Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
 
 
 
 
Go to file
Swissky fb44cb3b51 Help added for command line 2017-05-25 17:30:16 +02:00
test Bugfix - Constant var not vuln +$_XXX vuln display 2017-05-25 15:54:35 +02:00
.gitignore Basic refactoring 2017-05-21 15:56:42 +02:00
README.md Display function cleaned 2017-05-21 17:59:11 +02:00
detection.py Bugfix - Constant var not vuln +$_XXX vuln display 2017-05-25 15:54:35 +02:00
functions.py Help added for command line 2017-05-25 17:30:16 +02:00
index.py Help added for command line 2017-05-25 17:30:16 +02:00
indicators.py Echo bug fixed - refactored into small fcts 2017-05-21 20:39:28 +02:00

README.md

PHP_Code_Static_Analysis

Basic script to detect vulnerabilities into a PHP source code

╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  master*
╰─$ python index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

  • SQL injection
  • Local File Inclusion
  • Insecure emails
  • Cross Site Scripting