Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
 
 
 
 
Go to file
Vincent Gilles 438f8ada61 Feat: add debug_print_backtrace to the list of info leak indicators 2020-10-02 10:50:53 +02:00
.github Github Action - CodeQL 2020-10-01 10:52:51 +02:00
test XXE / SSRF / Cookies and more use-cases 2020-09-29 14:08:36 +02:00
utils Fix maximum recursion error + catch hardcoded password in define() 2020-01-09 22:59:26 +01:00
.gitignore Check for constant var 2017-11-14 11:10:21 +01:00
LICENSE License added 2017-05-27 21:05:28 +02:00
README.md XXE / SSRF / Cookies and more use-cases 2020-09-29 14:08:36 +02:00
detection.py XXE / SSRF / Cookies and more use-cases 2020-09-29 14:08:36 +02:00
functions.py Fixes for errors by pycodestyle (except E501) to run it 2019-04-05 16:32:45 +02:00
index.py Fix maximum recursion error + catch hardcoded password in define() 2020-01-09 22:59:26 +01:00
indicators.py Feat: add debug_print_backtrace to the list of info leak indicators 2020-10-02 10:50:53 +02:00

README.md

VulnyCode - PHP Code Static Analysis Tweet

1.0.0 Python Platform

Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.

# HELP
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  master*
╰─$ python3 index.py           
usage: index.py [-h] [--dir DIR] [--plain]

optional arguments:
  -h, --help  show this help message and exit
  --dir DIR   Directory to analyse
  --plain     No color in output

# Example
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  master*
╰─$ python3 index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

  • Arbitrary Cookie
  • Arbitrary File Deletion
  • Arbitrary Variable Overwrite
  • Cross Site Scripting
  • File Inclusion
  • File Inclusion / Path Traversal
  • File Upload
  • Header Injection
  • Information Leak
  • Insecure E-mail
  • Insecure Weak Random
  • LDAP Injection
  • PHP Object Injection
  • Remote Code Execution
  • Remote Command Execution
  • Server Side Request Forgery
  • Server Side Template Injection
  • SQL Injection
  • URL Redirection
  • Weak Cryptographic Hash
  • XML external entity
  • XPATH Injection
  • Hardcoded credentials
  • High Entropy string

if you want to export each vulnerabilities type into a folder use the "export.sh"

Don't forget to read the license ;)

Alternatives