def show_banner():
"""
Prints welcome banner with contact info
"""
print beautyConsole.getColor("cyan")
print BANNER
print beautyConsole.getColor("white")
def banner():
"""
Prints welcome banner with contact info
"""
print beautyConsole.getColor("green") + "\n\n", "-" * 100
print "-" * 6, " PEF | PHP Exploitable Functions scanner", " " * 35, "-" * 16
print "-" * 6, " GitHub: bl4de | Twitter: @_bl4de | [email protected] ", " " * 22, "-" * 16
print "-" * 100, "\33[0m\n"
def printcodeline(_line, i, _fn, prev_line="", next_line="", prev_prev_line="", next_next_line="", __severity={}, __verbose=False):
"""
Formats and prints line of output
"""
__impact_color = {
"low": "green",
"medium": "yellow",
"high": "red"
}
if __verbose == True:
print " line %d :: \33[33;1m%s\33[0m " % (i, _fn)
else:
print "{}line {} :: {}{} ".format(beautyConsole.getColor(
"white"), i, beautyConsole.getColor("grey"), _line.strip())
# print legend only if there i sentry in pefdocs.py
if _fn and _fn.strip() in pefdocs.exploitableFunctionsDesc.keys():
__impact = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[3]
__description = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[
0]
__syntax = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[1]
__vuln_class = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[2]
if __verbose == True:
print "\n {}{}{}".format(beautyConsole.getColor(
"white"), __description, beautyConsole.getSpecialChar("endline"))
print " {}{}{}".format(beautyConsole.getColor(
"grey"), __syntax, beautyConsole.getSpecialChar("endline"))
print " Potential impact: {}{}{}".format(beautyConsole.getColor(
__impact_color[__impact]), __vuln_class, beautyConsole.getSpecialChar("endline"))
if __impact not in __severity.keys():
__severity[__impact] = 1
else:
__severity[__impact] = __severity[__impact] + 1
if __verbose == True:
print "\n"
if prev_prev_line:
print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \
beautyConsole.getSpecialChar("endline")
if prev_line:
print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \
beautyConsole.getSpecialChar("endline")
print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if next_line:
print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \
beautyConsole.getSpecialChar("endline")
if next_next_line:
print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \
beautyConsole.getSpecialChar("endline")
print "\n"
def perform_code_analysis(src, pattern=""):
"""
performs code analysis, line by line
"""
global PATTERNS_IDENTIFIED
global FILES_WITH_IDENTIFIED_PATTERNS
global PATTERNS
# if -P / --pattern is defined, overwrite PATTERNS with user defined
# value(s)
if pattern:
PATTERNS = [".*" + pattern]
print_filename = True
_file = open(src, "r")
_code = _file.readlines()
i = 0
patterns_found_in_file = 0
for _line in _code:
i += 1
__line = _line.strip()
for __pattern in PATTERNS:
__rex = re.compile(__pattern)
if __rex.match(__line.replace(' ', '')):
if print_filename:
FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1
print "FILE: \33[33m{}\33[0m\n".format(src)
print_filename = False
patterns_found_in_file += 1
printcodeline(_line, i, __pattern,
' code pattern identified: ', _code)
# URL searching
if IDENTIFY_URLS == True:
if URL_REGEX.search(__line):
__url = URL_REGEX.search(__line).group(0)
# show each unique URL only once
if __url not in URLS:
printcodeline(__url, i, __url, ' URL found: ', _code)
URLS.append(__url)
if patterns_found_in_file > 0:
PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file
print beautyConsole.getColor("red") + \
"\nIdentified %d code pattern(s)\n" % (patterns_found_in_file) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def perform_code_analysis(src, pattern=""):
"""
performs code analysis, line by line
"""
global PATTERNS_IDENTIFIED
global FILES_WITH_IDENTIFIED_PATTERNS
global PATTERNS
# if -P / --pattern is defined, overwrite PATTERNS with user defined
# value(s)
if pattern:
PATTERNS = [".*" + pattern]
print_filename = True
_file = open(src, "r")
i = 0
patterns_found_in_file = 0
for _line in _file:
i += 1
__line = _line.strip()
for __pattern in PATTERNS:
__rex = re.compile(__pattern)
if __rex.match(__line.replace(' ', '')):
if print_filename:
FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1
print "FILE: \33[33m{}\33[0m\n".format(src)
print_filename = False
patterns_found_in_file += 1
printcodeline(_line[0:120] + "...", i, __pattern,
' code pattern identified: ')
# URL searching
if IDENTIFY_URLS == True:
if URL_REGEX.search(__line):
__url = URL_REGEX.search(__line).group(0)
# show each unique URL only once
if __url not in URLS:
printcodeline(__url, i, __url, ' URL found: ')
URLS.append(__url)
if patterns_found_in_file > 0:
PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file
print beautyConsole.getColor("red") + \
"Identified %d code pattern(s)\n" % (patterns_found_in_file) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def header_print(self, file_name, header_print):
"""
prints file header
"""
if self.header_printed == False:
print(beautyConsole.getColor("white") + "-" * 100)
print("FILE: \33[33m%s\33[0m " % os.path.realpath(file_name), "\n")
self.header_printed = True
return self.header_printed
def banner():
"""
Prints welcome banner with contact info
"""
print(beautyConsole.getColor("green") + "\n\n", "-" * 100)
print("-" * 6, " PEF | PHP Exploitable Functions scanner", " " * 35,
"-" * 16)
print("-" * 6, " GitHub: bl4de | Twitter: @_bl4de | [email protected] ",
" " * 22, "-" * 16)
print("-" * 100, "\33[0m\n")
def printcodeline(_line,
i,
_fn,
prev_line="",
next_line="",
prev_prev_line="",
next_next_line="",
__severity={}):
"""
Formats and prints line of output
"""
__impact_color = {"low": "green", "medium": "yellow", "high": "red"}
print ":: line %d :: \33[33;1m%s\33[0m " % (i, _fn)
# print legend only if there i sentry in pefdocs.py
if _fn and _fn.strip() in pefdocs.exploitableFunctionsDesc.keys():
__impact = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[3]
__description = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[0]
__syntax = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[1]
__vuln_class = pefdocs.exploitableFunctionsDesc.get(_fn.strip())[2]
print "\n {}{}{}".format(beautyConsole.getColor("white"),
__description,
beautyConsole.getSpecialChar("endline"))
print " {}{}{}".format(beautyConsole.getColor("grey"), __syntax,
beautyConsole.getSpecialChar("endline"))
print " Potential impact: {}{}{}".format(
beautyConsole.getColor(__impact_color[__impact]), __vuln_class,
beautyConsole.getSpecialChar("endline"))
if __impact not in __severity.keys():
__severity[__impact] = 1
else:
__severity[__impact] = __severity[__impact] + 1
print "\n"
if prev_prev_line:
print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \
beautyConsole.getSpecialChar("endline")
if prev_line:
print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \
beautyConsole.getSpecialChar("endline")
print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if next_line:
print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \
beautyConsole.getSpecialChar("endline")
if next_next_line:
print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \
beautyConsole.getSpecialChar("endline")
print "\n"
def printcodeline(_line, i, _fn, _message, prev_line="", next_line="", prev_prev_line="", next_next_line=""):
"""
Formats and prints line of output
"""
print ":: line %d :: \33[33;1m%s\33[0m %s found " % (i, _fn, _message)
if _fn and pefdefs.exploitableFunctionsDesc.has_key(_fn):
print "\t\t" + beautyConsole.getColor("white") + pefdefs.exploitableFunctionsDesc.get(
_fn) + beautyConsole.getSpecialChar("endline")
print "\n"
if prev_prev_line:
print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \
beautyConsole.getSpecialChar("endline")
if prev_line:
print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \
beautyConsole.getSpecialChar("endline")
print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if next_line:
print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \
beautyConsole.getSpecialChar("endline")
if next_next_line:
print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \
beautyConsole.getSpecialChar("endline")
print "\n"
def run(self):
"""
runs scanning
"""
if self.recursive:
for root, subdirs, files in os.walk(self.filename):
for f in files:
self.scanned_files = self.scanned_files + 1
res = self.main(os.path.join(root, f))
self.found_entries = self.found_entries + res
else:
self.scanned_files = self.scanned_files + 1
self.found_entries = self.main(self.filename)
print(beautyConsole.getColor("white") + "-" * 100)
print(beautyConsole.getColor("green"))
print("\n>>> {} file(s) scanned".format(self.scanned_files))
if self.found_entries > 0:
print("{}>>> {} interesting entries found\n".format(
beautyConsole.getColor("red"), self.found_entries))
else:
print(" No interesting entries found :( \n")
print("{}==> {}:\t {}".format(beautyConsole.getColor("red"), "HIGH",
self.severity.get("high")))
print("{}==> {}:\t {}".format(beautyConsole.getColor("yellow"),
"MEDIUM", self.severity.get("medium")))
print("{}==> {}:\t {}".format(beautyConsole.getColor("green"), "LOW",
self.severity.get("low")))
print("\n")
def main(src):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
print "-" * 14, " FILE: \33[33m%s\33[0m " % src, "-" * (
linelength - filenamelength - 21), "\n"
for _line in _file:
i += 1
__line = _line.strip()
for _fn in PATTERNS:
if _fn in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound)
if total < 1:
print beautyConsole.getColor("green") + \
"No dangerous functions found\n" + \
beautyConsole.getSpecialChar("endline")
else:
print beautyConsole.getColor("red") + \
"Found %d dangerous functions total\n" % (total) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def main(src, pattern=""):
"""
performs code analysis, line by line
"""
global PATTERNS_IDENTIFIED
global FILES_WITH_IDENTIFIED_PATTERNS
global PATTERNS
# if -P / --pattern is defined, overwrite PATTERNS with user defined
# value(s)
if pattern:
PATTERNS = [".*" + pattern]
print_filename = True
_file = open(src, "r")
i = 0
patterns_found_in_file = 0
for _line in _file:
i += 1
__line = _line.strip()
for __pattern in PATTERNS:
__rex = re.compile(__pattern)
if __rex.match(__line.replace(' ', '')):
if print_filename:
FILES_WITH_IDENTIFIED_PATTERNS = FILES_WITH_IDENTIFIED_PATTERNS + 1
print "FILE: \33[33m{}\33[0m\n".format(src)
print_filename = False
patterns_found_in_file += 1
printcodeline(_line[0:120] + "...", i, __pattern,
' code pattern identified: ')
if patterns_found_in_file > 0:
PATTERNS_IDENTIFIED = PATTERNS_IDENTIFIED + patterns_found_in_file
print beautyConsole.getColor("red") + \
"Identified %d code pattern(s)\n" % (patterns_found_in_file) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def printcodeline(_line, i, _fn, _message, _code=[]):
"""
Formats and prints line of output
"""
_fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)]
print "\n:: line %d :: \33[33;1m%s\33[0m %s \n" % (i, _fn, _message)
if i > 3:
print str(i - 3) + ' ' + beautyConsole.getColor("grey") + _code[i-3].rstrip() + \
beautyConsole.getSpecialChar("endline")
if i > 2:
print str(i - 2) + ' ' + beautyConsole.getColor("grey") + _code[i-2].rstrip() + \
beautyConsole.getSpecialChar("endline")
print str(i) + ' ' + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if i < len(_code) - 1:
print str(i + 1) + ' ' + beautyConsole.getColor("grey") + _code[i+1].rstrip() + \
beautyConsole.getSpecialChar("endline")
if i < len(_code) - 2:
print str(i + 2) + ' ' + beautyConsole.getColor("grey") + _code[i+2].rstrip() + \
beautyConsole.getSpecialChar("endline")
def printcodeline(_line, i, _fn, _message, _code=[]):
"""
Formats and prints line of output
"""
_fn = _fn.replace("*", "").replace("\\", "").replace(".(", '(')[0:len(_fn)]
print "\n:: line %d :: \33[33;1m%s\33[0m %s \n" % (i, _fn, _message)
if i > 3:
print str(i - 3) + ' ' + beautyConsole.getColor("grey") + _code[i-3].rstrip() + \
beautyConsole.getSpecialChar("endline")
if i > 2:
print str(i - 2) + ' ' + beautyConsole.getColor("grey") + _code[i-2].rstrip() + \
beautyConsole.getSpecialChar("endline")
print str(i) + ' ' + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if i < len(_code) - 1:
print str(i + 1) + ' ' + beautyConsole.getColor("grey") + _code[i+1].rstrip() + \
beautyConsole.getSpecialChar("endline")
if i < len(_code) - 2:
print str(i + 2) + ' ' + beautyConsole.getColor("grey") + _code[i+2].rstrip() + \
beautyConsole.getSpecialChar("endline")
def main(src):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
print "-" * 14, " FILE: \33[33m%s\33[0m " % src, "-" * (
linelength - filenamelength - 21), "\n"
for _line in _file:
i += 1
__line = _line.strip()
for _fn in pefdefs.exploitableFunctions:
if _fn in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _fn + ')', beautyConsole.efMsgFound)
for _kw in pefdefs.keywords:
if _kw.lower() in __line.lower():
total += 1
printcodeline(_line, i, _kw, beautyConsole.eKeyWordFound)
for _dp in pefdefs.fileInclude:
if _dp in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _dp + '()', beautyConsole.fiMsgFound)
for _global in pefdefs.globalVars:
if _global in __line:
total += 1
printcodeline(_line, i, _global,
beautyConsole.efMsgGlobalFound)
for _refl in pefdefs.reflectedProperties:
if _refl in __line:
total += 1
printcodeline(_line, i, _refl, beautyConsole.eReflFound)
if total < 1:
print beautyConsole.getColor("green") + \
"No exploitable functions found\n" + \
beautyConsole.getSpecialChar("endline")
else:
print beautyConsole.getColor("red") + \
"Found %d exploitable functions total\n" % (total) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def decorate_varname(var_name):
return beautyConsole.getColor("red") + var_name + beautyConsole.getColor("white")
def decorate_source(src_line):
return beautyConsole.getColor("yellow") + src_line + beautyConsole.getColor("white")
if args.recursive:
for subdir, dirs, files in os.walk(base_path):
if not include:
if not True in [e in subdir for e in exclude]:
process_files(subdir, files, pattern, verbose)
else:
if True in [i in subdir for i in include]:
process_files(subdir, files, pattern, verbose)
else:
# process only single file
s_filename = args.filename
if s_filename[-3:] == '.js':
perform_code_analysis(s_filename, pattern, verbose)
total_files = total_files + 1
except Exception as ex:
print("{}An exception occured: {}\n\n".format(
beautyConsole.getColor("red"), ex))
exit(1)
print(beautyConsole.getColor("cyan"))
print(" {} file(s) scanned in total".format(total_files))
if patterns_identified > 0:
print(beautyConsole.getColor("red"))
print("Identified {} code pattern(s) in {} file(s)".format(
patterns_identified, files_with_identified_patterns))
else:
print(beautyConsole.getColor("green"), "No code pattern identified")
print(beautyConsole.getColor("white"))
def decorate_varname(var_name):
return beautyConsole.getColor("red") + var_name + beautyConsole.getColor("white")
def decorate_source(src_line):
return beautyConsole.getColor("yellow") + src_line + beautyConsole.getColor("white")
def main(self, src):
"""
main engine loop
"""
f = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = f.readlines()
self.header_printed = False
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
for l in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
line = l.rstrip()
if self.critical:
for fn in pefdefs.critical:
total = self.analyse_line(l, i, fn, f, line, prev_line,
next_line, prev_prev_line,
next_next_line, verbose, total)
else:
for fn in (self.pattern
if self.pattern else pefdefs.exploitableFunctions):
total = self.analyse_line(l, i, fn, f, line, prev_line,
next_line, prev_prev_line,
next_next_line, verbose, total)
if self.critical == False and not self.pattern:
for dp in pefdefs.fileInclude:
total = self.analyse_line(l, i, dp, f, line, prev_line,
next_line, prev_prev_line,
next_next_line, verbose, total)
for globalvars in pefdefs.globalVars:
total = self.analyse_line(l, i, globalvars, f, line,
prev_line, next_line,
prev_prev_line, next_next_line,
verbose, total)
for refl in pefdefs.reflectedProperties:
total = self.analyse_line(l, i, refl, f, line, prev_line,
next_line, prev_prev_line,
next_next_line, verbose, total)
if sql == True:
for refl in pefdefs.otherPatterns:
total = self.analyse_line(l, i, refl, f, line,
prev_line, next_line,
prev_prev_line,
next_next_line, verbose,
total)
if total < 1:
pass
else:
print(
beautyConsole.getColor("red") +
"Found %d interesting entries\n" % (total) +
beautyConsole.getSpecialChar("endline"))
return total # return how many findings in current file
def main(src):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = _file.readlines()
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
print "FILE: \33[33m%s\33[0m " % os.path.realpath(_file.name), "\n"
for _line in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
__line = _line.strip()
for _fn in pefdefs.exploitableFunctions:
if _fn in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _fn + ')',
beautyConsole.efMsgFound, prev_line, next_line, prev_prev_line, next_next_line)
for _dp in pefdefs.fileInclude:
if _dp in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _dp + '()',
beautyConsole.fiMsgFound, prev_line, next_line, prev_prev_line, next_next_line)
for _global in pefdefs.globalVars:
if _global in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _global,
beautyConsole.efMsgGlobalFound, prev_line, next_line, prev_prev_line, next_next_line)
for _refl in pefdefs.reflectedProperties:
if _refl in __line.replace(" ", ""):
total += 1
printcodeline(_line, i, _refl,
beautyConsole.eReflFound, prev_line, next_line, prev_prev_line, next_next_line)
if total < 1:
print beautyConsole.getColor("green") + \
"No exploitable functions found" + \
beautyConsole.getSpecialChar("endline")
else:
print beautyConsole.getColor("red") + \
"Found %d exploitable function(s)\n" % (total) + \
beautyConsole.getSpecialChar("endline")
print beautyConsole.getColor("white") + "-" * 100
def main(src, severity, verbose=False, sql=False, critical=False):
"""
performs code analysis, line by line
"""
f = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = f.readlines()
header_printed = False
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
for l in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
line = l.rstrip()
if critical:
for fn in pefdefs.critical:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
atfn = "@{}".format(fn)
fn = " {}".format(fn)
# also, it has to checked agains @ at the beginning of the function name
# @ prevents from output being echoed
if fn in line or atfn in line:
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, fn + (')' if '(' in fn else ''),
prev_line, next_line, prev_prev_line,
next_next_line, severity, verbose)
else:
for fn in pefdefs.exploitableFunctions:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
atfn = "@{}".format(fn)
fn = " {}".format(fn)
# also, it has to checked agains @ at the beginning of the function name
# @ prevents from output being echoed
if fn in line or atfn in line:
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, fn + (')' if '(' in fn else ''),
prev_line, next_line, prev_prev_line,
next_next_line, severity, verbose)
