Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Go to file

tanaydin sirin 5b98259818 Merge branch 'master' into pycodestyle		2019-04-05 17:36:27 +02:00
test	Hardcoded credential	2017-11-20 21:56:02 +01:00
.gitignore	Check for constant var	2017-11-14 11:10:21 +01:00
LICENSE	License added	2017-05-27 21:05:28 +02:00
README.md	Hardcoded credential	2017-11-20 21:56:02 +01:00
detection.py	Fixes for errors by pycodestyle (except E501) to run it	2019-04-05 16:32:45 +02:00
export.sh	Hardcoded credential	2017-11-20 21:56:02 +01:00
functions.py	Fixes for errors by pycodestyle (except E501) to run it	2019-04-05 16:32:45 +02:00
index.py	Fixes for errors by pycodestyle (except E501) to run it	2019-04-05 16:32:45 +02:00
indicators.py	Fixes for errors by pycodestyle (except E501) to run it	2019-04-05 16:32:45 +02:00

README.md

PHP_Code_Static_Analysis

Basic script to detect vulnerabilities into a PHP source code

╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

SQL injection
Local File Inclusion
Insecure emails
Cross Site Scripting
Remote Commands Execution
LDAP injection
XPATH injection
Header injection
URL redirection
Hardcoded credential

if you want to export each vulnerabilities type into a folder use the "export.sh"

Don't forget to read the license ;)

README.md Unescape Escape

PHP_Code_Static_Analysis

README.md