0xabad1dea/phppasswordfunctions.txt

## phppasswordfunctions.txt
Here is a huge list of functions listed in the PHP manual which take an argument
which contains sensitive data, either directly or as an array element. Use it to
"audit" for statically embedded passwords in "your" codebase. Some of these are
very obscure/deprecated/whatever. The ones with "construct" in the name are
classes called in source like new foo("password");...


http://php.net/manual/en/function.hash-hmac.php

http://www.php.net/manual/en/function.curl-setopt.php

http://php.net/manual/en/function.ssh2-auth-password.php <-- (the note about this not supporting keyboard_interactive from the getgo is just precious)

http://www.php.net/manual/en/function.mysql-connect.php

http://www.php.net/manual/en/function.mysqli-connect.php

http://www.php.net/manual/en/mysqli.construct.php

http://www.php.net/manual/en/pdo.construct.php

http://www.php.net/manual/en/function.oci-connect.php

http://www.php.net/manual/en/function.oci-new-connect.php

http://www.php.net/manual/en/function.oci-pconnect.php

http://php.net/manual/en/function.mysql-pconnect.php

http://www.php.net/manual/en/function.ldap-bind.php

http://www.php.net/manual/en/function.ftp-login.php

http://php.net/manual/en/function.mssql-connect.php

http://www.php.net/manual/en/function.mssql-pconnect.php

http://www.php.net/manual/en/function.ssh2-auth-hostbased-file.php

http://www.php.net/manual/en/function.ssh2-auth-pubkey-file.php

http://www.php.net/manual/en/function.hw-connect.php

http://www.php.net/manual/en/function.svn-auth-set-parameter.php <-- depends on first argument

http://www.php.net/manual/en/function.yaz-connect.php

http://www.php.net/manual/en/function.pg-connect.php

http://www.php.net/manual/en/function.pg-pconnect.php

http://php.net/manual/en/function.imap-open.php

http://www.php.net/manual/en/function.cyrus-authenticate.php

http://www.php.net/manual/en/function.vpopmail-add-user.php

http://www.php.net/manual/en/function.vpopmail-auth-user.php

http://www.php.net/manual/en/function.vpopmail-passwd.php

http://www.php.net/manual/en/function.mcrypt-encrypt.php

http://www.php.net/manual/en/function.mcrypt-decrypt.php

http://www.php.net/manual/en/function.openssl-encrypt.php

http://www.php.net/manual/en/function.openssl-decrypt.php

http://www.php.net/manual/en/function.openssl-private-decrypt.php

http://www.php.net/manual/en/function.openssl-private-encrypt.php

http://www.php.net/manual/en/function.openssl-public-decrypt.php

http://www.php.net/manual/en/function.openssl-public-encrypt.php

http://www.php.net/manual/en/function.kadm5-init-with-password.php

http://www.php.net/manual/en/function.dbx-connect.php

http://www.php.net/manual/en/function.odbc-connect.php

http://www.php.net/manual/en/function.cubrid-connect.php

http://www.php.net/manual/en/function.cubrid-connect-with-url.php

http://www.php.net/manual/en/function.cubrid-connect.php

http://www.php.net/manual/en/function.cubrid-pconnect.php

http://www.php.net/manual/en/function.cubrid-pconnect-with-url.php

http://www.php.net/manual/en/function.ibase-connect.php

http://www.php.net/manual/en/function.ibase-pconnect.php

http://www.php.net/manual/en/function.fbsql-connect.php

http://www.php.net/manual/en/function.fbsql-pconnect.php

http://www.php.net/manual/en/function.fbsql-database-password.php

http://www.php.net/manual/en/function.fbsql-password.php

http://www.php.net/manual/en/function.fbsql-set-password.php

http://www.php.net/manual/en/function.db2-connect.php

http://www.php.net/manual/en/function.db2-pconnect.php

http://www.php.net/manual/en/function.ifx-connect.php

http://www.php.net/manual/en/function.ifx-pconnect.php

http://www.php.net/manual/en/function.ingres-connect.php

http://www.php.net/manual/en/function.ingres-pconnect.php

http://www.php.net/manual/en/function.maxdb-connect.php

http://www.php.net/manual/en/function.maxdb-real-connect.php

http://www.php.net/manual/en/mongoclient.construct.php

http://www.php.net/manual/en/function.ovrimos-connect.php

http://www.php.net/manual/en/function.sqlsrv-connect.php

http://www.php.net/manual/en/function.sybase-connect.php

http://www.php.net/manual/en/function.sybase-pconnect.php

http://www.php.net/manual/en/oauth.construct.php <-- technically "secret" but these things leak all the time

http://www.php.net/manual/en/soapclient.soapclient.php

http://www.php.net/manual/en/varnishadmin.construct.php

http://www.php.net/manual/en/varnishadmin.setsecret.php

http://www.php.net/manual/en/snmp.construct.php

http://www.php.net/manual/en/snmp.setsecurity.php

http://www.php.net/manual/en/stomp.construct.php

http://www.php.net/manual/en/amqpconnection.setpassword.php

http://www.php.net/manual/en/amqpconnection.construct.php

0xabad1dea
	Here is a huge list of functions listed in the PHP manual which take an argument
	which contains sensitive data, either directly or as an array element. Use it to
	"audit" for statically embedded passwords in "your" codebase. Some of these are
	very obscure/deprecated/whatever. The ones with "construct" in the name are
	classes called in source like new foo("password");...


