prvd
Table of Contents
Introduction
PHP Runtime Vulnerability Detection
Installation
- git clone to a non-web directory, assuming the directory is
/data/prvd
git clone https://github.com/fate0/prvd.git /data/prvd
- composer
composer install
- install xmark extension
- edit php.ini
- set
auto_prepend_file
to/data/prvd/src/Entry.php
- set
extension
toxmark.so
- for the rest of the configuration, please copy the contents of prvd.ini in this project
Configuration
edit /data/prvd/src/Config.php
define("PRVD_FUZZER_DSN", "");
define("PRVD_SENTRY_DSN", "");
define("PRVD_TAINT_ENABLE", true);
define("PRVD_TANZI", "xtanzi");
define("PRVD_LOG_FILE", "/data/prvd/prvd.log");
Sign up for an account at https://sentry.io or install sentry server by yourself
DVWA
You can use the docker to experience prvd
docker pull fate0/prvd-dvwa
docker run -d -e "PRVD_SENTRY_DSN={YOUR_SENTRY_DSN}" -p 80:80 fate0/prvd-dvwa
The environment variables that can be set are
PRVD_FUZZER_DSN
PRVD_SENTRY_DSN
PRVD_TAINT_ENABLE
PRVD_TANZI
More about prvd-dvwa
can be seen here