def show_banner(): """ Prints welcome banner with contact info """ print beautyConsole.getColor("cyan") print BANNER print beautyConsole.getColor("white")
def banner(): """ Prints welcome banner with contact info """ print beautyConsole.getColor("green") + "\n\n", "-" * 100 print "-" * 6, " PEF | PHP Exploitable Functions scanner", " " * 35, "-" * 16 print "-" * 6, " GitHub: bl4de | Twitter: @_bl4de | [email protected] ", " " * 22, "-" * 16 print "-" * 100, "\33[0m\n"
def printcodeline(_line, i, _fn, prev_line="", next_line="", prev_prev_line="", next_next_line="", __severity={}, __verbose=False): """ Formats and prints line of output """ __impact_color = { "low": "green", "medium": "yellow", "high": "red" } if __verbose == True: print " line %d :: \33[33;1m%s\33[0m " % (i, _fn) else: print "{}line {} :: {}{} ".format(beautyConsole.getColor( "white"), i, beautyConsole.getColor("grey"), _line.strip()) # print legend only if there i sentry in pefdocs.py if _fn and _fn.strip() in pefdocs.exploitableFunctionsDesc.keys(): __impact = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[3] __description = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[ 0] __syntax = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[1] __vuln_class = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[2] if __verbose == True: print "\n {}{}{}".format(beautyConsole.getColor( "white"), __description, beautyConsole.getSpecialChar("endline")) print " {}{}{}".format(beautyConsole.getColor( "grey"), __syntax, beautyConsole.getSpecialChar("endline")) print " Potential impact: {}{}{}".format(beautyConsole.getColor( __impact_color[__impact]), __vuln_class, beautyConsole.getSpecialChar("endline")) if __impact not in __severity.keys(): __severity[__impact] = 1 else: __severity[__impact] = __severity[__impact] + 1 if __verbose == True: print "\n" if prev_prev_line: print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \ beautyConsole.getSpecialChar("endline") if prev_line: print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \ beautyConsole.getSpecialChar("endline") print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if next_line: print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \ beautyConsole.getSpecialChar("endline") if next_next_line: print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \ beautyConsole.getSpecialChar("endline") print "\n"
def perform_code_analysis(src, pattern=""): """ performs code analysis, line by line """ global PATTERNS_IDENTIFIED global FILES_WITH_IDENTIFIED_PATTERNS global PATTERNS # if -P / --pattern is defined, overwrite PATTERNS with user defined # value(s) if pattern: PATTERNS = [".*" + pattern] print_filename = True _file = open(src, "r") _code = _file.readlines() i = 0 patterns_found_in_file = 0 for _line in _code: i += 1 __line = _line.strip() for __pattern in PATTERNS: __rex = re.compile(__pattern) if __rex.match(__line.replace(' ', '')): if print_filename: FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1 print "FILE: \33[33m{}\33[0m\n".format(src) print_filename = False patterns_found_in_file += 1 printcodeline(_line, i, __pattern, ' code pattern identified: ', _code) # URL searching if IDENTIFY_URLS == True: if URL_REGEX.search(__line): __url = URL_REGEX.search(__line).group(0) # show each unique URL only once if __url not in URLS: printcodeline(__url, i, __url, ' URL found: ', _code) URLS.append(__url) if patterns_found_in_file > 0: PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file print beautyConsole.getColor("red") + \ "\nIdentified %d code pattern(s)\n" % (patterns_found_in_file) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def perform_code_analysis(src, pattern=""): """ performs code analysis, line by line """ global PATTERNS_IDENTIFIED global FILES_WITH_IDENTIFIED_PATTERNS global PATTERNS # if -P / --pattern is defined, overwrite PATTERNS with user defined # value(s) if pattern: PATTERNS = [".