php代码审计辅助脚本
2016-04-17 22:06
621 查看
#!/usr/bin/env python
import sys
import os
def main():
print '''
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1.include/require
2.exec/system/popen/passthru/proc_open/pcntl_exec/shell_exec
3.eval/preg_replace/assert/call_user_func/create_function
4._GET/_POST/_COOKIE/_SERVER/_REQUEST/php://input/getenv
5.session/cookie
6.extract/parse_str/mb_parse_str/import_request_variables
7.readfile/fpassthru/fwrite/fopen/move_uploaded_file/file_put_contents/unlink
8.select/insert/update/delete/order by/group by/limit/in(
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
'''
fuck = raw_input('Choose :#')
if fuck == '1':
vuls=['include(','include_once(','include ','include_once ','require(','require_once(','require','require_once ']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '2':
vuls=['exec(','exec ','system(','system (','popen(','popen ','passthru(','passthru ','proc_open(','proc_open ']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '3':
vuls=['eval(','eval ','preg_replace','assert','call_user_func','call_user_func_array','create_function']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '4':
vuls=['_GET','_POST','_COOKIE','_SERVER','_REQUEST','php://input','getenv']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '5':
vuls=['session','cookie']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '6':
vuls=['extract','parse_str','mb_parse_str','import_request_variables']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '7':
vuls=['readfile','fpassthru','fwrite','fread','move_uploaded_file','file_get_contents','file_put_contents','unlink','fopen']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '8':
vuls1=['select','delete']
for vul in vuls1:
cmd = "grep -n '\\$' -r ./ | grep -i from | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
vuls2=['update','order by','group by','limit','in(']
for vul in vuls2:
cmd = "grep -n '\\$' -r ./ | grep where | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
vuls3=['insert']
for vul in vuls3:
cmd = "grep -n '\\$' -r ./ | grep into | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
if __name__ == '__main__':
main()
根据网上的perl脚本,改了个python的脚本,主要用敏感关键字查找,代码很简单,有新的关键字,自己代码里添加关键字就好了。
用法:
把要扫描的目录和文件fuzz.py放在一起
运行python fuzz.py
import sys
import os
def main():
print '''
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1.include/require
2.exec/system/popen/passthru/proc_open/pcntl_exec/shell_exec
3.eval/preg_replace/assert/call_user_func/create_function
4._GET/_POST/_COOKIE/_SERVER/_REQUEST/php://input/getenv
5.session/cookie
6.extract/parse_str/mb_parse_str/import_request_variables
7.readfile/fpassthru/fwrite/fopen/move_uploaded_file/file_put_contents/unlink
8.select/insert/update/delete/order by/group by/limit/in(
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
'''
fuck = raw_input('Choose :#')
if fuck == '1':
vuls=['include(','include_once(','include ','include_once ','require(','require_once(','require','require_once ']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '2':
vuls=['exec(','exec ','system(','system (','popen(','popen ','passthru(','passthru ','proc_open(','proc_open ']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '3':
vuls=['eval(','eval ','preg_replace','assert','call_user_func','call_user_func_array','create_function']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '4':
vuls=['_GET','_POST','_COOKIE','_SERVER','_REQUEST','php://input','getenv']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '5':
vuls=['session','cookie']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '6':
vuls=['extract','parse_str','mb_parse_str','import_request_variables']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '7':
vuls=['readfile','fpassthru','fwrite','fread','move_uploaded_file','file_get_contents','file_put_contents','unlink','fopen']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '8':
vuls1=['select','delete']
for vul in vuls1:
cmd = "grep -n '\\$' -r ./ | grep -i from | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
vuls2=['update','order by','group by','limit','in(']
for vul in vuls2:
cmd = "grep -n '\\$' -r ./ | grep where | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
vuls3=['insert']
for vul in vuls3:
cmd = "grep -n '\\$' -r ./ | grep into | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
if __name__ == '__main__':
main()
根据网上的perl脚本,改了个python的脚本,主要用敏感关键字查找,代码很简单,有新的关键字,自己代码里添加关键字就好了。
用法:
把要扫描的目录和文件fuzz.py放在一起
运行python fuzz.py
相关文章推荐
- windows下PHP不能开启pgsql扩展的解决方法
- PHP中file_exists与is_file,is_dir的区别介绍
- php dir()函数的用法
- PHP的输出缓冲区(转)
- matplotlib01
- 夺命雷公狗---Thinkphp----9之中间层的创建,防止跨目录访问
- 类的权限修饰符
- php无缝连接滚动
- yii2搭建完美后台并实现rbac权限控制案例教程
- RTP 时间戳的处理
- BeagleBoneBlack学习(4)——UBuntu14.04下配置TFTP服务器与NFS服务器
- 夺命雷公狗---Thinkphp----8之栏目功能的分页显示
- PHP中的自定义常量与类常量
- 提高PHP代码质量的36个技巧
- php中获得数组长度的方法
- ZendStudio的配置导出
- php之重载__get() __set() isset() unset() __call() __callStatic()
- Win10中的IIS10安装php manager和IIS URL Rewrite
- 提高PHP代码质量的36个技巧
- 哈工大LTP和中科院NLPIR中文分词比较