Last active
October 4, 2016 22:15
-
-
Save nstarke/48a103f93027b4de300b to your computer and use it in GitHub Desktop.
PHP Vulnerability egrep
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# this command searches all PHP files in a directory for vulnerable shell functions | |
egrep -r --include "*.php" -e "(system|exec|popen|pcntl_exec|proc_open)\(" . | |
# this command searches all PHP files in a directory for certain vulnerable php execution functions | |
egrep -r --include "*.php" -e "(eval|assert|preg_replace)\(" . | |
# this command returns instances where variables are echoed out without htmlspecialchars() | |
# it can be useful for finding XSS vulnerabilities in PHP code | |
egrep -r --include "*.php" -e "echo\s*\\$.*;" . | |
# this command returns all instances of the back-tick (`) operator, which is used to execute arbitary shell commands in PHP | |
# many times this returns string literals | |
egrep -r --include "*.php" -e "\`.*\`" . | |
# this command will return hard-coded database credentials / addresses | |
egrep -r --include "*.php" -e "(mysql_connect|mysqli)\(\s*(\"|\').+(\"|\')\,\s*(\"|\').+(\"|\')\,\s*(\"|\').+(\"|\')" . | |
# this command will return potential unsafe SQL query executions: | |
egrep -r --include "*.php" -e "\->(query|exec)\(\s*\".*\".*\." . | |
# this command will return all PHP files in a directory for file system access | |
egrep -r --include "*.php" -e "(fopen|fread|fwrite|fclose)\(" . | |
# this command will return instances where crypto operations are performed | |
egrep -r --include "*.php" -e "mcrypt_|openssl_|mhash_|random_|crack_" . | |
# this command will return instances of weak PRNG's | |
# look for hard coded seed values! | |
egrep -r --include "*.php" -e "(mt_srand|lcg_value|rand)\(\s*\d+" . | |
# this command will return instances where XXE might be possible | |
# look for 'true' | |
egrep -r --include "*.php" -e "libxml_disable_entity_loader\(" . | |
# look for hard coded port values | |
egrep -r --include "*.php" -e "(\\$|\->)port\s*\=\s*\d+" . | |
# this command will look for hardcoded usernames and passwords | |
egrep -r --include "*.php" -e "(\\$|\->)?(\\[\")?(user|pass|username|password)(\"\\])?\s*=\s*\".*\"" . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment