PHP代码审计辅助脚本

Posted 没有标题

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了PHP代码审计辅助脚本相关的知识,希望对你有一定的参考价值。

#!/usr/bin/env python

import sys
import os

def main():
print ‘‘‘
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1.include/require
2.exec/system/popen/passthru/proc_open/pcntl_exec/shell_exec
3.eval/preg_replace/assert/call_user_func/create_function
4._GET/_POST/_COOKIE/_SERVER/_REQUEST/php://input/getenv
5.session/cookie
6.extract/parse_str/mb_parse_str/import_request_variables
7.readfile/fpassthru/fwrite/fopen/move_uploaded_file/file_put_contents/unlink
8.select/insert/update/delete/order by/group by/limit/in(
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
‘‘‘

fuck = raw_input(Choose :#) 

if fuck == 1:
vuls=[include(,include_once(,include ,include_once ,require(,require_once(,require,require_once ]
for vul in vuls:
cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color"
os.system(cmd)

elif fuck == 2:
vuls=[exec(,exec ,system(,system (,popen(,popen ,passthru(,passthru ,proc_open(,proc_open ]
for vul in vuls:
cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color"
os.system(cmd)

elif fuck == 3:
vuls=[eval(,eval ,preg_replace,assert,call_user_func,call_user_func_array,create_function]
for vul in vuls:
cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color"
os.system(cmd)

elif fuck == 4:
vuls=[_GET,_POST,_COOKIE,_SERVER,_REQUEST,php://input,getenv]
for vul in vuls:
cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color"
os.system(cmd)

elif fuck == 5:
vuls=[session,cookie]
for vul in vuls:
cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color"
os.system(cmd)

elif fuck == 6:
vuls=[extract,parse_str,mb_parse_str,import_request_variables]
for vul in vuls:
cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color"
os.system(cmd)

elif fuck == 7:
vuls=[readfile,fpassthru,fwrite,fread,move_uploaded_file,file_get_contents,file_put_contents,unlink,fopen]
for vul in vuls:
cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color"
os.system(cmd)

elif fuck == 8:
vuls1=[select,delete]
for vul in vuls1:
cmd = "grep -n ‘\$‘ -r ./ | grep -i from | grep -v fuzz.py | grep -v .js: | grep ‘" + vul + "‘ --color"
os.system(cmd)
vuls2=[update,order by,group by,limit,in(]
for vul in vuls2:
cmd = "grep -n ‘\$‘ -r ./ | grep where | grep -v fuzz.py | grep -v .js: | grep ‘" + vul + "‘ --color"
os.system(cmd)
vuls3=[insert]
for vul in vuls3:
cmd = "grep -n ‘\$‘ -r ./ | grep into | grep -v fuzz.py | grep -v .js: | grep ‘" + vul + "‘ --color"
os.system(cmd)

if __name__ == __main__:
main()

根据网上的perl脚本,改了个python的脚本,主要用敏感关键字查找,代码很简单,有新的关键字,自己代码里添加关键字就好了。

用法:

  • 把要扫描的目录和文件fuzz.py放在一起
  • 运行python fuzz.py

以上是关于PHP代码审计辅助脚本的主要内容,如果未能解决你的问题,请参考以下文章

PHP代码审计1-审计环境与调试函数

2020/1/29 PHP代码审计之XSS漏洞

PHP代码审计学习——文件上传

php代码审计基础笔记

Flag-PHP-代码审计过check

php代码审计8审计文件上传漏洞