Vulny Code Static Analysis下載 - Vulny Code Static Analysis源代碼下載

Vulny Code Static Analysis

其他類別

1.0.0

下載

VULNYCODE- PHP代碼靜態分析 - 棄用

配x已棄用，您應該使用SEMGREP規則而不是此腳本： semgrep --config=./semgrep/ vulns/*.php本存儲庫中提供的大多數SEMGREP規則來自https://github.com/github.com/returntocorp/returntocorp/semgrep-rules

基本腳本將漏洞檢測到PHP源代碼中，它使用正則表達式來查找凹坑。

 # HELP
╭─ ? swissky@crashlab: ~ /Github/PHP_Code_Static_Analysis  ‹master * ›
╰─$ python3 index.py           
usage: index.py [-h] [--dir DIR] [--plain]

optional arguments:
  -h, --help  show this help message and exit
  --dir DIR   Directory to analyse
  --plain     No color in output

# Example
╭─ ? swissky@crashlab: ~ /Github/PHP_Code_Static_Analysis  ‹master * ›
╰─$ python3 index.py --dir vulns    
------------------------------------------------------------
Analyzing ' vulns ' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in vulns/include.php
Code : include( $_GET [ ' patisserie ' ])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in vulns/mail.php
Code : mail( $dest , " subject " , " message " , " " , " -f " . $_GET [ ' from ' ])
Declared at line 1 : $dest = $_GET [ ' who ' ] ;