def printcodeline(_line, i, _fn, _message, _code, verbose):
"""
Formats and prints line of output
"""
_fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)]
print(":: line %d :: \33[33;1m%s\33[0m %s " % (i, _fn, _message))
if verbose:
if i > 3:
print(
str(i - 3) + ' ' + beautyConsole.getColor("grey") +
_code[i - 3].rstrip() +
beautyConsole.getSpecialChar("endline"))
if i > 2:
print(
str(i - 2) + ' ' + beautyConsole.getColor("grey") +
_code[i - 2].rstrip() +
beautyConsole.getSpecialChar("endline"))
print(
str(i) + ' ' + beautyConsole.getColor("green") + _line.rstrip() +
beautyConsole.getSpecialChar("endline"))
if i < len(_code) - 1:
print(
str(i + 1) + ' ' + beautyConsole.getColor("grey") +
_code[i + 1].rstrip() +
beautyConsole.getSpecialChar("endline"))
if i < len(_code) - 2:
print(
str(i + 2) + ' ' + beautyConsole.getColor("grey") +
_code[i + 2].rstrip() +
beautyConsole.getSpecialChar("endline"))
def main(src):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
print "-" * 14, " FILE: \33[33m%s\33[0m " % src, "-" * (
linelength - filenamelength - 21), "\n"
for _line in _file:
i += 1
__line = _line.strip()
for _fn in PATTERNS:
if _fn in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound)
if total < 1:
print beautyConsole.getColor("green") + \
"No dangerous functions found\n" + \
beautyConsole.getSpecialChar("endline")
else:
print beautyConsole.getColor("red") + \
"Found %d dangerous functions total\n" % (total) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def printcodeline(_line,
i,
fn,
prev_line="",
next_line="",
prev_prev_line="",
next_next_line="",
severity={},
verbose=False):
"""
Formats and prints line of output
"""
impact_color = {"low": "green", "medium": "yellow", "high": "red"}
if verbose == True:
print " line %d :: \33[33;1m%s\33[0m " % (i, fn)
else:
print "{}line {} :: {}{} ".format(beautyConsole.getColor("white"), i,
beautyConsole.getColor("grey"),
_line.strip())
# print legend only if there i sentry in pefdocs.py
if fn and fn.strip() in pefdocs.exploitableFunctionsDesc.keys():
impact = pefdocs.exploitableFunctionsDesc.get(fn.strip())[3]
description = pefdocs.exploitableFunctionsDesc.get(fn.strip())[0]
syntax = pefdocs.exploitableFunctionsDesc.get(fn.strip())[1]
vuln_class = pefdocs.exploitableFunctionsDesc.get(fn.strip())[2]
if verbose == True:
print "\n {}{}{}".format(beautyConsole.getColor("white"),
description,
beautyConsole.getSpecialChar("endline"))
print " {}{}{}".format(beautyConsole.getColor("grey"), syntax,
beautyConsole.getSpecialChar("endline"))
print " Potential impact: {}{}{}".format(
beautyConsole.getColor(impact_color[impact]), vuln_class,
beautyConsole.getSpecialChar("endline"))
if impact not in severity.keys():
severity[impact] = 1
else:
severity[impact] = severity[impact] + 1
if verbose == True:
print "\n"
if prev_prev_line:
print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \
beautyConsole.getSpecialChar("endline")
if prev_line:
print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \
beautyConsole.getSpecialChar("endline")
print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if next_line:
print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \
beautyConsole.getSpecialChar("endline")
if next_next_line:
print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \
beautyConsole.getSpecialChar("endline")
print "\n"
def main(src):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
print "-" * 14, " FILE: \33[33m%s\33[0m " % src, "-" * (
linelength - filenamelength - 21), "\n"
for _line in _file:
i += 1
__line = _line.strip()
for _fn in pefdefs.exploitableFunctions:
if _fn in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound)
for _kw in pefdefs.keywords:
if _kw.lower() in __line.lower():
total += 1
printcodeline(_line, i, _kw, beautyConsole.eKeyWordFound)
for _dp in pefdefs.fileInclude:
if _dp in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _dp + '()', beautyConsole.fiMsgFound)
for _global in pefdefs.globalVars:
if _global in __line:
total += 1
printcodeline(_line, i, _global,
beautyConsole.efMsgGlobalFound)
for _refl in pefdefs.reflectedProperties:
if _refl in __line:
total += 1
printcodeline(_line, i, _refl, beautyConsole.eReflFound)
if total < 1:
print beautyConsole.getColor("green") + \
"No exploitable functions found\n" + \
beautyConsole.getSpecialChar("endline")
else:
print beautyConsole.getColor("red") + \
"Found %d exploitable functions total\n" % (total) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def main(src):
"""
performs code analysis, line by line
"""
global PATTERNS_IDENTIFIED
global FILES_WITH_IDENTIFIED_PATTERNS
print_filename = True
_file = open(src, "r")
i = 0
patterns_found_in_file = 0
for _line in _file:
i += 1
__line = _line.strip()
for __pattern in PATTERNS:
__rex = re.compile(__pattern)
if __rex.match(__line):
if print_filename:
FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1
print "FILE: \33[33m{}\33[0m\n".format(src)
print_filename = False
patterns_found_in_file += 1
printcodeline(_line, i, __pattern,
' code pattern identified: ')
if patterns_found_in_file > 0:
PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file
print beautyConsole.getColor("red") + \
"Identified %d code pattern(s)\n" % (patterns_found_in_file) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def printcodeline(_line, i, _fn, _message):
"""
Formats and prints line of output
"""
print ":: line %d :: \33[33;1m%s\33[0m %s found " % (i, _fn, _message)
print beautyConsole.getColor(
"blue") + _line + beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, _message):
_fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[1:len(_fn)]
"""
Formats and prints line of output
"""
print ":: line %d :: \33[33;1m%s\33[0m %s " % (i, _fn, _message)
print beautyConsole.getColor("grey") + _line + \
beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, _message):
"""
Formats and prints line of output
"""
_fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)]
print ":: line %d :: \33[33;1m%s\33[0m %s " % (i, _fn, _message)
print beautyConsole.getColor("green") + '\n\t' + _line.lstrip() + \
beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, _message):
"""
Formats and prints line of output
"""
print ":: line %d :: \33[33;1m%s\33[0m %s found " % (i, _fn, _message)
if _fn and pefdefs.exploitableFunctionsDesc.has_key(_fn):
print "\t\t" + beautyConsole.getColor("white") + pefdefs.exploitableFunctionsDesc.get(_fn) + beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("grey") + _line + beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, prev_line="", next_line="", prev_prev_line="", next_next_line="", __severity={}, __verbose=False):
"""
Formats and prints line of output
"""
__impact_color = {
"low": "green",
"medium": "yellow",
"high": "red"
}
if __verbose == True:
print " line %d :: \33[33;1m%s\33[0m " % (i, _fn)
else:
print "{}line {} :: {}{} ".format(beautyConsole.getColor(
"white"), i, beautyConsole.getColor("grey"), _line.strip())
# print legend only if there i sentry in pefdocs.py
if _fn and _fn.strip() in pefdocs.exploitableFunctionsDesc.keys():
__impact = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[3]
__description = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[
0]
__syntax = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[1]
__vuln_class = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[2]
if __verbose == True:
print "\n {}{}{}".format(beautyConsole.getColor(
"white"), __description, beautyConsole.getSpecialChar("endline"))
print " {}{}{}".format(beautyConsole.getColor(
"grey"), __syntax, beautyConsole.getSpecialChar("endline"))
print " Potential impact: {}{}{}".format(beautyConsole.getColor(
__impact_color[__impact]), __vuln_class, beautyConsole.getSpecialChar("endline"))
if __impact not in __severity.keys():
__severity[__impact] = 1
else:
__severity[__impact] = __severity[__impact] + 1
if __verbose == True:
print "\n"
if prev_prev_line:
print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \
beautyConsole.getSpecialChar("endline")
if prev_line:
print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \
beautyConsole.getSpecialChar("endline")
print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if next_line:
print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \
beautyConsole.getSpecialChar("endline")
if next_next_line:
print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \
beautyConsole.getSpecialChar("endline")
print "\n"
def printcodeline(_line,
i,
_fn,
