FEATURE - Vulnerability and file count

2017-06-05 19:10:25 +02:00 · 2017-06-05 19:10:25 +02:00 · fddb914e38
parent 4ad8f01911
commit fddb914e38
3 changed files with 31 additions and 22 deletions
--- a/detection.py
+++ b/detection.py
@ -5,9 +5,13 @@ import re
 from indicators import *
 from functions import *

+result_count = 0
+result_files = 0

 # Analyse the source code of a single page
 def analysis(path):
+  global result_files
+  result_files += 1
  with open(path, 'r') as content_file:

    # Clean source for a better detection
@ -43,23 +47,32 @@ def analysis(path):
                # Display all the vuln
                line_vuln = find_line_vuln(path, payload, vuln_content, content)
                if not false_positive:
+                    global result_count
+                    result_count = result_count + 1
                    display(path, payload, vuln_content, line_vuln, declaration_text, line_declaration, vulnerable_var[1])


 # Run thru every files and subdirectories
 def recursive(dir,progress):
-  progress += 1
-  try:
-  	for name in os.listdir(dir):
-  		print('\tAnalyzing : '+'⬛'*progress+'\r'),
+    progress += 1
+    try:
+      for name in os.listdir(dir):
+        print('\tAnalyzing : '+'⬛'*progress+'\r'),

-  		# Targetting only PHP Files
-  		if os.path.isfile(os.path.join(dir, name)):
-  			if ".php" in os.path.join(dir, name):
-  				analysis(dir+"/"+name)
-  		else :
-  			recursive(dir+"/"+name, progress)
+        # Targetting only PHP Files
+        if os.path.isfile(os.path.join(dir, name)):
+            if ".php" in os.path.join(dir, name):
+                analysis(dir+"/"+name)
+        else :
+            recursive(dir+"/"+name, progress)

-  except OSError, e:
-  	print "Error 404 - Not Found, maybe you need more right ?"+" "*30
-  	exit(-1)
+    except OSError, e:
+        print "Error 404 - Not Found, maybe you need more right ?"+" "*30
+        exit(-1)
+
+
+# Display basic informations about the scan
+def scanresults():
+    global result_count
+    global result_files
+    print ("Found {} vulnerabilities in {} files").format(result_count,result_files)
--- a/index.py
+++ b/index.py
@ -9,19 +9,13 @@
 # TODO checker recursivement les vulns dans la déclaration d'une var
 # BUG color var['something']
 # BUG XPATH injection var declaration $employees
-# BUG PGSQL : pg_pconnect / pg_connect detected 
-# TODO count of vuln (passer une var à analysis, recursive et l'incrementer
-"""
-invcount = 0
-def inv_sort (listIn):
-    global invcount
-    invcount += 1
-"""
+# BUG PGSQL : pg_pconnect / pg_connect detected

 import sys
 import argparse
 import os, re
 from detection import *
+from indicators import *

 if __name__ == "__main__":
    parser = argparse.ArgumentParser()
@ -44,5 +38,7 @@ if __name__ == "__main__":
            analysis(results.dir)
        else:
            recursive(results.dir,0)
+        scanresults()
+
    else:
        parser.print_help()
--- a/indicators.py
+++ b/indicators.py
@ -1,6 +1,6 @@
 #!/usr/bin/python
 # -*- coding: utf-8 -*-
-
+ 
 # /!\ Detection Format (.*)function($vuln)(.*) matched by payload[0]+regex_indicators
 regex_indicators = '\((.*?)(\$_GET\[.*?\]|\$_FILES\[.*?\]|\$_POST\[.*?\]|\$_REQUEST\[.*?\]|\$_COOKIES\[.*?\]|\$_SESSION\[.*?\]|\$(?!this|e-)[a-zA-Z0-9_]*)(.*?)\)'