*" + pattern] print_filename = True _file = open(src, "r") i = 0 patterns_found_in_file = 0 for _line in _file: i += 1 __line = _line.strip() for __pattern in PATTERNS: __rex = re.compile(__pattern) if __rex.match(__line.replace(' ', '')): if print_filename: FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1 print "FILE: \33[33m{}\33[0m\n".format(src) print_filename = False patterns_found_in_file += 1 printcodeline(_line[0:120] + "...", i, __pattern, ' code pattern identified: ') # URL searching if IDENTIFY_URLS == True: if URL_REGEX.search(__line): __url = URL_REGEX.search(__line).group(0) # show each unique URL only once if __url not in URLS: printcodeline(__url, i, __url, ' URL found: ') URLS.append(__url) if patterns_found_in_file > 0: PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file print beautyConsole.getColor("red") + \ "Identified %d code pattern(s)\n" % (patterns_found_in_file) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def header_print(self, file_name, header_print): """ prints file header """ if self.header_printed == False: print(beautyConsole.getColor("white") + "-" * 100) print("FILE: \33[33m%s\33[0m " % os.path.realpath(file_name), "\n") self.header_printed = True return self.header_printed
def banner(): """ Prints welcome banner with contact info """ print(beautyConsole.getColor("green") + "\n\n", "-" * 100) print("-" * 6, " PEF | PHP Exploitable Functions scanner", " " * 35, "-" * 16) print("-" * 6, " GitHub: bl4de | Twitter: @_bl4de | [email protected] ", " " * 22, "-" * 16) print("-" * 100, "\33[0m\n")
def printcodeline(_line, i, _fn, prev_line="", next_line="", prev_prev_line="", next_next_line="", __severity={}): """ Formats and prints line of output """ __impact_color = {"low": "green", "medium": "yellow", "high": "red"} print ":: line %d :: \33[33;1m%s\33[0m " % (i, _fn) # print legend only if there i sentry in pefdocs.py if _fn and _fn.strip() in pefdocs.exploitableFunctionsDesc.keys(): __impact = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[3] __description = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[0] __syntax = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[1] __vuln_class = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[2] print "\n {}{}{}".format(beautyConsole.getColor("white"), __description, beautyConsole.getSpecialChar("endline")) print " {}{}{}".format(beautyConsole.getColor("grey"), __syntax, beautyConsole.getSpecialChar("endline")) print " Potential impact: {}{}{}".format( beautyConsole.getColor(__impact_color[__impact]), __vuln_class, beautyConsole.getSpecialChar("endline")) if __impact not in __severity.keys(): __severity[__impact] = 1 else: __severity[__impact] = __severity[__impact] + 1 print "\n" if prev_prev_line: print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \ beautyConsole.getSpecialChar("endline") if prev_line: print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \ beautyConsole.getSpecialChar("endline") print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if next_line: print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \ beautyConsole.getSpecialChar("endline") if next_next_line: print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \ beautyConsole.getSpecialChar("endline") print "\n"
def printcodeline(_line, i, _fn, _message, prev_line="", next_line="", prev_prev_line="", next_next_line=""): """ Formats and prints line of output """ print ":: line %d :: \33[33;1m%s\33[0m %s found " % (i, _fn, _message) if _fn and pefdefs.exploitableFunctionsDesc.has_key(_fn): print "\t\t" + beautyConsole.getColor("white") + pefdefs.exploitableFunctionsDesc.get( _fn) + beautyConsole.getSpecialChar("endline") print "\n" if prev_prev_line: print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \ beautyConsole.getSpecialChar("endline") if prev_line: print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \ beautyConsole.getSpecialChar("endline") print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if next_line: print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \ beautyConsole.getSpecialChar("endline") if next_next_line: print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \ beautyConsole.getSpecialChar("endline") print "\n"
def run(self): """ runs scanning """ if self.recursive: for root, subdirs, files in os.walk(self.filename): for f in files: self.scanned_files = self.scanned_files + 1 res = self.main(os.path.join(root, f)) self.found_entries = self.found_entries + res else: self.scanned_files = self.scanned_files + 1 self.found_entries = self.main(self.filename) print(beautyConsole.getColor("white") + "-" * 100) print(beautyConsole.getColor("green")) print("\n>>> {} file(s) scanned".format(self.scanned_files)) if self.found_entries > 0: print("{}>>> {} interesting entries found\n".format( beautyConsole.getColor("red"), self.found_entries)) else: print(" No interesting entries found :( \n") print("{}==> {}:\t {}".format(beautyConsole.getColor("red"), "HIGH", self.severity.get("high"))) print("{}==> {}:\t {}".format(beautyConsole.getColor("yellow"), "MEDIUM", self.severity.get("medium"))) print("{}==> {}:\t {}".format(beautyConsole.getColor("green"), "LOW", self.severity.get("low"))) print("\n")
