Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
 
 
 
 
Go to file
Swissky 02afeab9cd Export script 2017-11-14 09:07:12 +01:00
test BUGFIX - Detection for var as for($something as $else) 2017-06-05 20:18:48 +02:00
.gitignore Basic refactoring 2017-05-21 15:56:42 +02:00
LICENSE License added 2017-05-27 21:05:28 +02:00
README.md More indicators : Header injection , URL redirect, SQL etc 2017-08-05 15:23:40 +02:00
detection.py BUGFIX - Only the nth occurence var is colored if dup vuln 2017-06-05 22:56:23 +02:00
export.sh Export script 2017-11-14 09:07:12 +01:00
functions.py Bugfix - Opening inexistent file 2017-11-12 13:42:25 +01:00
index.py BUGFIX - Only the nth occurence var is colored if dup vuln 2017-06-05 22:56:23 +02:00
indicators.py More indicators : Header injection , URL redirect, SQL etc 2017-08-05 15:23:40 +02:00

README.md

PHP_Code_Static_Analysis

Basic script to detect vulnerabilities into a PHP source code

╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  master*
╰─$ python index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

  • SQL injection
  • Local File Inclusion
  • Insecure emails
  • Cross Site Scripting
  • Remote Commands Execution
  • LDAP injection
  • XPATH injection
  • Header injection
  • URL redirection

Don't forget to read the license ;)