PHP代码审计辅助脚本
Posted 没有标题
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了PHP代码审计辅助脚本相关的知识,希望对你有一定的参考价值。
#!/usr/bin/env python import sys import os def main(): print ‘‘‘ -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= 1.include/require 2.exec/system/popen/passthru/proc_open/pcntl_exec/shell_exec 3.eval/preg_replace/assert/call_user_func/create_function 4._GET/_POST/_COOKIE/_SERVER/_REQUEST/php://input/getenv 5.session/cookie 6.extract/parse_str/mb_parse_str/import_request_variables 7.readfile/fpassthru/fwrite/fopen/move_uploaded_file/file_put_contents/unlink 8.select/insert/update/delete/order by/group by/limit/in( -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= ‘‘‘ fuck = raw_input(‘Choose :#‘) if fuck == ‘1‘: vuls=[‘include(‘,‘include_once(‘,‘include ‘,‘include_once ‘,‘require(‘,‘require_once(‘,‘require‘,‘require_once ‘] for vul in vuls: cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color" os.system(cmd) elif fuck == ‘2‘: vuls=[‘exec(‘,‘exec ‘,‘system(‘,‘system (‘,‘popen(‘,‘popen ‘,‘passthru(‘,‘passthru ‘,‘proc_open(‘,‘proc_open ‘] for vul in vuls: cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color" os.system(cmd) elif fuck == ‘3‘: vuls=[‘eval(‘,‘eval ‘,‘preg_replace‘,‘assert‘,‘call_user_func‘,‘call_user_func_array‘,‘create_function‘] for vul in vuls: cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color" os.system(cmd) elif fuck == ‘4‘: vuls=[‘_GET‘,‘_POST‘,‘_COOKIE‘,‘_SERVER‘,‘_REQUEST‘,‘php://input‘,‘getenv‘] for vul in vuls: cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color" os.system(cmd) elif fuck == ‘5‘: vuls=[‘session‘,‘cookie‘] for vul in vuls: cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color" os.system(cmd) elif fuck == ‘6‘: vuls=[‘extract‘,‘parse_str‘,‘mb_parse_str‘,‘import_request_variables‘] for vul in vuls: cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color" os.system(cmd) elif fuck == ‘7‘: vuls=[‘readfile‘,‘fpassthru‘,‘fwrite‘,‘fread‘,‘move_uploaded_file‘,‘file_get_contents‘,‘file_put_contents‘,‘unlink‘,‘fopen‘] for vul in vuls: cmd = "grep -n ‘\$‘ -r ./ | grep -v .js: | grep -v fuzz.py | grep ‘" + vul + "‘ --color" os.system(cmd) elif fuck == ‘8‘: vuls1=[‘select‘,‘delete‘] for vul in vuls1: cmd = "grep -n ‘\$‘ -r ./ | grep -i from | grep -v fuzz.py | grep -v .js: | grep ‘" + vul + "‘ --color" os.system(cmd) vuls2=[‘update‘,‘order by‘,‘group by‘,‘limit‘,‘in(‘] for vul in vuls2: cmd = "grep -n ‘\$‘ -r ./ | grep where | grep -v fuzz.py | grep -v .js: | grep ‘" + vul + "‘ --color" os.system(cmd) vuls3=[‘insert‘] for vul in vuls3: cmd = "grep -n ‘\$‘ -r ./ | grep into | grep -v fuzz.py | grep -v .js: | grep ‘" + vul + "‘ --color" os.system(cmd) if __name__ == ‘__main__‘: main()
根据网上的perl脚本,改了个python的脚本,主要用敏感关键字查找,代码很简单,有新的关键字,自己代码里添加关键字就好了。
用法:
- 把要扫描的目录和文件fuzz.py放在一起
- 运行python fuzz.py
以上是关于PHP代码审计辅助脚本的主要内容,如果未能解决你的问题,请参考以下文章