def main(src): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 print "-" * 14, " FILE: \33[33m%s\33[0m " % src, "-" * ( linelength - filenamelength - 21), "\n" for _line in _file: i += 1 __line = _line.strip() for _fn in PATTERNS: if _fn in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound) if total < 1: print beautyConsole.getColor("green") + \ "No dangerous functions found\n" + \ beautyConsole.getSpecialChar("endline") else: print beautyConsole.getColor("red") + \ "Found %d dangerous functions total\n" % (total) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def main(src, pattern=""): """ performs code analysis, line by line """ global PATTERNS_IDENTIFIED global FILES_WITH_IDENTIFIED_PATTERNS global PATTERNS # if -P / --pattern is defined, overwrite PATTERNS with user defined # value(s) if pattern: PATTERNS = [".*" + pattern] print_filename = True _file = open(src, "r") i = 0 patterns_found_in_file = 0 for _line in _file: i += 1 __line = _line.strip() for __pattern in PATTERNS: __rex = re.compile(__pattern) if __rex.match(__line.replace(' ', '')): if print_filename: FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1 print "FILE: \33[33m{}\33[0m\n".format(src) print_filename = False patterns_found_in_file += 1 printcodeline(_line[0:120] + "...", i, __pattern, ' code pattern identified: ') if patterns_found_in_file > 0: PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file print beautyConsole.getColor("red") + \ "Identified %d code pattern(s)\n" % (patterns_found_in_file) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def printcodeline(_line, i, _fn, _message, _code=[]): """ Formats and prints line of output """ _fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)] print "\n:: line %d :: \33[33;1m%s\33[0m %s \n" % (i, _fn, _message) if i > 3: print str(i - 3) + ' ' + beautyConsole.getColor("grey") + _code[i-3].rstrip() + \ beautyConsole.getSpecialChar("endline") if i > 2: print str(i - 2) + ' ' + beautyConsole.getColor("grey") + _code[i-2].rstrip() + \ beautyConsole.getSpecialChar("endline") print str(i) + ' ' + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if i < len(_code) - 1: print str(i + 1) + ' ' + beautyConsole.getColor("grey") + _code[i+1].rstrip() + \ beautyConsole.getSpecialChar("endline") if i < len(_code) - 2: print str(i + 2) + ' ' + beautyConsole.getColor("grey") + _code[i+2].rstrip() + \ beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, _message, _code=[]): """ Formats and prints line of output """ _fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)] print "\n:: line %d :: \33[33;1m%s\33[0m %s \n" % (i, _fn, _message) if i > 3: print str(i - 3) + ' ' + beautyConsole.getColor("grey") + _code[i-3].rstrip() + \ beautyConsole.getSpecialChar("endline") if i > 2: print str(i - 2) + ' ' + beautyConsole.getColor("grey") + _code[i-2].rstrip() + \ beautyConsole.getSpecialChar("endline") print str(i) + ' ' + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if i < len(_code) - 1: print str(i + 1) + ' ' + beautyConsole.getColor("grey") + _code[i+1].rstrip() + \ beautyConsole.getSpecialChar("endline") if i < len(_code) - 2: print str(i + 2) + ' ' + beautyConsole.getColor("grey") + _code[i+2].rstrip() + \ beautyConsole.getSpecialChar("endline")
def main(src): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 print "-" * 14, " FILE: \33[33m%s\33[0m " % src, "-" * ( linelength - filenamelength - 21), "\n" for _line in _file: i += 1 __line = _line.strip() for _fn in pefdefs.exploitableFunctions: if _fn in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound) for _kw in pefdefs.keywords: if _kw.lower() in __line.lower(): total += 1 printcodeline(_line, i, _kw, beautyConsole.eKeyWordFound) for _dp in pefdefs.fileInclude: if _dp in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _dp + '()', beautyConsole.fiMsgFound) for _global in pefdefs.globalVars: if _global in __line: total += 1 printcodeline(_line, i, _global, beautyConsole.efMsgGlobalFound) for _refl in pefdefs.reflectedProperties: if _refl in __line: total += 1 printcodeline(_line, i, _refl, beautyConsole.eReflFound) if total < 1: print beautyConsole.getColor("green") + \ "No exploitable functions found\n" + \ beautyConsole.getSpecialChar("endline") else: print beautyConsole.getColor("red") + \ "Found %d exploitable functions total\n" % (total) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def decorate_varname(var_name): return beautyConsole.getColor("red") + var_name + beautyConsole.getColor("white")
def decorate_source(src_line): return beautyConsole.getColor("yellow") + src_line + beautyConsole.getColor("white")
if args.recursive: for subdir, dirs, files in os.walk(base_path): if not include: if not True in [e in subdir for e in exclude]: process_files(subdir, files, pattern, verbose) else: if True in [i in subdir for i in include]: process_files(subdir, files, pattern, verbose) else: # process only single file s_filename = args.filename if s_filename[-3:] == '.js': perform_code_analysis(s_filename, pattern, verbose) total_files = total_files + 1 except Exception as ex: print("{}An exception occured: {}\n\n".format( beautyConsole.getColor("red"), ex)) exit(1) print(beautyConsole.getColor("cyan")) print(" {} file(s) scanned in total".format(total_files)) if patterns_identified > 0: print(beautyConsole.getColor("red")) print("Identified {} code pattern(s) in {} file(s)".format( patterns_identified, files_with_identified_patterns)) else: print(beautyConsole.getColor("green"), "No code pattern identified") print(beautyConsole.getColor("white"))
def decorate_varname(var_name): return beautyConsole.getColor("red") + var_name + beautyConsole.getColor("white")
def decorate_source(src_line): return beautyConsole.getColor("yellow") + src_line + beautyConsole.getColor("white")
def main(self, src): """ main engine loop """ f = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = f.readlines() self.header_printed = False prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" for l in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 line = l.rstrip() if self.critical: for fn in pefdefs.critical: total = self.analyse_line(l, i, fn, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) else: for fn in (self.pattern if self.pattern else pefdefs.exploitableFunctions): total = self.analyse_line(l, i, fn, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) if self.critical == False and not self.pattern: for dp in pefdefs.fileInclude: total = self.analyse_line(l, i, dp, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) for globalvars in pefdefs.globalVars: total = self.analyse_line(l, i, globalvars, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) for refl in pefdefs.reflectedProperties: total = self.analyse_line(l, i, refl, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) if sql == True: for refl in pefdefs.otherPatterns: total = self.analyse_line(l, i, refl, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) if total < 1: pass else: print( beautyConsole.getColor("red") + "Found %d interesting entries\n" % (total) + beautyConsole.getSpecialChar("endline")) return total # return how many findings in current file
def main(src): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = _file.readlines() prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" print "FILE: \33[33m%s\33[0m " % os.path.realpath(_file.name), "\n" for _line in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 __line = _line.strip() for _fn in pefdefs.exploitableFunctions: if _fn in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound, prev_line, next_line, prev_prev_line, next_next_line) for _dp in pefdefs.fileInclude: if _dp in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _dp + '()', beautyConsole.fiMsgFound, prev_line, next_line, prev_prev_line, next_next_line) for _global in pefdefs.globalVars: if _global in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _global, beautyConsole.efMsgGlobalFound, prev_line, next_line, prev_prev_line, next_next_line) for _refl in pefdefs.reflectedProperties: if _refl in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _refl, beautyConsole.eReflFound, prev_line, next_line, prev_prev_line, next_next_line) if total < 1: print beautyConsole.getColor("green") + \ "No exploitable functions found" + \ beautyConsole.getSpecialChar("endline") else: print beautyConsole.getColor("red") + \ "Found %d exploitable function(s)\n" % (total) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def main(src, severity, verbose=False, sql=False, critical=False): """ performs code analysis, line by line """ f = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = f.readlines() header_printed = False prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" for l in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 line = l.rstrip() if critical: for fn in pefdefs.critical: # there has to be space before function call; prevents from false-positives strings contains PHP function names atfn = "@{}".format(fn) fn = " {}".format(fn) # also, it has to checked agains @ at the beginning of the function name # @ prevents from output being echoed if fn in line or atfn in line: header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, fn + (')' if '(' in fn else ''), prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) else: for fn in pefdefs.exploitableFunctions: # there has to be space before function call; prevents from false-positives strings contains PHP function names atfn = "@{}".format(fn) fn = " {}".format(fn) # also, it has to checked agains @ at the beginning of the function name # @ prevents from output being echoed if fn in line or atfn in line: header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, fn + (')' if '(' in fn else ''), prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) if critical == False: for dp in pefdefs.fileInclude: # there has to be space before function call; prevents from false-positives strings contains PHP function names dp = " {}".format(dp) # remove spaces to allow detection eg. include( $_GET['something] ) if dp in line.replace(" ", ""): header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, dp + '()', prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) for globalvars in pefdefs.globalVars: if globalvars in line: header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, globalvars, prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) for refl in pefdefs.reflectedProperties: if refl in line: header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, refl, prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) if sql == True: for refl in pefdefs.otherPatterns: p = re.compile(refl) if p.search(l): header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, refl, prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) if total < 1: pass else: print beautyConsole.getColor("red") + \ "Found %d interesting entries\n" % (total) + \ beautyConsole.getSpecialChar("endline") return total # return how many findings in current file
def print_code_line(self, _line, i, fn, prev_line="", next_line="", prev_prev_line="", next_next_line="", severity={}, verbose=False): """ prints formatted code line """ impact_color = {"low": "green", "medium": "yellow", "high": "red"} if verbose == True: print " line %d :: \33[33;1m%s\33[0m " % (i, fn) else: print "{}line {} :: {}{} ".format(beautyConsole.getColor("white"), i, beautyConsole.getColor("grey"), _line.strip()) # print legend only if there i sentry in pefdocs.py if fn and fn.strip() in pefdocs.exploitableFunctionsDesc.keys(): impact = pefdocs.exploitableFunctionsDesc.get(fn.strip())[3] description = pefdocs.exploitableFunctionsDesc.get(fn.strip())[0] syntax = pefdocs.exploitableFunctionsDesc.get(fn.strip())[1] vuln_class = pefdocs.exploitableFunctionsDesc.get(fn.strip())[2] if verbose == True: print "\n {}{}{}".format( beautyConsole.getColor("white"), description, beautyConsole.getSpecialChar("endline")) print " {}{}{}".format( beautyConsole.getColor("grey"), syntax, beautyConsole.getSpecialChar("endline")) print " Potential impact: {}{}{}".format( beautyConsole.getColor(impact_color[impact]), vuln_class, beautyConsole.getSpecialChar("endline")) if impact not in severity.keys(): severity[impact] = 1 else: severity[impact] = severity[impact] + 1 if verbose == True: print "\n" if prev_prev_line: print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \ beautyConsole.getSpecialChar("endline") if prev_line: print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \ beautyConsole.getSpecialChar("endline") print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if next_line: print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \ beautyConsole.getSpecialChar("endline") if next_next_line: print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \ beautyConsole.getSpecialChar("endline") print "\n" return
