swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

More indicators : Header injection , URL redirect, SQL etc

pull/3/head
Swissky 2017-08-05 15:23:40 +02:00
parent 626c3581b8
commit ca3fba1758
2 changed files with 69 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
README.md
View File

@ -21,3 +21,10 @@ Currently detecting :
- Local File Inclusion
- Insecure emails
- Cross Site Scripting
- Remote Commands Execution
- LDAP injection
- XPATH injection
- Header injection
- URL redirection
Don't forget to read the [license](/LICENSE) ;)

65
indicators.py
View File

@ -6,6 +6,8 @@ regex_indicators = '\((.*?)(\$_GET\[.*?\]|\$_FILES\[.*?\]|\$_POST\[.*?\]|\$_REQU
# Function_Name:String, Vulnerability_Name:String, Protection_Function:Array
payloads = [
# Remote Command Execution
["eval","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["popen","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["system","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
@ -13,13 +15,17 @@ payloads = [
["exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["shell_exec","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["assert","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["proc_open","Remote Command Execution",["escapeshellarg","escapeshellcmd"]],
["call_user_func","Remote Code Execution",[]],
["call_user_func_array","Remote Code Execution",[]],
["preg_replace","Remote Command Execution",["preg_quote"]],
["ereg_replace","Remote Command Execution",["preg_quote"]],
["eregi_replace","Remote Command Execution",["preg_quote"]],
["mb_ereg_replace","Remote Command Execution",["preg_quote"]],
["mb_eregi_replace","Remote Command Execution",["preg_quote"]],
# File Inclusion / Path Traversal
["virtual","File Inclusion",[]],
["include","File Inclusion",[]],
["require","File Inclusion",[]],
["include_once","File Inclusion",[]],
@ -28,30 +34,83 @@ payloads = [
["readfile","File Inclusion / Path Traversal",[]],
["file_get_contents","File Inclusion / Path Traversal",[]],
["show_source","File Inclusion / Path Traversal",[]],
["highlight_file","File Inclusion / Path Traversal",[]],
["fopen","File Inclusion / Path Traversal",[]],
["file","File Inclusion / Path Traversal",[]],
["fpassthru","File Inclusion / Path Traversal",[]],
["gzopen","File Inclusion / Path Traversal",[]],
["gzfile","File Inclusion / Path Traversal",[]],
["gzpassthru","File Inclusion / Path Traversal",[]],
["readgzfile","File Inclusion / Path Traversal",[]],
# MySQL(i) SQL Injection
["mysql_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_multi_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_send_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_master_query","SQL Injection",["mysql_real_escape_string"]],
["mysql_unbuffered_query","SQL Injection",["mysql_real_escape_string"]],
["mysql_db_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli::real_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_real_query","SQL Injection",["mysql_real_escape_string"]],
["mysqli::query","SQL Injection",["mysql_real_escape_string"]],
["mysqli_query","SQL Injection",["mysql_real_escape_string"]],
# PostgreSQL Injection
["pg_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
["pg_send_query","SQL Injection",["pg_escape_string","pg_pconnect","pg_connect"]],
# SQLite SQL Injection
["sqlite_array_query","SQL Injection",["sqlite_escape_string"]],
["sqlite_exec","SQL Injection",["sqlite_escape_string"]],
["sqlite_query","SQL Injection",["sqlite_escape_string"]],
["sqlite_single_query","SQL Injection",["sqlite_escape_string"]],
["sqlite_unbuffered_query","SQL Injection",["sqlite_escape_string"]],
# PDO SQL Injection
["->arrayQuery","SQL Injection",["->prepare"]],
["->query","SQL Injection",["->prepare"]],
["->queryExec","SQL Injection",["->prepare"]],
["->singleQuery","SQL Injection",["->prepare"]],
["->querySingle","SQL Injection",["->prepare"]],
["->exec","SQL Injection",["->prepare"]],
["->execute","SQL Injection",["->prepare"]],
["->unbufferedQuery","SQL Injection",["->prepare"]],
["->real_query","SQL Injection",["->prepare"]],
["->multi_query","SQL Injection",["->prepare"]],
["->send_query","SQL Injection",["->prepare"]],
# Cubrid SQL Injection
["cubrid_unbuffered_query","SQL Injection",["cubrid_real_escape_string"]],
["cubrid_query","SQL Injection",["cubrid_real_escape_string"]],
# MSSQL SQL Injection : Warning there is not any real_escape_string
["mssql_query","SQL Injection",["mssql_escape"]],
# File Upload
["move_uploaded_file","File Upload",[]],
# Cross Site Scripting
["echo","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
["print","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
["printf","Cross Site Scripting",["htmlentities","htmlspecialchars"]],
# XPATH and LDAP
["xpath","XPATH Injection",[]],
["ldap_search","LDAP Injection",["Zend_Ldap","ldap_escape"]],
# Insecure E-Mail
["mail", "Insecure E-mail",[]],
["unserialize", "PHP Object Injection",[]]
# PHP Objet Injection
["unserialize", "PHP Object Injection",[]],
# Header Injection
["header","Header Injection",[]],
["HttpMessage::setHeaders","Header Injection",[]],
["HttpRequest::setHeaders","Header Injection",[]],
# URL Redirection
["http_redirect","URL Redirection",[]],
["HttpMessage::setResponseCode","URL Redirection",[]],
]