• Stars
    star
    481
  • Rank 91,384 (Top 2 %)
  • Language
    PHP
  • License
    BSD 3-Clause "New...
  • Created about 6 years ago
  • Updated over 5 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

PHP Runtime Vulnerability Detection

prvd

Build Status GitHub

中文文档

Table of Contents

Introduction

PHP Runtime Vulnerability Detection

sentry_detail

Installation

  1. git clone to a non-web directory, assuming the directory is /data/prvd
git clone https://github.com/fate0/prvd.git /data/prvd
  1. composer
composer install
  1. install xmark extension
  1. edit php.ini
  • set auto_prepend_file to /data/prvd/src/Entry.php
  • set extension to xmark.so
  • for the rest of the configuration, please copy the contents of prvd.ini in this project

Configuration

edit /data/prvd/src/Config.php

define("PRVD_FUZZER_DSN", "");
define("PRVD_SENTRY_DSN", "");        
define("PRVD_TAINT_ENABLE", true);
define("PRVD_TANZI", "xtanzi");
define("PRVD_LOG_FILE", "/data/prvd/prvd.log");

Sign up for an account at https://sentry.io or install sentry server by yourself

DVWA

You can use the docker to experience prvd

docker pull fate0/prvd-dvwa
docker run -d -e "PRVD_SENTRY_DSN={YOUR_SENTRY_DSN}" -p 80:80 fate0/prvd-dvwa

The environment variables that can be set are

  • PRVD_FUZZER_DSN
  • PRVD_SENTRY_DSN
  • PRVD_TAINT_ENABLE
  • PRVD_TANZI

More about prvd-dvwa can be seen here

How it work

Ref