07b302e184 | ||
---|---|---|
test | ||
.gitignore | ||
README.md | ||
detection.py | ||
functions.py | ||
index.py | ||
indicators.py |
README.md
PHP_Code_Static_Analysis
Basic script to detect vulnerabilities into a PHP source code
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis ‹master*›
╰─$ python index.py --dir test
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];
Currently detecting :
- SQL injection
- Local File Inclusion
- Insecure emails
- Cross Site Scripting