• Stars
    star
    391
  • Rank 110,003 (Top 3 %)
  • Language
    PHP
  • License
    Other
  • Created over 7 years ago
  • Updated over 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex

VulnyCode - PHP Code Static Analysis Tweet - Deprecated

1.0.0 Python Platform

⚠️ Deprecated, you should use semgrep rules instead of this script: semgrep --config=./semgrep/ vulns/*.php Most of the semgrep rules provided in this repository are from https://github.com/returntocorp/semgrep-rules

Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.

# HELP
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python3 index.py           
usage: index.py [-h] [--dir DIR] [--plain]

optional arguments:
  -h, --help  show this help message and exit
  --dir DIR   Directory to analyse
  --plain     No color in output

# Example
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis  ‹master*›
╰─$ python3 index.py --dir vulns    
------------------------------------------------------------
Analyzing 'vulns' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in vulns/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in vulns/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];

Currently detecting :

  • Arbitrary Cookie
  • Arbitrary File Deletion
  • Arbitrary Variable Overwrite
  • Cross Site Scripting
  • File Inclusion
  • File Inclusion / Path Traversal
  • File Upload
  • Header Injection
  • Information Leak
  • Insecure E-mail
  • Insecure Weak Random
  • LDAP Injection
  • PHP Object Injection
  • Remote Code Execution
  • Remote Command Execution
  • Server Side Request Forgery
  • Server Side Template Injection
  • SQL Injection
  • URL Redirection
  • Weak Cryptographic Hash
  • XML external entity
  • XPATH Injection
  • Hardcoded credentials
  • High Entropy string

if you want to export each vulnerabilities type into a folder use the "export.sh"

Don't forget to read the license ;)

Alternatives