Vulny Code Static Analysis下载 - Vulny Code Static Analysis源代码下载

Vulny Code Static Analysis

其他类别

1.0.0

下载

VULNYCODE- PHP代码静态分析 - 弃用

配x已弃用，您应该使用SEMGREP规则而不是此脚本： semgrep --config=./semgrep/ vulns/*.php本存储库中提供的大多数SEMGREP规则来自https://github.com/github.com/returntocorp/returntocorp/semgrep-rules

基本脚本将漏洞检测到PHP源代码中，它使用正则表达式来查找凹坑。

 # HELP
╭─ ? swissky@crashlab: ~ /Github/PHP_Code_Static_Analysis  ‹master * ›
╰─$ python3 index.py           
usage: index.py [-h] [--dir DIR] [--plain]

optional arguments:
  -h, --help  show this help message and exit
  --dir DIR   Directory to analyse
  --plain     No color in output

# Example
╭─ ? swissky@crashlab: ~ /Github/PHP_Code_Static_Analysis  ‹master * ›
╰─$ python3 index.py --dir vulns    
------------------------------------------------------------
Analyzing ' vulns ' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in vulns/include.php
Code : include( $_GET [ ' patisserie ' ])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in vulns/mail.php
Code : mail( $dest , " subject " , " message " , " " , " -f " . $_GET [ ' from ' ])
Declared at line 1 : $dest = $_GET [ ' who ' ] ;