prev_line="",
next_line="",
prev_prev_line="",
next_next_line="",
__severity={}):
"""
Formats and prints line of output
"""
__impact_color = {"low": "green", "medium": "yellow", "high": "red"}
print ":: line %d :: \33[33;1m%s\33[0m " % (i, _fn)
# print legend only if there i sentry in pefdocs.py
if _fn and _fn.strip() in pefdocs.exploitableFunctionsDesc.keys():
__impact = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[3]
__description = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[0]
__syntax = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[1]
__vuln_class = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[2]
print "\n {}{}{}".format(beautyConsole.getColor("white"),
__description,
beautyConsole.getSpecialChar("endline"))
print " {}{}{}".format(beautyConsole.getColor("grey"), __syntax,
beautyConsole.getSpecialChar("endline"))
print " Potential impact: {}{}{}".format(
beautyConsole.getColor(__impact_color[__impact]), __vuln_class,
beautyConsole.getSpecialChar("endline"))
if __impact not in __severity.keys():
__severity[__impact] = 1
else:
__severity[__impact] = __severity[__impact] + 1
print "\n"
if prev_prev_line:
print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \
beautyConsole.getSpecialChar("endline")
if prev_line:
print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \
beautyConsole.getSpecialChar("endline")
print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if next_line:
print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \
beautyConsole.getSpecialChar("endline")
if next_next_line:
print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \
beautyConsole.getSpecialChar("endline")
print "\n"
def printcodeline(_line, i, _fn, _message, prev_line="", next_line="", prev_prev_line="", next_next_line=""):
"""
Formats and prints line of output
"""
print ":: line %d :: \33[33;1m%s\33[0m %s found " % (i, _fn, _message)
if _fn and pefdefs.exploitableFunctionsDesc.has_key(_fn):
print "\t\t" + beautyConsole.getColor("white") + pefdefs.exploitableFunctionsDesc.get(
_fn) + beautyConsole.getSpecialChar("endline")
print "\n"
if prev_prev_line:
print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \
beautyConsole.getSpecialChar("endline")
if prev_line:
print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \
beautyConsole.getSpecialChar("endline")
print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if next_line:
print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \
beautyConsole.getSpecialChar("endline")
if next_next_line:
print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \
beautyConsole.getSpecialChar("endline")
print "\n"
def perform_code_analysis(src, pattern="", verbose=False):
"""
performs code analysis, line by line
"""
global patterns
global patterns_identified
global files_with_identified_patterns
# if -P / --pattern is defined, overwrite patterns with user defined
# value(s)
if pattern:
patterns = [".*" + pattern]
print_filename = True
_file = open(src, "r")
_code = _file.readlines()
i = 0
patterns_found_in_file = 0
for _line in _code:
i += 1
__line = _line.strip()
for __pattern in patterns:
__rex = re.compile(__pattern)
if __rex.match(__line.replace(' ', '')):
if print_filename:
files_with_identified_patterns = files_with_identified_patterns + 1
print("FILE: \33[33m{}\33[0m\n".format(src))
print_filename = False
patterns_found_in_file += 1
printcodeline(_line, i, __pattern,
' code pattern identified: ', _code, verbose)
# URL searching
if identify_urls == True:
if url_regex.search(__line):
__url = url_regex.search(__line).group(0)
# show each unique URL only once
if __url not in urls:
printcodeline(__url, i, __url, ' URL found: ', _code,
verbose)
urls.append(__url)
if patterns_found_in_file > 0:
patterns_identified = patterns_identified + patterns_found_in_file
print(
beautyConsole.getColor("red") +
"\nIdentified %d code pattern(s)\n" % (patterns_found_in_file) +
beautyConsole.getSpecialChar("endline"))
print(beautyConsole.getColor("white") + "-" * 100)
def printcodeline(_line, i, _fn, _message, _code=[]):
"""
Formats and prints line of output
"""
_fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)]
print "\n:: line %d :: \33[33;1m%s\33[0m %s \n" % (i, _fn, _message)
if i > 3:
