Skip to content
/ shin-php-analyzer Public

Shin PHP Analyzer is a tool based on Zend Engine to analyze the vulnerable PHP source code.

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

SH1NK10KU/shin-php-analyzer

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits

README.md

README.md

 
 

shin_php_analyzer.log

shin_php_analyzer.log

 
 

shin_php_analyzer_include_file_for_test_cases.php

shin_php_analyzer_include_file_for_test_cases.php

 
 

shin_php_analyzer_main_file_of_test_cases.php

shin_php_analyzer_main_file_of_test_cases.php

 
 

Repository files navigation

shin-php-analyzer

Introduction

Shin PHP Analyzer is a tool based on Zend Engine to analyze the vulnerable PHP source code.

Details

  • Now ready for XSS, SQLI, CMDI.
  1. XSS: htmlspecialchars, htmlentities -> echo, print, printf
  2. SQLI: mysql_real_escape_string, addslashes, sqlite_escape_string -> mysql_query, mysqli_query, sqlite_query, sqlite_single_query
  3. CMDI: escapeshellcmd, escapeshellarg -> exec, passthru, proc_open, shell_exec, system
  • Two level warning:
  1. ALERT: VULNERABLE!
  2. WARN: MAY BE VULNERABLE!

Plan

Cover FUA (File Upload Attack) and so on.

Author

Shin Feng

Contact me

shin.f.kan@gmail.com

About

Shin PHP Analyzer is a tool based on Zend Engine to analyze the vulnerable PHP source code.

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages