swisskyrepo
/
Vulny-Code-Static-Analysis
mirror of https://github.com/swisskyrepo/Vulny-Code-Static-Analysis.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
14 Commits
1 Branch
0 Tags
144 KiB
PHP 61.9%
Python 31.4%
Blade 5.1%
Shell 1.6%
 
 
 
 
Go to file
Swissky d8b39c37db License added 2017-05-27 21:05:28 +02:00
test Bug fix - Multiple variables in one single line 2017-05-27 03:07:46 +02:00
.gitignore Basic refactoring 2017-05-21 15:56:42 +02:00
LICENSE License added 2017-05-27 21:05:28 +02:00
README.md Display function cleaned 2017-05-21 17:59:11 +02:00
detection.py Feature - check declaration for false positive 2017-05-27 03:15:49 +02:00
functions.py Bug fix - Multiple variables in one single line 2017-05-27 03:07:46 +02:00
index.py License added 2017-05-27 21:05:28 +02:00
indicators.py Small regex improvement to detect vulnerabilities 2017-05-26 20:52:23 +02:00

README.md

PHP_Code_Static_Analysis

Basic script to detect vulnerabilities into a PHP source code

╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  master*
╰─$ python index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

  • SQL injection
  • Local File Inclusion
  • Insecure emails
  • Cross Site Scripting