +18,35 @@ def analysis(path):
    content = content_file.read()
    content = clean_source_and_format(content)

-    # Detection of RCE/SQLI/LFI/RFI/RFU/XSS
+    # Hardcoded credentials (work as an exception, it's not function based)
+    credz = ['pass', 'secret', 'token', 'pwd']
+    for credential in credz:
+
+         content_pure = content.replace(' ','')
+         regex = re.compile("\$"+credential+".*?=[\"|'][^\$]+[\"|']", re.I)
+         matches = regex.findall(content_pure)
+
+         # If we find a variable with a constant for a given indicator
+         for vuln_content in matches:
+             payload = ["","Hardcoded Credential",[]]
+
+             # Get the line
+             line_vuln = -1
+             splitted_content = content.split('\n')
+             for i in range(len( splitted_content )):
+                 regex = re.compile("\$"+credential+".*?=", re.I)
+                 matches = regex.findall(splitted_content[i])
+                 if len(matches) > 0:
+                     line_vuln = i
+
+             declaration_text = vuln_content
+             line_declaration = str(line_vuln)
+             occurence = 1
+
+             display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vuln_content, occurence)
+
+
+    # Detection of RCE/SQLI/LFI/RFI/RFU/XSS/...
    for payload in payloads:
      regex   = re.compile(payload[0]+regex_indicators)
      matches = regex.findall(content)
--- a/export.sh
+++ b/export.sh
@ -12,6 +12,7 @@ cat Report/exported.txt | grep "Insecure E-mail" -A4 > Report/Insecure_E-mail.tx
 cat Report/exported.txt | grep "PHP Object Injection" -A4 > Report/PHP_Object_Injection.txt
 cat Report/exported.txt | grep "Header Injection" -A4 > Report/Header_Injection.txt
 cat Report/exported.txt | grep "URL Redirection" -A4 > Report/URL_Redirection.txt
+cat Report/exported.txt | grep "Hardcoded Credential" -A4 > Report/Hardcoded_Credential.txt


 echo "Found :"
--- a/test/configuration.php
+++ b/test/configuration.php
@ -6,4 +6,9 @@
 	$DB_PASS = "password";
 	$DB_CHALL_ONE = "graduatecms";
 	$DB_CHALL_TWO = "androidcompare";
+  $secret_flag ="a2'&vkzg%";
+  $token = "1213144142353962062";
+  $pwd   = "mysuper_cr3dz";
+  $pass  = $pwd.$token;
+  $Pass  = "case!nsenSitiveP@ss"
 ?>