if critical == False:
for dp in pefdefs.fileInclude:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
dp = " {}".format(dp)
# remove spaces to allow detection eg. include( $_GET['something] )
if dp in line.replace(" ", ""):
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, dp + '()', prev_line, next_line,
prev_prev_line, next_next_line,
severity, verbose)
for globalvars in pefdefs.globalVars:
if globalvars in line:
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, globalvars, prev_line,
next_line, prev_prev_line,
next_next_line, severity, verbose)
for refl in pefdefs.reflectedProperties:
if refl in line:
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, refl, prev_line, next_line,
prev_prev_line, next_next_line,
severity, verbose)
if sql == True:
for refl in pefdefs.otherPatterns:
p = re.compile(refl)
if p.search(l):
header_printed = header_print(f.name, header_printed)
total += 1
self.print_code_line(l, i, refl, prev_line, next_line,
prev_prev_line, next_next_line,
severity, verbose)
if total < 1:
pass
else:
print beautyConsole.getColor("red") + \
"Found %d interesting entries\n" % (total) + \
beautyConsole.getSpecialChar("endline")
return total # return how many findings in current file
def print_code_line(self,
_line,
i,
fn,
prev_line="",
next_line="",
prev_prev_line="",
next_next_line="",
severity={},
verbose=False):
"""
prints formatted code line
"""
impact_color = {"low": "green", "medium": "yellow", "high": "red"}
if verbose == True:
print " line %d :: \33[33;1m%s\33[0m " % (i, fn)
else:
print "{}line {} :: {}{} ".format(beautyConsole.getColor("white"),
i,
beautyConsole.getColor("grey"),
_line.strip())
# print legend only if there i sentry in pefdocs.py
if fn and fn.strip() in pefdocs.exploitableFunctionsDesc.keys():
impact = pefdocs.exploitableFunctionsDesc.get(fn.strip())[3]
description = pefdocs.exploitableFunctionsDesc.get(fn.strip())[0]
syntax = pefdocs.exploitableFunctionsDesc.get(fn.strip())[1]
vuln_class = pefdocs.exploitableFunctionsDesc.get(fn.strip())[2]
if verbose == True:
print "\n {}{}{}".format(
beautyConsole.getColor("white"), description,
beautyConsole.getSpecialChar("endline"))
print " {}{}{}".format(
beautyConsole.getColor("grey"), syntax,
beautyConsole.getSpecialChar("endline"))
print " Potential impact: {}{}{}".format(
beautyConsole.getColor(impact_color[impact]), vuln_class,
beautyConsole.getSpecialChar("endline"))
if impact not in severity.keys():
severity[impact] = 1
else:
severity[impact] = severity[impact] + 1
if verbose == True:
print "\n"
if prev_prev_line:
print str(i-2) + " " + beautyConsole.getColor("grey") + prev_prev_line + \
beautyConsole.getSpecialChar("endline")
if prev_line:
print str(i-1) + " " + beautyConsole.getColor("grey") + prev_line + \
beautyConsole.getSpecialChar("endline")
print str(i) + " " + beautyConsole.getColor("green") + _line.rstrip() + \
beautyConsole.getSpecialChar("endline")
if next_line:
print str(i+1) + " " + beautyConsole.getColor("grey") + next_line + \
beautyConsole.getSpecialChar("endline")
if next_next_line:
print str(i+2) + " " + beautyConsole.getColor("grey") + next_next_line + \
beautyConsole.getSpecialChar("endline")
print "\n"
return
found_entries = 0
severity = {"high": 0, "medium": 0, "low": 0}
if args.recursive:
for root, subdirs, files in os.walk(filename):
for f in files:
scanned_files = scanned_files + 1
res = main(os.path.join(root, f), severity, verbose, sql,
critical)
found_entries = found_entries + res
else:
scanned_files = scanned_files + 1
found_entries = main(filename, severity)
print beautyConsole.getColor("white") + "-" * 100
print beautyConsole.getColor("green")
print "\n>>> {} file(s) scanned".format(scanned_files)
if found_entries > 0:
print "{}>>> {} interesting entries found\n".format(
beautyConsole.getColor("red"), found_entries)
else:
print " No interesting entries found :( \n"
print "{}==> {}:\t {}".format(beautyConsole.getColor("red"), "HIGH",
severity.get("high"))
print "{}==> {}:\t {}".format(beautyConsole.getColor("yellow"), "MEDIUM",
severity.get("medium"))
print "{}==> {}:\t {}".format(beautyConsole.getColor("green"), "LOW",
severity.get("low"))
def header_print(file_name, header_printed):
if header_printed == False:
print beautyConsole.getColor("white") + "-" * 100
print "FILE: \33[33m%s\33[0m " % os.path.realpath(file_name), "\n"
header_printed = True
return header_printed
def main(src, __severity, __verbose, __functions_only):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = _file.readlines()
header_printed = False
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
for _line in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
__line = _line.strip()
for _fn in pefdefs.exploitableFunctions:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
_fn = " {}".format(_fn)
if _fn in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _fn + (')' if '(' in _fn else ''),
prev_line, next_line, prev_prev_line,
next_next_line, __severity, __verbose)
if __functions_only == False:
for _dp in pefdefs.fileInclude:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
_dp = " {}".format(_dp)
# remove spaces to allow detection eg. include( $_GET['something] )
if _dp in __line.replace(" ", ""):
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _dp + '()', prev_line, next_line,
prev_prev_line, next_next_line, __severity,
__verbose)
for _global in pefdefs.globalVars:
if _global in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _global, prev_line, next_line,
prev_prev_line, next_next_line, __severity,
__verbose)
for _refl in pefdefs.reflectedProperties:
if _refl in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _refl, prev_line, next_line,
prev_prev_line, next_next_line, __severity,
__verbose)
if total < 1:
pass
else:
print beautyConsole.getColor("red") + \
"Found %d exploitable function(s)\n" % (total) + \
beautyConsole.getSpecialChar("endline")
return total # return how many findings in current file
if not INCLUDE:
if not True in [e in subdir for e in EXCLUDE]:
process_files(subdir, files, PATTERN)
else:
if True in [i in subdir for i in INCLUDE]:
process_files(subdir, files, PATTERN)
else:
# process only single file
S_FILENAME = ARGS.filename
if (S_FILENAME[-3:] not in EXTENSIONS_TO_IGNORE
and S_FILENAME[-2:] not in EXTENSIONS_TO_IGNORE
and S_FILENAME[-7:] not in MINIFIED_EXT):
perform_code_analysis(S_FILENAME, PATTERN)
TOTAL_FILES = TOTAL_FILES + 1
except Exception as ex:
print beautyConsole.getColor(
"red"), "An exception occured: {}\n\n".format(ex)
exit(1)
print beautyConsole.getColor("cyan")
print " {} file(s) scanned in total".format(TOTAL_FILES)
if PATTERNS_IDENTIFIED > 0:
print beautyConsole.getColor("red")
print "Identified {} code pattern(s) in {} file(s)".format(
PATTERNS_IDENTIFIED, FILES_WITH_IDENTIFIED_PATTERNS)
else:
print beautyConsole.getColor(
"green"), "No code pattern identified"
print beautyConsole.getColor("white")
def main(src, __severity, __verbose, __functions_only):
"""
performs code analysis, line by line
"""
_file = open(src, "r")
i = 0
total = 0
filenamelength = len(src)
linelength = 97
all_lines = _file.readlines()
header_printed = False
prev_prev_line = ""
prev_line = ""
next_line = ""
next_next_line = ""
for _line in all_lines:
if i > 2:
prev_prev_line = all_lines[i - 2].rstrip()
if i > 1:
prev_line = all_lines[i - 1].rstrip()
if i < (len(all_lines) - 1):
next_line = all_lines[i + 1].rstrip()
if i < (len(all_lines) - 2):
next_next_line = all_lines[i + 2].rstrip()
i += 1
__line = _line.strip()
for _fn in pefdefs.exploitableFunctions:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
_fn = "{}".format(_fn)
_at_fn = "@{}".format(_fn)