found_entries = 0 severity = {"high": 0, "medium": 0, "low": 0} if args.recursive: for root, subdirs, files in os.walk(filename): for f in files: scanned_files = scanned_files + 1 res = main(os.path.join(root, f), severity, verbose, sql, critical) found_entries = found_entries + res else: scanned_files = scanned_files + 1 found_entries = main(filename, severity) print beautyConsole.getColor("white") + "-" * 100 print beautyConsole.getColor("green") print "\n>>> {} file(s) scanned".format(scanned_files) if found_entries > 0: print "{}>>> {} interesting entries found\n".format( beautyConsole.getColor("red"), found_entries) else: print " No interesting entries found :( \n" print "{}==> {}:\t {}".format(beautyConsole.getColor("red"), "HIGH", severity.get("high")) print "{}==> {}:\t {}".format(beautyConsole.getColor("yellow"), "MEDIUM", severity.get("medium")) print "{}==> {}:\t {}".format(beautyConsole.getColor("green"), "LOW", severity.get("low"))
def header_print(file_name, header_printed): if header_printed == False: print beautyConsole.getColor("white") + "-" * 100 print "FILE: \33[33m%s\33[0m " % os.path.realpath(file_name), "\n" header_printed = True return header_printed
def main(src, __severity, __verbose, __functions_only): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = _file.readlines() header_printed = False prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" for _line in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 __line = _line.strip() for _fn in pefdefs.exploitableFunctions: # there has to be space before function call; prevents from false-positives strings contains PHP function names _fn = " {}".format(_fn) if _fn in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _fn + (')' if '(' in _fn else ''), prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) if __functions_only == False: for _dp in pefdefs.fileInclude: # there has to be space before function call; prevents from false-positives strings contains PHP function names _dp = " {}".format(_dp) # remove spaces to allow detection eg. include( $_GET['something] ) if _dp in __line.replace(" ", ""): header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _dp + '()', prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) for _global in pefdefs.globalVars: if _global in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _global, prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) for _refl in pefdefs.reflectedProperties: if _refl in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _refl, prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) if total < 1: pass else: print beautyConsole.getColor("red") + \ "Found %d exploitable function(s)\n" % (total) + \ beautyConsole.getSpecialChar("endline") return total # return how many findings in current file
if not INCLUDE: if not True in [e in subdir for e in EXCLUDE]: process_files(subdir, files, PATTERN) else: if True in [i in subdir for i in INCLUDE]: process_files(subdir, files, PATTERN) else: # process only single file S_FILENAME = ARGS.filename if (S_FILENAME[-3:] not in EXTENSIONS_TO_IGNORE and S_FILENAME[-2:] not in EXTENSIONS_TO_IGNORE and S_FILENAME[-7:] not in MINIFIED_EXT): perform_code_analysis(S_FILENAME, PATTERN) TOTAL_FILES = TOTAL_FILES + 1 except Exception as ex: print beautyConsole.getColor( "red"), "An exception occured: {}\n\n".format(ex) exit(1) print beautyConsole.getColor("cyan") print " {} file(s) scanned in total".format(TOTAL_FILES) if PATTERNS_IDENTIFIED > 0: print beautyConsole.getColor("red") print "Identified {} code pattern(s) in {} file(s)".format( PATTERNS_IDENTIFIED, FILES_WITH_IDENTIFIED_PATTERNS) else: print beautyConsole.getColor( "green"), "No code pattern identified" print beautyConsole.getColor("white")
