Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

Go to file

Swissky ca3fba1758 More indicators : Header injection , URL redirect, SQL etc		2017-08-05 15:23:40 +02:00
test	BUGFIX - Detection for var as for($something as $else)	2017-06-05 20:18:48 +02:00
.gitignore	Basic refactoring	2017-05-21 15:56:42 +02:00
LICENSE	License added	2017-05-27 21:05:28 +02:00
README.md	More indicators : Header injection , URL redirect, SQL etc	2017-08-05 15:23:40 +02:00
detection.py	BUGFIX - Only the nth occurence var is colored if dup vuln	2017-06-05 22:56:23 +02:00
functions.py	BUGFIX - Colored variable badly displayed when count>2	2017-06-06 22:51:01 +02:00
index.py	BUGFIX - Only the nth occurence var is colored if dup vuln	2017-06-05 22:56:23 +02:00
indicators.py	More indicators : Header injection , URL redirect, SQL etc	2017-08-05 15:23:40 +02:00

README.md

PHP_Code_Static_Analysis

Basic script to detect vulnerabilities into a PHP source code

╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

SQL injection
Local File Inclusion
Insecure emails
Cross Site Scripting
Remote Commands Execution
LDAP injection
XPATH injection
Header injection
URL redirection

Don't forget to read the license ;)

README.md Unescape Escape

PHP_Code_Static_Analysis

README.md