Commit Graph

62 Commits (438f8ada6101bb4c71a9b2123a29f3714097671b)

Author SHA1 Message Date
Vincent Gilles 438f8ada61 Feat: add debug_print_backtrace to the list of info leak indicators 2020-10-02 10:50:53 +02:00
Swissky e23636ae70
Github Action - CodeQL 2020-10-01 10:52:51 +02:00
Swissky f2df2acd6d XXE / SSRF / Cookies and more use-cases 2020-09-29 14:08:36 +02:00
Swissky 95fbef209c Cryptographic hash, random and info leak 2020-06-15 20:11:43 +02:00
Swissky 31962bee50 pcntl_exec + server side template injection 2020-01-16 23:33:55 +01:00
Swissky db89689cde Test case with MD5 hash 2020-01-11 00:13:17 +01:00
Swissky a0be9801bf
Update README.md 2020-01-11 00:08:09 +01:00
Swissky ee2c747c6c High entropy string detection + code refactor add_vuln() 2020-01-11 00:06:47 +01:00
Swissky e3b1d7fb3c Fix maximum recursion error + catch hardcoded password in define() 2020-01-09 22:59:26 +01:00
Swissky 4f985f9709
Update README.md 2019-11-13 23:02:45 +01:00
Swissky 4911f157c5
SPONSOR - Adding sponsor button 2019-09-22 16:12:30 +02:00
Swissky 426b6111d9
Merge pull request #8 from tanaydin/pycodestyle
Fixes for errors catch by pycodestyle (except E501)
2019-04-05 18:57:20 +02:00
Swissky ee80485bea
Merge pull request #11 from tanaydin/fixfor-encoding
Fix for encoding files with different encodings.
2019-04-05 18:52:46 +02:00
tanaydin sirin 5b98259818
Merge branch 'master' into pycodestyle 2019-04-05 17:36:27 +02:00
Tanaydin Sirin d363731e80 Fix for encoding files with different encodings. 2019-04-05 17:32:25 +02:00
Tanaydin Sirin fe8786101a Fixes for errors by pycodestyle (except E501) to run it
pycodestyle . --ignore=E501
2019-04-05 16:32:45 +02:00
Swissky 659b6a1e2c
Merge pull request #7 from tanaydin/python3
Reformated files for python3, changed some function calls.
2019-04-05 15:52:12 +02:00
Tanaydin Sirin b3734a43f7 Python3 fix for directory not found error. 2019-04-05 15:43:04 +02:00
Tanaydin Sirin be2d110578 Reformated files for python3, changed some function calls. 2019-04-05 15:38:57 +02:00
Swissky def6aaf64f
Merge pull request #6 from tanaydin/plain_output
Added --plain output to exporter
2019-04-05 15:34:01 +02:00
Tanaydin Sirin 8e67f536cc Added --plain output to exporter, it works with files so it is logical to make it plain all time. 2019-04-05 15:22:22 +02:00
Swissky 9c91219532
Merge pull request #5 from tanaydin/plain_output
Better output for file.
2019-04-05 15:16:13 +02:00
tanaydin sirin 6732d43099
Merge pull request #3 from tanaydin/plain_output
Better output for file.
2019-04-05 15:12:49 +02:00
Tanaydin Sirin 0703843c4e Better output for file. 2019-04-05 15:11:57 +02:00
Swissky 6d452748ec
Merge pull request #4 from tanaydin/plain_output
Adds --plain for plain output.
2019-04-05 15:11:46 +02:00
Swissky 7a0bc642a8
Merge pull request #3 from tanaydin/patch-1
Fix for "unbalanced parenthesis"
2019-04-05 15:10:03 +02:00
tanaydin sirin bf86549569
Merge pull request #2 from tanaydin/plain_output
Adds --plain for plain output.
2019-04-05 14:27:14 +02:00
tanaydin sirin 07dd6eddf4
Merge pull request #1 from tanaydin/patch-1
Update functions.py
2019-04-05 14:26:46 +02:00
Tanaydin Sirin 8c425bd30d Adds --plain for plain output. 2019-04-05 14:25:05 +02:00
tanaydin sirin 18b352fe71
Update functions.py
I was getting "sre_constants.error: unbalanced parenthesis". This small comment escapes current vulnerability to keep regular expressions happy.
2019-04-05 12:47:17 +02:00
Swissky 7e1d2a35b8 Hardcoded credential 2017-11-20 21:56:02 +01:00
Swissky 5ea956e411 False positive check $xx='const'; 2017-11-14 13:45:07 +01:00
Swissky b062f507a8 zsh:1: command not found: q 2017-11-14 13:24:19 +01:00
Swissky 3e5e9ca74e Check for constant var 2017-11-14 11:10:21 +01:00
Swissky 02afeab9cd Export script 2017-11-14 09:07:12 +01:00
Swissky e280f50e0f Bugfix - Opening inexistent file 2017-11-12 13:42:25 +01:00
Swissky ca3fba1758 More indicators : Header injection , URL redirect, SQL etc 2017-08-05 15:23:40 +02:00
Swissky 626c3581b8 BUGFIX - Colored variable badly displayed when count>2 2017-06-06 22:51:01 +02:00
Swissky bd2d77b6c9 BUGFIX - Only the nth occurence var is colored if dup vuln 2017-06-05 22:56:23 +02:00
Swissky 37887b7635 BUGFIX - False positive for declaration $var = pgconnect 2017-06-05 21:15:38 +02:00
Swissky 1289809b15 BUGFIX - Detection for var as for($something as $else) 2017-06-05 20:18:48 +02:00
Swissky fddb914e38 FEATURE - Vulnerability and file count 2017-06-05 19:10:25 +02:00
Swissky 4ad8f01911 FEATURE: XPATH,LDAP,Assert, PGSQLi detection added 2017-05-29 22:02:00 +02:00
Swissky 7aa1fd26b9 FEATURE - XSS detection with print 2017-05-28 23:23:07 +02:00
Swissky a21792a585 FEATURE - SQL injection PDO detection 2017-05-28 23:15:33 +02:00
Swissky 5160b19e1b FEATURE : PHP object injection detection 2017-05-28 22:42:28 +02:00
Swissky c75f1eb415 Bugfix - Constant init var fixed 2017-05-28 22:11:40 +02:00
Swissky 012581e641 Bugfix - "POST and POST" now detected as 2 vulns 2017-05-28 20:58:07 +02:00
Swissky d8b39c37db License added 2017-05-27 21:05:28 +02:00
Swissky 07b302e184 Feature - check declaration for false positive 2017-05-27 03:15:49 +02:00