PHP代码审计辅助脚本
2018-12-05 09:58
197 查看
#!/usr/bin/env python
import sys
import os
def main():
print '''
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1.include/require
2.exec/system/popen/passthru/proc_open/pcntl_exec/shell_exec
3.eval/preg_replace/assert/call_user_func/create_function
4._GET/_POST/_COOKIE/_SERVER/_REQUEST/php://input/getenv
5.session/cookie
6.extract/parse_str/mb_parse_str/import_request_variables
7.readfile/fpassthru/fwrite/fopen/move_uploaded_file/file_put_contents/unlink
8.select/insert/update/delete/order by/group by/limit/in(
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
'''
fuck = raw_input('Choose :#')
if fuck == '1':
vuls=['include(','include_once(','include ','include_once ','require(','require_once(','require','require_once ']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '2':
vuls=['exec(','exec ','system(','system (','popen(','popen ','passthru(','passthru ','proc_open(','proc_open ']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '3':
vuls=['eval(','eval ','preg_replace','assert','call_user_func','call_user_func_array','create_function']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '4':
vuls=['_GET','_POST','_COOKIE','_SERVER','_REQUEST','php://input','getenv']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '5':
vuls=['session','cookie']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '6':
vuls=['extract','parse_str','mb_parse_str','import_request_variables']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '7':
vuls=['readfile','fpassthru','fwrite','fread','move_uploaded_file','file_get_contents','file_put_contents','unlink','fopen']
for vul in vuls:
cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
os.system(cmd)
elif fuck == '8':
vuls1=['select','delete']
for vul in vuls1:
cmd = "grep -n '\\$' -r ./ | grep -i from | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
vuls2=['update','order by','group by','limit','in(']
for vul in vuls2:
cmd = "grep -n '\\$' -r ./ | grep where | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
vuls3=['insert']
for vul in vuls3:
cmd = "grep -n '\\$' -r ./ | grep into | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
os.system(cmd)
if __name__ == '__main__':
main()
根据网上的perl脚本,改了个python的脚本,主要用敏感关键字查找,代码很简单,有新的关键字,自己代码里添加关键字就好了。
用法:
- 把要扫描的目录和文件fuzz.py放在一起
- 运行python fuzz.py
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- php代码审计辅助脚本
- pyhont备份php代码脚本
- 【代码】PHP 脚本的技巧之动态创建图象
- 【转】PHP代码审计
- 简单的移动设备检测PHP脚本代码
- 接入脚本interface.php实现代码
- PHP下利用shell后台运行PHP脚本,并获取该脚本的Process ID的代码
- php漏洞与代码审计
- PHP代码格式化批量脚本
- 【转】PHP代码审计
- apache定时自动启动脚本程序代码-apache-Php教程
- 用PHP书写安全的脚本代码
- 深入解析PHP CLI脚本代码范例
- PHP预防跨站脚本(XSS)攻击且不影响html代码显示效果
- [置顶] PHP语言代码漏洞审计技巧笔记分享
- 用popen实现在PHP代码异步调用服务器端的shell脚本
- php漏洞与代码审计
- PHP代码审计片段讲解(入门代码审计、CTF必备)
- PHP代码审计实战之盾灵CMS
- 实用PHP脚本:最新县及县以上行政区划代码