print str(i - 3) + ' ' + beautyConsole.getColor("grey") + _code[i-3].rstrip() + \
beautyConsole.getSpecialChar("endline")
if i > 2:
print str(i - 2) + ' ' + beautyConsole.getColor("grey") + _code[i-2].rstrip() + \
beautyConsole.getSpecialChar("endline")
print str(i) + ' ' + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if i < len(_code) - 1:
print str(i + 1) + ' ' + beautyConsole.getColor("grey") + _code[i+1].rstrip() + \
beautyConsole.getSpecialChar("endline")
if i < len(_code) - 2:
print str(i + 2) + ' ' + beautyConsole.getColor("grey") + _code[i+2].rstrip() + \
beautyConsole.getSpecialChar("endline")
def perform_code_analysis(src, pattern=""):
"""
performs code analysis, line by line
"""
global PATTERNS_IDENTIFIED
global FILES_WITH_IDENTIFIED_PATTERNS
global PATTERNS
# if -P / --pattern is defined, overwrite PATTERNS with user defined
# value(s)
if pattern:
PATTERNS = [".*" + pattern]
print_filename = True
_file = open(src, "r")
_code = _file.readlines()
i = 0
patterns_found_in_file = 0
for _line in _code:
i += 1
__line = _line.strip()
for __pattern in PATTERNS:
__rex = re.compile(__pattern)
if __rex.match(__line.replace(' ', '')):
if print_filename:
FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1
print "FILE: \33[33m{}\33[0m\n".format(src)
print_filename = False
patterns_found_in_file += 1
printcodeline(_line, i, __pattern,
' code pattern identified: ', _code)
# URL searching
if IDENTIFY_URLS == True:
if URL_REGEX.search(__line):
__url = URL_REGEX.search(__line).group(0)
# show each unique URL only once
if __url not in URLS:
printcodeline(__url, i, __url, ' URL found: ', _code)
URLS.append(__url)
if patterns_found_in_file > 0:
PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file
print beautyConsole.getColor("red") + \
"\nIdentified %d code pattern(s)\n" % (patterns_found_in_file) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def perform_code_analysis(src, pattern=""):
"""
performs code analysis, line by line
"""
global PATTERNS_IDENTIFIED
global FILES_WITH_IDENTIFIED_PATTERNS
global PATTERNS
# if -P / --pattern is defined, overwrite PATTERNS with user defined
# value(s)
if pattern:
PATTERNS = [".*" + pattern]
print_filename = True
_file = open(src, "r")
_code = _file.readlines()
i = 0
patterns_found_in_file = 0
for _line in _code:
i += 1
__line = _line.strip()
for __pattern in PATTERNS:
__rex = re.compile(__pattern)
if __rex.match(__line.replace(' ', '')):
if print_filename:
FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1
print "FILE: \33[33m{}\33[0m\n".format(src)
print_filename = False
patterns_found_in_file += 1
printcodeline(_line, i, __pattern,
' code pattern identified: ', _code)
# URL searching
if IDENTIFY_URLS == True:
if URL_REGEX.search(__line):
__url = URL_REGEX.search(__line).group(0)
# show each unique URL only once
if __url not in URLS:
printcodeline(__url, i, __url, ' URL found: ', _code)
URLS.append(__url)
if patterns_found_in_file > 0:
PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file
print beautyConsole.getColor("red") + \
"\nIdentified %d code pattern(s)\n" % (patterns_found_in_file) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def main(src, pattern=""):
"""
performs code analysis, line by line
"""
global PATTERNS_IDENTIFIED
global FILES_WITH_IDENTIFIED_PATTERNS
global PATTERNS
# if -P / --pattern is defined, overwrite PATTERNS with user defined
# value(s)
if pattern:
PATTERNS = [".*" + pattern]
print_filename = True
_file = open(src, "r")
i = 0
patterns_found_in_file = 0
for _line in _file:
i += 1
__line = _line.strip()
for __pattern in PATTERNS:
__rex = re.compile(__pattern)
if __rex.match(__line.replace(' ', '')):
if print_filename:
FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1
print "FILE: \33[33m{}\33[0m\n".format(src)
print_filename = False
patterns_found_in_file += 1
printcodeline(_line[0:120] + "...", i, __pattern,
' code pattern identified: ')
if patterns_found_in_file > 0:
PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file
print beautyConsole.getColor("red") + \
"Identified %d code pattern(s)\n" % (patterns_found_in_file) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def main(src, __severity, __verbose, __functions_only):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = _file.readlines()
