Giter Site home page Giter Site logo

hartl3y94 / vulny-code-static-analysis Goto Github PK

View Code? Open in Web Editor NEW

This project forked from swisskyrepo/vulny-code-static-analysis

0.0 0.0 0.0 81 KB

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

License: Other

Python 58.98% PHP 37.98% Shell 3.04%

vulny-code-static-analysis's Introduction

VulnyCode - PHP Code Static Analysis Tweet

1.0.0 Python Platform

Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.

# HELP
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python3 index.py           
usage: index.py [-h] [--dir DIR] [--plain]

optional arguments:
  -h, --help  show this help message and exit
  --dir DIR   Directory to analyse
  --plain     No color in output

# Example
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python3 index.py --dir test    
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

  • Arbitrary Cookie
  • Arbitrary File Deletion
  • Arbitrary Variable Overwrite
  • Cross Site Scripting
  • File Inclusion
  • File Inclusion / Path Traversal
  • File Upload
  • Header Injection
  • Information Leak
  • Insecure E-mail
  • Insecure Weak Random
  • LDAP Injection
  • PHP Object Injection
  • Remote Code Execution
  • Remote Command Execution
  • Server Side Request Forgery
  • Server Side Template Injection
  • SQL Injection
  • URL Redirection
  • Weak Cryptographic Hash
  • XML external entity
  • XPATH Injection
  • Hardcoded credentials
  • High Entropy string

if you want to export each vulnerabilities type into a folder use the "export.sh"

Don't forget to read the license ;)

Alternatives

vulny-code-static-analysis's People

Contributors

chgq1020 avatar rude-monkey avatar swisskyrepo avatar tanaydin avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.