def printcodeline(_line, i, _fn, _message, _code, verbose): """ Formats and prints line of output """ _fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)] print(":: line %d :: \33[33;1m%s\33[0m %s " % (i, _fn, _message)) if verbose: if i > 3: print( str(i - 3) + ' ' + beautyConsole.getColor("grey") + _code[i - 3].rstrip() + beautyConsole.getSpecialChar("endline")) if i > 2: print( str(i - 2) + ' ' + beautyConsole.getColor("grey") + _code[i - 2].rstrip() + beautyConsole.getSpecialChar("endline")) print( str(i) + ' ' + beautyConsole.getColor("green") + _line.rstrip() + beautyConsole.getSpecialChar("endline")) if i < len(_code) - 1: print( str(i + 1) + ' ' + beautyConsole.getColor("grey") + _code[i + 1].rstrip() + beautyConsole.getSpecialChar("endline")) if i < len(_code) - 2: print( str(i + 2) + ' ' + beautyConsole.getColor("grey") + _code[i + 2].rstrip() + beautyConsole.getSpecialChar("endline"))
def main(src): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 print "-" * 14, " FILE: \33[33m%s\33[0m " % src, "-" * ( linelength - filenamelength - 21), "\n" for _line in _file: i += 1 __line = _line.strip() for _fn in PATTERNS: if _fn in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound) if total < 1: print beautyConsole.getColor("green") + \ "No dangerous functions found\n" + \ beautyConsole.getSpecialChar("endline") else: print beautyConsole.getColor("red") + \ "Found %d dangerous functions total\n" % (total) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def printcodeline(_line, i, fn, prev_line="", next_line="", prev_prev_line="", next_next_line="", severity={}, verbose=False): """ Formats and prints line of output """ impact_color = {"low": "green", "medium": "yellow", "high": "red"} if verbose == True: print " line %d :: \33[33;1m%s\33[0m " % (i, fn) else: print "{}line {} :: {}{} ".format(beautyConsole.getColor("white"), i, beautyConsole.getColor("grey"), _line.strip()) # print legend only if there i sentry in pefdocs.py if fn and fn.strip() in pefdocs.exploitableFunctionsDesc.keys(): impact = pefdocs.exploitableFunctionsDesc.get(fn.strip())[3] description = pefdocs.exploitableFunctionsDesc.get(fn.strip())[0] syntax = pefdocs.exploitableFunctionsDesc.get(fn.strip())[1] vuln_class = pefdocs.exploitableFunctionsDesc.get(fn.strip())[2] if verbose == True: print "\n {}{}{}".format(beautyConsole.getColor("white"), description, beautyConsole.getSpecialChar("endline")) print " {}{}{}".format(beautyConsole.getColor("grey"), syntax, beautyConsole.getSpecialChar("endline")) print " Potential impact: {}{}{}".format( beautyConsole.getColor(impact_color[impact]), vuln_class, beautyConsole.getSpecialChar("endline")) if impact not in severity.keys(): severity[impact] = 1 else: severity[impact] = severity[impact] + 1 if verbose == True: print "\n" if prev_prev_line: print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \ beautyConsole.getSpecialChar("endline") if prev_line: print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \ beautyConsole.getSpecialChar("endline") print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if next_line: print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \ beautyConsole.getSpecialChar("endline") if next_next_line: print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \ beautyConsole.getSpecialChar("endline") print "\n"
def main(src): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 print "-" * 14, " FILE: \33[33m%s\33[0m " % src, "-" * ( linelength - filenamelength - 21), "\n" for _line in _file: i += 1 __line = _line.strip() for _fn in pefdefs.exploitableFunctions: if _fn in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound) for _kw in pefdefs.keywords: if _kw.lower() in __line.lower(): total += 1 printcodeline(_line, i, _kw, beautyConsole.eKeyWordFound) for _dp in pefdefs.fileInclude: if _dp in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _dp + '()', beautyConsole.fiMsgFound) for _global in pefdefs.globalVars: if _global in __line: total += 1 printcodeline(_line, i, _global, beautyConsole.efMsgGlobalFound) for _refl in pefdefs.reflectedProperties: if _refl in __line: total += 1 printcodeline(_line, i, _refl, beautyConsole.eReflFound) if total < 1: print beautyConsole.getColor("green") + \ "No exploitable functions found\n" + \ beautyConsole.getSpecialChar("endline") else: print beautyConsole.getColor("red") + \ "Found %d exploitable functions total\n" % (total) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def main(src): """ performs code analysis, line by line """ global PATTERNS_IDENTIFIED global FILES_WITH_IDENTIFIED_PATTERNS print_filename = True _file = open(src, "r") i = 0 patterns_found_in_file = 0 for _line in _file: i += 1 __line = _line.strip() for __pattern in PATTERNS: __rex = re.compile(__pattern) if __rex.match(__line): if print_filename: FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1 print "FILE: \33[33m{}\33[0m\n".format(src) print_filename = False patterns_found_in_file += 1 printcodeline(_line, i, __pattern, ' code pattern identified: ') if patterns_found_in_file > 0: PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file print beautyConsole.getColor("red") + \ "Identified %d code