header_printed = False
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
for _line in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
__line = _line.strip()
for _fn in pefdefs.exploitableFunctions:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
_fn = "{}".format(_fn)
_at_fn = "@{}".format(_fn)
# also, it has to checked agains @ at the beginning of the function name
# @ prevents from output being echoed
if _fn in __line or _at_fn in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _fn + (')' if '(' in _fn else ''), prev_line,
next_line, prev_prev_line, next_next_line, __severity, __verbose)
if __functions_only == False:
for _dp in pefdefs.fileInclude:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
_dp = " {}".format(_dp)
# remove spaces to allow detection eg. include( $_GET['something] )
if _dp in __line.replace(" ", ""):
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _dp + '()', prev_line, next_line,
prev_prev_line, next_next_line, __severity, __verbose)
for _global in pefdefs.globalVars:
if _global in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _global, prev_line, next_line,
prev_prev_line, next_next_line, __severity, __verbose)
for _refl in pefdefs.reflectedProperties:
if _refl in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _refl, prev_line, next_line,
prev_prev_line, next_next_line, __severity, __verbose)
if total < 1:
pass
else:
print beautyConsole.getColor("red") + \
"Found %d interesting entries\n" % (total) + \
beautyConsole.getSpecialChar("endline")
return total # return how many findings in current file
def main(src, __severity, __verbose, __functions_only):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = _file.readlines()
header_printed = False
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
for _line in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
__line = _line.strip()
for _fn in pefdefs.exploitableFunctions:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
_fn = " {}".format(_fn)
if _fn in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _fn + (')' if '(' in _fn else ''),
prev_line, next_line, prev_prev_line,
next_next_line, __severity, __verbose)
if __functions_only == False:
for _dp in pefdefs.fileInclude:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
_dp = " {}".format(_dp)
# remove spaces to allow detection eg. include( $_GET['something] )
if _dp in __line.replace(" ", ""):
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _dp + '()', prev_line, next_line,
prev_prev_line, next_next_line, __severity,
__verbose)
for _global in pefdefs.globalVars:
if _global in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _global, prev_line, next_line,
prev_prev_line, next_next_line, __severity,
__verbose)
for _refl in pefdefs.reflectedProperties:
if _refl in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _refl, prev_line, next_line,
prev_prev_line, next_next_line, __severity,
__verbose)
if total < 1:
pass
else:
print beautyConsole.getColor("red") + \
"Found %d exploitable function(s)\n" % (total) + \
beautyConsole.getSpecialChar("endline")
return total # return how many findings in current file
def main(src, severity, verbose=False, sql=False, critical=False):
"""
performs code analysis, line by line
"""
f = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = f.readlines()
header_printed = False
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
for l in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
line = l.rstrip()
if critical:
for fn in pefdefs.critical:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
atfn = "@{}".format(fn)
fn = " {}".format(fn)
# also, it has to checked agains @ at the beginning of the function name
# @ prevents from output being echoed
if fn in line or atfn in line:
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, fn + (')' if '(' in fn else ''),
prev_line, next_line, prev_prev_line,
next_next_line, severity, verbose)
else:
for fn in pefdefs.exploitableFunctions:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
atfn = "@{}".format(fn)
fn = " {}".format(fn)
# also, it has to checked agains @ at the beginning of the function name
# @ prevents from output being echoed
if fn in line or atfn in line:
