Awesome Open Source
Awesome Open Source

VulnyCode - PHP Code Static Analysis Tweet

1.0.0 Python Platform

Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.

# HELP
╭─ 👻 [email protected]: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python3 index.py           
usage: index.py [-h] [--dir DIR] [--plain]

optional arguments:
  -h, --help  show this help message and exit
  --dir DIR   Directory to analyse
  --plain     No color in output

# Example
╭─ 👻 [email protected]: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python3 index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

  • Arbitrary Cookie
  • Arbitrary File Deletion
  • Arbitrary Variable Overwrite
  • Cross Site Scripting
  • File Inclusion
  • File Inclusion / Path Traversal
  • File Upload
  • Header Injection
  • Information Leak
  • Insecure E-mail
  • Insecure Weak Random
  • LDAP Injection
  • PHP Object Injection
  • Remote Code Execution
  • Remote Command Execution
  • Server Side Request Forgery
  • Server Side Template Injection
  • SQL Injection
  • URL Redirection
  • Weak Cryptographic Hash
  • XML external entity
  • XPATH Injection
  • Hardcoded credentials
  • High Entropy string

if you want to export each vulnerabilities type into a folder use the "export.sh"

Don't forget to read the license ;)

Alternatives


Get A Weekly Email With Trending Projects For These Topics
No Spam. Unsubscribe easily at any time.
python (53,503
php (16,476
hacktoberfest (4,240
security-tools (403
static-analysis (250
vulnerabilities (96
security-scanner (80
audit (77