pattern(s)\n" % (patterns_found_in_file) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def printcodeline(_line, i, _fn, _message): """ Formats and prints line of output """ print ":: line %d :: \33[33;1m%s\33[0m %s found " % (i, _fn, _message) print beautyConsole.getColor( "blue") + _line + beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, _message): _fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[1:len(_fn)] """ Formats and prints line of output """ print ":: line %d :: \33[33;1m%s\33[0m %s " % (i, _fn, _message) print beautyConsole.getColor("grey") + _line + \ beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, _message): """ Formats and prints line of output """ _fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)] print ":: line %d :: \33[33;1m%s\33[0m %s " % (i, _fn, _message) print beautyConsole.getColor("green") + '\n\t' + _line.lstrip() + \ beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, _message): """ Formats and prints line of output """ print ":: line %d :: \33[33;1m%s\33[0m %s found " % (i, _fn, _message) if _fn and pefdefs.exploitableFunctionsDesc.has_key(_fn): print "\t\t" + beautyConsole.getColor("white") + pefdefs.exploitableFunctionsDesc.get(_fn) + beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("grey") + _line + beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, prev_line="", next_line="", prev_prev_line="", next_next_line="", __severity={}, __verbose=False): """ Formats and prints line of output """ __impact_color = { "low": "green", "medium": "yellow", "high": "red" } if __verbose == True: print " line %d :: \33[33;1m%s\33[0m " % (i, _fn) else: print "{}line {} :: {}{} ".format(beautyConsole.getColor( "white"), i, beautyConsole.getColor("grey"), _line.strip()) # print legend only if there i sentry in pefdocs.py if _fn and _fn.strip() in pefdocs.exploitableFunctionsDesc.keys(): __impact = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[3] __description = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[ 0] __syntax = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[1] __vuln_class = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[2] if __verbose == True: print "\n {}{}{}".format(beautyConsole.getColor( "white"), __description, beautyConsole.getSpecialChar("endline")) print " {}{}{}".format(beautyConsole.getColor( "grey"), __syntax, beautyConsole.getSpecialChar("endline")) print " Potential impact: {}{}{}".format(beautyConsole.getColor( __impact_color[__impact]), __vuln_class, beautyConsole.getSpecialChar("endline")) if __impact not in __severity.keys(): __severity[__impact] = 1 else: __severity[__impact] = __severity[__impact] + 1 if __verbose == True: print "\n" if prev_prev_line: print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \ beautyConsole.getSpecialChar("endline") if prev_line: print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \ beautyConsole.getSpecialChar("endline") print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if next_line: print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \ beautyConsole.getSpecialChar("endline") if next_next_line: print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \ beautyConsole.getSpecialChar("endline") print "\n"
def printcodeline(_line, i, _fn, prev_line="", next_line="", prev_prev_line="", next_next_line="", __severity={}): """ Formats and prints line of output """ __impact_color = {"low": "green", "medium": "yellow", "high": "red"} print ":: line %d :: \33[33;1m%s\33[0m " % (i, _fn) # print legend only if there i sentry in pefdocs.py if _fn and _fn.strip() in pefdocs.exploitableFunctionsDesc.keys(): __impact = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[3] __description = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[0] __syntax = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[1] __vuln_class = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[2] print "\n {}{}{}".format(beautyConsole.getColor("white"), __description, beautyConsole.getSpecialChar("endline")) print " {}{}{}".format(beautyConsole.getColor("grey"), __syntax, beautyConsole.getSpecialChar("endline")) print " Potential impact: {}{}{}".format( beautyConsole.getColor(__impact_color[__impact]), __vuln_class, beautyConsole.getSpecialChar("endline")) if __impact not in __severity.keys(): __severity[__impact] = 1 else: __severity[__impact] = __severity[__impact] + 1 print "\n" if prev_prev_line: print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \ beautyConsole.getSpecialChar("endline") if prev_line: print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \ beautyConsole.getSpecialChar("endline") print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if next_line: print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \ beautyConsole.getSpecialChar("endline") if next_next_line: print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \ beautyConsole.getSpecialChar("endline") print "\n"
def printcodeline(_line, i, _fn, _message, prev_line="", next_line="", prev_prev_line="", next_next_line=""): """ Formats and prints line of output """ print ":: line %d :: \33[33;1m%s\33[0m %s found " % (i, _fn, _message) if _fn and pefdefs.exploitableFunctionsDesc.has_key(_fn): print "\t\t" + beautyConsole.getColor("white") + pefdefs.exploitableFunctionsDesc.get( _fn) + beautyConsole.getSpecialChar("endline") print "\n" if prev_prev_line: print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \ beautyConsole.getSpecialChar("endline") if prev_line: print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \ beautyConsole.getSpecialChar("endline") print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if next_line: print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \ beautyConsole.getSpecialChar("endline") if next_next_line: print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \ beautyConsole.getSpecialChar("endline") print "\n"
def perform_code_analysis(src, pattern="", verbose=False): """ performs code analysis, line by line """ global patterns global patterns_identified global files_with_identified_patterns # if -P / --pattern is defined, overwrite patterns with user defined # value(s) if pattern: patterns = [".*" + pattern] print_filename = True _file = open(src, "r") _code = _file.readlines() i = 0 patterns_found_in_file = 0 for _line in _code: i += 1 __line = _line.strip() for __pattern in patterns: __rex = re.compile(__pattern) if __rex.match(__line.replace(' ', '')): if print_filename: files_with_identified_patterns = files_with_identified_patterns + 1 print("FILE: \33[33m{}\33[0m\n".format(src)) print_filename = False patterns_found_in_file += 1 printcodeline(_line, i, __pattern, ' code pattern identified: ', _code, verbose) # URL searching if identify_urls == True: if url_regex.search(__line): __url = url_regex.search(__line).group(0) # show each unique URL only once if __url not in urls: printcodeline(__url, i, __url, ' URL found: ', _code, verbose) urls.append(__url) if patterns_found_in_file > 0: patterns_identified = patterns_identified + patterns_found_in_file print( beautyConsole.getColor("red") + "\nIdentified %d code pattern(s)\n" % (patterns_found_in_file) + beautyConsole.getSpecialChar("endline")) print(beautyConsole.getColor("white") + "-" * 100)
def printcodeline(_line, i, _fn, _message, _code=[]): """ Formats and prints line of output """ _fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)] print "\n:: line %d :: \33[33;1m%s\33[0m %s \n" % (i, _fn, _message) if i > 3: print str(i - 3) + ' ' + beautyConsole.getColor("grey") + _code[i-3].rstrip() + \ beautyConsole.getSpecialChar("endline") if i > 2: print str(i - 2) + ' ' + beautyConsole.getColor("grey") + _code[i-2].rstrip() + \ beautyConsole.getSpecialChar("endline") print str(i) + ' ' + beautyConsole.getColor("green") + _line.rstrip() + \ beautyConsole.getSpecialChar("endline") if i < len(_code) - 1: print str(i + 1) + ' ' + beautyConsole.getColor("grey") + _code[i+1].rstrip() + \ beautyConsole.getSpecialChar("endline") if i < len(_code) - 2: print str(i + 2) + ' ' + beautyConsole.getColor("grey") + _code[i+2].rstrip() + \ beautyConsole.getSpecialChar("endline")
def perform_code_analysis(src, pattern=""): """ performs code analysis, line by line """ global PATTERNS_IDENTIFIED global FILES_WITH_IDENTIFIED_PATTERNS global PATTERNS # if -P / --pattern is defined, overwrite PATTERNS with user defined # value(s) if pattern: PATTERNS = [".*" + pattern] print_filename = True _file = open(src, "r") _code = _file.readlines() i = 0 patterns_found_in_file = 0 for _line in _code: i += 1 __line = _line.strip() for __pattern in PATTERNS: __rex = re.compile(__pattern) if __rex.match(__line.replace(' ', '')): if print_filename: FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1 print "FILE: \33[33m{}\33[0m\n".format(src) print_filename = False patterns_found_in_file += 1 printcodeline(_line, i, __pattern, ' code pattern identified: ', _code) # URL searching if IDENTIFY_URLS == True: if URL_REGEX.search(__line): __url = URL_REGEX.search(__line).group(0) # show each unique URL only once if __url not in URLS: printcodeline(__url, i, __url, ' URL found: ', _code) URLS.append(__url) if patterns_found_in_file > 0: PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file print beautyConsole.getColor("red") + \ "\nIdentified %d code pattern(s)\n" % (patterns_found_in_file) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def perform_code_analysis(src, pattern=""): """ performs code analysis, line by line """ global PATTERNS_IDENTIFIED global FILES_WITH_IDENTIFIED_PATTERNS global PATTERNS # if -P / --pattern is defined, overwrite PATTERNS with user defined # value(s) if pattern: PATTERNS = [".*" + pattern] print_filename = True _file = open(src, "r") _code = _file.readlines() i = 0 patterns_found_in_file = 0 for _line in _code: i += 1 __line = _line.strip() for __pattern in PATTERNS: __rex = re.compile(__pattern) if __rex.match(__line.replace(' ', '')): if print_filename: FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1 print "FILE: \33[33m{}\33[0m\n".format(src) print_filename = False patterns_found_in_file += 1 printcodeline(_line, i, __pattern, ' code pattern identified: ', _code) # URL searching if IDENTIFY_URLS == True: if URL_REGEX.search(__line): __url = URL_REGEX.search(__line).group(0) # show each unique URL only once if __url not in URLS: printcodeline(__url, i, __url, ' URL found: ', _code) URLS.append(__url) if patterns_found_in_file > 0: PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file print beautyConsole.getColor("red") + \ "\nIdentified %d code pattern(s)\n" % (patterns_found_in_file) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def main(src, pattern=""): """ performs code analysis, line by line """ global PATTERNS_IDENTIFIED global FILES_WITH_IDENTIFIED_PATTERNS global PATTERNS # if -P / --pattern is defined, overwrite PATTERNS with user defined # value(s) if pattern: PATTERNS = [".