def main(src, __severity, __verbose, __functions_only): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = _file.readlines() header_printed = False prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" for _line in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 __line = _line.strip() for _fn in pefdefs.exploitableFunctions: # there has to be space before function call; prevents from false-positives strings contains PHP function names _fn = "{}".format(_fn) _at_fn = "@{}".format(_fn) # also, it has to checked agains @ at the beginning of the function name # @ prevents from output being echoed if _fn in __line or _at_fn in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _fn + (')' if '(' in _fn else ''), prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) if __functions_only == False: for _dp in pefdefs.fileInclude: # there has to be space before function call; prevents from false-positives strings contains PHP function names _dp = " {}".format(_dp) # remove spaces to allow detection eg. include( $_GET['something] ) if _dp in __line.replace(" ", ""): header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _dp + '()', prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) for _global in pefdefs.globalVars: if _global in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _global, prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) for _refl in pefdefs.reflectedProperties: if _refl in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _refl, prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) if total < 1: pass else: print beautyConsole.getColor("red") + \ "Found %d interesting entries\n" % (total) + \ beautyConsole.getSpecialChar("endline") return total # return how many findings in current file
if not '/node_modules/' in subdir or ('/node_modules/' in subdir and SKIP_NODE_MODULES == False): if (SKIP_TEST_FILES == False): main(FILENAME) TOTAL_FILES = TOTAL_FILES + 1 else: if __file not in TEST_FILES and "/test" not in FILENAME and "/tests" not in FILENAME: main(FILENAME) TOTAL_FILES = TOTAL_FILES + 1 else: FILENAME = args.filename if (FILENAME[-3:] not in EXTENSIONS_TO_IGNORE and FILENAME[-2:] not in EXTENSIONS_TO_IGNORE and FILENAME[-7:] not in MINIFIED_EXT): main(FILENAME) TOTAL_FILES = TOTAL_FILES + 1 except Exception as ex: print beautyConsole.getColor("red"), "An exception occured: {}\n\n".format(ex) exit(1) print beautyConsole.getColor("cyan") print " {} file(s) scanned in total".format(TOTAL_FILES) if PATTERNS_IDENTIFIED > 0: print beautyConsole.getColor("red") print "Identified {} code pattern(s) in {} file(s)".format(PATTERNS_IDENTIFIED, FILES_WITH_IDENTIFIED_PATTERNS) else: print beautyConsole.getColor( "green"), "No code pattern identified" print beautyConsole.getColor("white")
"medium": 0, "low": 0 } if args.recursive: for root, subdirs, files in os.walk(__filename): for f in files: __scanned_files = __scanned_files + 1 res = main(os.path.join(root, f), __severity, __verbose, __sql, __critical) __found_entries = __found_entries + res else: __scanned_files = __scanned_files + 1 __found_entries = main(__filename, __severity) print beautyConsole.getColor("white") + "-" * 100 print beautyConsole.getColor("green") print "\n>>> {} file(s) scanned".format(__scanned_files) if __found_entries > 0: print "{}>>> {} interesting entries found\n".format( beautyConsole.getColor("red"), __found_entries) else: print " No interesting entries found :( \n" print "{}==> {}:\t {}".format( beautyConsole.getColor("red"), "HIGH", __severity.get("high")) print "{}==> {}:\t {}".format(beautyConsole.getColor( "yellow"), "MEDIUM", __severity.get("medium")) print "{}==> {}:\t {}".format(beautyConsole.getColor( "green"), "LOW", __severity.get("low"))
def header_print(file_name, header_printed): if header_printed == False: print beautyConsole.getColor("white") + "-" * 100 print "FILE: \33[33m%s\33[0m " % os.path.realpath(file_name), "\n" header_printed = True return header_printed
"medium": 0, "low": 0 } if args.recursive: for root, subdirs, files in os.walk(__filename): for f in files: __scanned_files = __scanned_files + 1 res = main(os.path.join(root, f), __severity, __verbose, __functions_only) __found_entries = __found_entries + res else: __scanned_files = __scanned_files + 1 __found_entries = main(__filename, __severity) print beautyConsole.getColor("white") + "-" * 100 print beautyConsole.getColor("green") print "\n>>> {} file(s) scanned".format(__scanned_files) if __found_entries > 0: print "{}>>> {} interesting entries found\n".format( beautyConsole.getColor("red"), __found_entries) else: print " No interesting entries found :( \n" print "{}==> {}:\t {}".format( beautyConsole.getColor("red"), "HIGH", __severity.get("high")) print "{}==> {}:\t {}".format(beautyConsole.getColor( "yellow"), "MEDIUM", __severity.get("medium")) print "{}==> {}:\t {}".format(beautyConsole.getColor( "green"), "LOW", __severity.get("low"))