semgrep --config=./semgrep/ vulns/*.php
Most of the semgrep rules provided in this repository are from https://github.com/returntocorp/semgrep-rules
Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.
# HELP
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis ‹master*›
╰─$ python3 index.py
usage: index.py [-h] [--dir DIR] [--plain]
optional arguments:
-h, --help show this help message and exit
--dir DIR Directory to analyse
--plain No color in output
# Example
╭─ 👻 swissky@crashlab: ~/Github/PHP_Code_Static_Analysis ‹master*›
╰─$ python3 index.py --dir vulns
------------------------------------------------------------
Analyzing 'vulns' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in vulns/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in vulns/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];
Currently detecting :
- Arbitrary Cookie
- Arbitrary File Deletion
- Arbitrary Variable Overwrite
- Cross Site Scripting
- File Inclusion
- File Inclusion / Path Traversal
- File Upload
- Header Injection
- Information Leak
- Insecure E-mail
- Insecure Weak Random
- LDAP Injection
- PHP Object Injection
- Remote Code Execution
- Remote Command Execution
- Server Side Request Forgery
- Server Side Template Injection
- SQL Injection
- URL Redirection
- Weak Cryptographic Hash
- XML external entity
- XPATH Injection
- Hardcoded credentials
- High Entropy string
if you want to export each vulnerabilities type into a folder use the "export.sh"
Don't forget to read the license ;)