*" + pattern] print_filename = True _file = open(src, "r") i = 0 patterns_found_in_file = 0 for _line in _file: i += 1 __line = _line.strip() for __pattern in PATTERNS: __rex = re.compile(__pattern) if __rex.match(__line.replace(' ', '')): if print_filename: FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1 print "FILE: \33[33m{}\33[0m\n".format(src) print_filename = False patterns_found_in_file += 1 printcodeline(_line[0:120] + "...", i, __pattern, ' code pattern identified: ') if patterns_found_in_file > 0: PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file print beautyConsole.getColor("red") + \ "Identified %d code pattern(s)\n" % (patterns_found_in_file) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100
def main(src, __severity, __verbose, __functions_only): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = _file.readlines() header_printed = False prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" for _line in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 __line = _line.strip() for _fn in pefdefs.exploitableFunctions: # there has to be space before function call; prevents from false-positives strings contains PHP function names _fn = "{}".format(_fn) _at_fn = "@{}".format(_fn) # also, it has to checked agains @ at the beginning of the function name # @ prevents from output being echoed if _fn in __line or _at_fn in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _fn + (')' if '(' in _fn else ''), prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) if __functions_only == False: for _dp in pefdefs.fileInclude: # there has to be space before function call; prevents from false-positives strings contains PHP function names _dp = " {}".format(_dp) # remove spaces to allow detection eg. include( $_GET['something] ) if _dp in __line.replace(" ", ""): header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _dp + '()', prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) for _global in pefdefs.globalVars: if _global in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _global, prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) for _refl in pefdefs.reflectedProperties: if _refl in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _refl, prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) if total < 1: pass else: print beautyConsole.getColor("red") + \ "Found %d interesting entries\n" % (total) + \ beautyConsole.getSpecialChar("endline") return total # return how many findings in current file
def main(src, __severity, __verbose, __functions_only): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = _file.readlines() header_printed = False prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" for _line in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 __line = _line.strip() for _fn in pefdefs.exploitableFunctions: # there has to be space before function call; prevents from false-positives strings contains PHP function names _fn = " {}".format(_fn) if _fn in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _fn + (')' if '(' in _fn else ''), prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) if __functions_only == False: for _dp in pefdefs.fileInclude: # there has to be space before function call; prevents from false-positives strings contains PHP function names _dp = " {}".format(_dp) # remove spaces to allow detection eg. include( $_GET['something] ) if _dp in __line.replace(" ", ""): header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _dp + '()', prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) for _global in pefdefs.globalVars: if _global in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _global, prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) for _refl in pefdefs.reflectedProperties: if _refl in __line: header_printed = header_print(_file.name, header_printed) total += 1 printcodeline(_line, i, _refl, prev_line, next_line, prev_prev_line, next_next_line, __severity, __verbose) if total < 1: pass else: print beautyConsole.getColor("red") + \ "Found %d exploitable function(s)\n" % (total) + \ beautyConsole.getSpecialChar("endline") return total # return how many findings in current file