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, fn + (')' if '(' in fn else ''),
prev_line, next_line, prev_prev_line,
next_next_line, severity, verbose)
if critical == False:
for dp in pefdefs.fileInclude:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
dp = " {}".format(dp)
# remove spaces to allow detection eg. include( $_GET['something] )
if dp in line.replace(" ", ""):
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, dp + '()', prev_line, next_line,
prev_prev_line, next_next_line,
severity, verbose)
for globalvars in pefdefs.globalVars:
if globalvars in line:
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, globalvars, prev_line,
next_line, prev_prev_line,
next_next_line, severity, verbose)
for refl in pefdefs.reflectedProperties:
if refl in line:
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, refl, prev_line, next_line,
prev_prev_line, next_next_line,
severity, verbose)
if sql == True:
for refl in pefdefs.otherPatterns:
p = re.compile(refl)
if p.search(l):
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, refl, prev_line, next_line,
prev_prev_line, next_next_line,
severity, verbose)
if total < 1:
pass
else:
print beautyConsole.getColor("red") + \
"Found %d interesting entries\n" % (total) + \
beautyConsole.getSpecialChar("endline")
return total # return how many findings in current file
def main(self, src):
"""
main engine loop
"""
f = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = f.readlines()
self.header_printed = False
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
for l in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
line = l.rstrip()
if self.critical:
for fn in pefdefs.critical:
total = self.analyse_line(l, i, fn, f, line, prev_line,
next_line, prev_prev_line,
next_next_line, verbose, total)
else:
for fn in (self.pattern
if self.pattern else pefdefs.exploitableFunctions):
total = self.analyse_line(l, i, fn, f, line, prev_line,
next_line, prev_prev_line,
next_next_line, verbose, total)
if self.critical == False and not self.pattern:
for dp in pefdefs.fileInclude:
total = self.analyse_line(l, i, dp, f, line, prev_line,
next_line, prev_prev_line,
next_next_line, verbose, total)
for globalvars in pefdefs.globalVars:
total = self.analyse_line(l, i, globalvars, f, line,
prev_line, next_line,
prev_prev_line, next_next_line,
verbose, total)
for refl in pefdefs.reflectedProperties:
total = self.analyse_line(l, i, refl, f, line, prev_line,
next_line, prev_prev_line,
next_next_line, verbose, total)
if sql == True:
for refl in pefdefs.otherPatterns:
total = self.analyse_line(l, i, refl, f, line,
prev_line, next_line,
prev_prev_line,
next_next_line, verbose,
total)
if total < 1:
pass
else:
print(
beautyConsole.getColor("red") +
"Found %d interesting entries\n" % (total) +
beautyConsole.getSpecialChar("endline"))
return total # return how many findings in current file
def main(src):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = _file.readlines()
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
print "FILE: \33[33m%s\33[0m " % os.path.realpath(_file.name), "\n"
for _line in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
__line = _line.strip()
for _fn in pefdefs.exploitableFunctions:
if _fn in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _fn + ')',
beautyConsole.efMsgFound, prev_line, next_line, prev_prev_line, next_next_line)
for _dp in pefdefs.fileInclude:
if _dp in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _dp + '()',
beautyConsole.fiMsgFound, prev_line, next_line, prev_prev_line, next_next_line)
for _global in pefdefs.globalVars:
if _global in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _global,
beautyConsole.efMsgGlobalFound, prev_line, next_line, prev_prev_line, next_next_line)
for _refl in pefdefs.reflectedProperties:
if _refl in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _refl,
beautyConsole.eReflFound, prev_line, next_line, prev_prev_line, next_next_line)
if total < 1:
print beautyConsole.getColor("green") + \
"No exploitable functions found" + \
beautyConsole.getSpecialChar("endline")
else:
print beautyConsole.getColor("red") + \
"Found %d exploitable function(s)\n" % (total) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100