	http://php.net/manual/en/function.hash-hmac.php

	http://www.php.net/manual/en/function.curl-setopt.php

	http://php.net/manual/en/function.ssh2-auth-password.php <-- (the note about this not supporting keyboard_interactive from the getgo is just precious)

	http://www.php.net/manual/en/function.mysql-connect.php

	http://www.php.net/manual/en/function.mysqli-connect.php

	http://www.php.net/manual/en/mysqli.construct.php

	http://www.php.net/manual/en/pdo.construct.php

	http://www.php.net/manual/en/function.oci-connect.php

	http://www.php.net/manual/en/function.oci-new-connect.php

	http://www.php.net/manual/en/function.oci-pconnect.php

	http://php.net/manual/en/function.mysql-pconnect.php

	http://www.php.net/manual/en/function.ldap-bind.php

	http://www.php.net/manual/en/function.ftp-login.php

	http://php.net/manual/en/function.mssql-connect.php

	http://www.php.net/manual/en/function.mssql-pconnect.php

	http://www.php.net/manual/en/function.ssh2-auth-hostbased-file.php

	http://www.php.net/manual/en/function.ssh2-auth-pubkey-file.php

	http://www.php.net/manual/en/function.hw-connect.php

	http://www.php.net/manual/en/function.svn-auth-set-parameter.php <-- depends on first argument

	http://www.php.net/manual/en/function.yaz-connect.php

	http://www.php.net/manual/en/function.pg-connect.php

	http://www.php.net/manual/en/function.pg-pconnect.php

	http://php.net/manual/en/function.imap-open.php

	http://www.php.net/manual/en/function.cyrus-authenticate.php

	http://www.php.net/manual/en/function.vpopmail-add-user.php

	http://www.php.net/manual/en/function.vpopmail-auth-user.php

	http://www.php.net/manual/en/function.vpopmail-passwd.php

	http://www.php.net/manual/en/function.mcrypt-encrypt.php

	http://www.php.net/manual/en/function.mcrypt-decrypt.php

	http://www.php.net/manual/en/function.openssl-encrypt.php

	http://www.php.net/manual/en/function.openssl-decrypt.php

	http://www.php.net/manual/en/function.openssl-private-decrypt.php

	http://www.php.net/manual/en/function.openssl-private-encrypt.php

	http://www.php.net/manual/en/function.openssl-public-decrypt.php

	http://www.php.net/manual/en/function.openssl-public-encrypt.php

	http://www.php.net/manual/en/function.kadm5-init-with-password.php

	http://www.php.net/manual/en/function.dbx-connect.php

	http://www.php.net/manual/en/function.odbc-connect.php

	http://www.php.net/manual/en/function.cubrid-connect.php

	http://www.php.net/manual/en/function.cubrid-connect-with-url.php

	http://www.php.net/manual/en/function.cubrid-connect.php

	http://www.php.net/manual/en/function.cubrid-pconnect.php

	http://www.php.net/manual/en/function.cubrid-pconnect-with-url.php

	http://www.php.net/manual/en/function.ibase-connect.php

	http://www.php.net/manual/en/function.ibase-pconnect.php

	http://www.php.net/manual/en/function.fbsql-connect.php

	http://www.php.net/manual/en/function.fbsql-pconnect.php

	http://www.php.net/manual/en/function.fbsql-database-password.php

	http://www.php.net/manual/en/function.fbsql-password.php

	http://www.php.net/manual/en/function.fbsql-set-password.php

	http://www.php.net/manual/en/function.db2-connect.php

	http://www.php.net/manual/en/function.db2-pconnect.php

	http://www.php.net/manual/en/function.ifx-connect.php

	http://www.php.net/manual/en/function.ifx-pconnect.php

	http://www.php.net/manual/en/function.ingres-connect.php

	http://www.php.net/manual/en/function.ingres-pconnect.php

	http://www.php.net/manual/en/function.maxdb-connect.php

	http://www.php.net/manual/en/function.maxdb-real-connect.php

	http://www.php.net/manual/en/mongoclient.construct.php

	http://www.php.net/manual/en/function.ovrimos-connect.php

	http://www.php.net/manual/en/function.sqlsrv-connect.php

	http://www.php.net/manual/en/function.sybase-connect.php

	http://www.php.net/manual/en/function.sybase-pconnect.php

	http://www.php.net/manual/en/oauth.construct.php <-- technically "secret" but these things leak all the time

	http://www.php.net/manual/en/soapclient.soapclient.php

	http://www.php.net/manual/en/varnishadmin.construct.php

	http://www.php.net/manual/en/varnishadmin.setsecret.php

	http://www.php.net/manual/en/snmp.construct.php

	http://www.php.net/manual/en/snmp.setsecurity.php

	http://www.php.net/manual/en/stomp.construct.php

	http://www.php.net/manual/en/amqpconnection.setpassword.php

	http://www.php.net/manual/en/amqpconnection.construct.php

	0xabad1dea