def main(src, severity, verbose=False, sql=False, critical=False): """ performs code analysis, line by line """ f = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = f.readlines() header_printed = False prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" for l in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 line = l.rstrip() if critical: for fn in pefdefs.critical: # there has to be space before function call; prevents from false-positives strings contains PHP function names atfn = "@{}".format(fn) fn = " {}".format(fn) # also, it has to checked agains @ at the beginning of the function name # @ prevents from output being echoed if fn in line or atfn in line: header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, fn + (')' if '(' in fn else ''), prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) else: for fn in pefdefs.exploitableFunctions: # there has to be space before function call; prevents from false-positives strings contains PHP function names atfn = "@{}".format(fn) fn = " {}".format(fn) # also, it has to checked agains @ at the beginning of the function name # @ prevents from output being echoed if fn in line or atfn in line: header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, fn + (')' if '(' in fn else ''), prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) if critical == False: for dp in pefdefs.fileInclude: # there has to be space before function call; prevents from false-positives strings contains PHP function names dp = " {}".format(dp) # remove spaces to allow detection eg. include( $_GET['something] ) if dp in line.replace(" ", ""): header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, dp + '()', prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) for globalvars in pefdefs.globalVars: if globalvars in line: header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, globalvars, prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) for refl in pefdefs.reflectedProperties: if refl in line: header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, refl, prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) if sql == True: for refl in pefdefs.otherPatterns: p = re.compile(refl) if p.search(l): header_printed = header_print(f.name, header_printed) total += 1 self.print_code_line(l, i, refl, prev_line, next_line, prev_prev_line, next_next_line, severity, verbose) if total < 1: pass else: print beautyConsole.getColor("red") + \ "Found %d interesting entries\n" % (total) + \ beautyConsole.getSpecialChar("endline") return total # return how many findings in current file
def main(self, src): """ main engine loop """ f = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = f.readlines() self.header_printed = False prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" for l in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 line = l.rstrip() if self.critical: for fn in pefdefs.critical: total = self.analyse_line(l, i, fn, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) else: for fn in (self.pattern if self.pattern else pefdefs.exploitableFunctions): total = self.analyse_line(l, i, fn, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) if self.critical == False and not self.pattern: for dp in pefdefs.fileInclude: total = self.analyse_line(l, i, dp, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) for globalvars in pefdefs.globalVars: total = self.analyse_line(l, i, globalvars, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) for refl in pefdefs.reflectedProperties: total = self.analyse_line(l, i, refl, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) if sql == True: for refl in pefdefs.otherPatterns: total = self.analyse_line(l, i, refl, f, line, prev_line, next_line, prev_prev_line, next_next_line, verbose, total) if total < 1: pass else: print( beautyConsole.getColor("red") + "Found %d interesting entries\n" % (total) + beautyConsole.getSpecialChar("endline")) return total # return how many findings in current file
def main(src): """ performs code analysis, line by line """ _file = open(src, "r") i = 0 total = 0 filenamelength = len(src) linelength = 97 all_lines = _file.readlines() prev_prev_line = "" prev_line = "" next_line = "" next_next_line = "" print "FILE: \33[33m%s\33[0m " % os.path.realpath(_file.name), "\n" for _line in all_lines: if i > 2: prev_prev_line = all_lines[i - 2].rstrip() if i > 1: prev_line = all_lines[i - 1].rstrip() if i < (len(all_lines) - 1): next_line = all_lines[i + 1].rstrip() if i < (len(all_lines) - 2): next_next_line = all_lines[i + 2].rstrip() i += 1 __line = _line.strip() for _fn in pefdefs.exploitableFunctions: if _fn in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound, prev_line, next_line, prev_prev_line, next_next_line) for _dp in pefdefs.fileInclude: if _dp in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _dp + '()', beautyConsole.fiMsgFound, prev_line, next_line, prev_prev_line, next_next_line) for _global in pefdefs.globalVars: if _global in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _global, beautyConsole.efMsgGlobalFound, prev_line, next_line, prev_prev_line, next_next_line) for _refl in pefdefs.reflectedProperties: if _refl in __line.replace(" ", ""): total += 1 printcodeline(_line, i, _refl, beautyConsole.eReflFound, prev_line, next_line, prev_prev_line, next_next_line) if total < 1: print beautyConsole.getColor("green") + \ "No exploitable functions found" + \ beautyConsole.getSpecialChar("endline") else: print beautyConsole.getColor("red") + \ "Found %d exploitable function(s)\n" % (total) + \ beautyConsole.getSpecialChar("endline") print beautyConsole.getColor("white") + "-" * 100