Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Go to file

tanaydin sirin 6732d43099 Merge pull request #3 from tanaydin/plain_output Better output for file.		2019-04-05 15:12:49 +02:00
test	Hardcoded credential	2017-11-20 21:56:02 +01:00
.gitignore	Check for constant var	2017-11-14 11:10:21 +01:00
LICENSE	License added	2017-05-27 21:05:28 +02:00
README.md	Hardcoded credential	2017-11-20 21:56:02 +01:00
detection.py	Better output for file.	2019-04-05 15:11:57 +02:00
export.sh	Hardcoded credential	2017-11-20 21:56:02 +01:00
functions.py	Merge pull request #3 from tanaydin/plain_output	2019-04-05 15:12:49 +02:00
index.py	Better output for file.	2019-04-05 15:11:57 +02:00
indicators.py	More indicators : Header injection , URL redirect, SQL etc	2017-08-05 15:23:40 +02:00

README.md

PHP_Code_Static_Analysis

Basic script to detect vulnerabilities into a PHP source code

╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

SQL injection
Local File Inclusion
Insecure emails
Cross Site Scripting
Remote Commands Execution
LDAP injection
XPATH injection
Header injection
URL redirection
Hardcoded credential

if you want to export each vulnerabilities type into a folder use the "export.sh"

Don't forget to read the license ;)

README.md Unescape Escape

PHP_Code_Static_Analysis

README.md