# also, it has to checked agains @ at the beginning of the function name
# @ prevents from output being echoed
if _fn in __line or _at_fn in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _fn + (')' if '(' in _fn else ''), prev_line,
next_line, prev_prev_line, next_next_line, __severity, __verbose)
if __functions_only == False:
for _dp in pefdefs.fileInclude:
# there has to be space before function call; prevents from false-positives strings contains PHP function names
_dp = " {}".format(_dp)
# remove spaces to allow detection eg. include( $_GET['something] )
if _dp in __line.replace(" ", ""):
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _dp + '()', prev_line, next_line,
prev_prev_line, next_next_line, __severity, __verbose)
for _global in pefdefs.globalVars:
if _global in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _global, prev_line, next_line,
prev_prev_line, next_next_line, __severity, __verbose)
for _refl in pefdefs.reflectedProperties:
if _refl in __line:
header_printed = header_print(_file.name, header_printed)
total += 1
printcodeline(_line, i, _refl, prev_line, next_line,
prev_prev_line, next_next_line, __severity, __verbose)
if total < 1:
pass
else:
print beautyConsole.getColor("red") + \
"Found %d interesting entries\n" % (total) + \
beautyConsole.getSpecialChar("endline")
return total # return how many findings in current file
if not '/node_modules/' in subdir or ('/node_modules/' in subdir and SKIP_NODE_MODULES == False):
if (SKIP_TEST_FILES == False):
main(FILENAME)
TOTAL_FILES = TOTAL_FILES + 1
else:
if __file not in TEST_FILES and "/test" not in FILENAME and "/tests" not in FILENAME:
main(FILENAME)
TOTAL_FILES = TOTAL_FILES + 1
else:
FILENAME = args.filename
if (FILENAME[-3:] not in EXTENSIONS_TO_IGNORE
and FILENAME[-2:] not in EXTENSIONS_TO_IGNORE
and FILENAME[-7:] not in MINIFIED_EXT):
main(FILENAME)
TOTAL_FILES = TOTAL_FILES + 1
except Exception as ex:
print beautyConsole.getColor("red"), "An exception occured: {}\n\n".format(ex)
exit(1)
print beautyConsole.getColor("cyan")
print " {} file(s) scanned in total".format(TOTAL_FILES)
if PATTERNS_IDENTIFIED > 0:
print beautyConsole.getColor("red")
print "Identified {} code pattern(s) in {} file(s)".format(PATTERNS_IDENTIFIED, FILES_WITH_IDENTIFIED_PATTERNS)
else:
print beautyConsole.getColor(
"green"), "No code pattern identified"
print beautyConsole.getColor("white")
"medium": 0,
"low": 0
}
if args.recursive:
for root, subdirs, files in os.walk(__filename):
for f in files:
__scanned_files = __scanned_files + 1
res = main(os.path.join(root, f), __severity,
__verbose, __sql, __critical)
__found_entries = __found_entries + res
else:
__scanned_files = __scanned_files + 1
__found_entries = main(__filename, __severity)
print beautyConsole.getColor("white") + "-" * 100
print beautyConsole.getColor("green")
print "\n>>> {} file(s) scanned".format(__scanned_files)
if __found_entries > 0:
print "{}>>> {} interesting entries found\n".format(
beautyConsole.getColor("red"), __found_entries)
else:
print " No interesting entries found :( \n"
print "{}==> {}:\t {}".format(
beautyConsole.getColor("red"), "HIGH", __severity.get("high"))
print "{}==> {}:\t {}".format(beautyConsole.getColor(
"yellow"), "MEDIUM", __severity.get("medium"))
print "{}==> {}:\t {}".format(beautyConsole.getColor(
"green"), "LOW", __severity.get("low"))
def header_print(file_name, header_printed):
if header_printed == False:
print beautyConsole.getColor("white") + "-" * 100
print "FILE: \33[33m%s\33[0m " % os.path.realpath(file_name), "\n"
header_printed = True
return header_printed
"medium": 0,
"low": 0
}
if args.recursive:
for root, subdirs, files in os.walk(__filename):
for f in files:
__scanned_files = __scanned_files + 1
res = main(os.path.join(root, f), __severity,
__verbose, __functions_only)
__found_entries = __found_entries + res
else:
__scanned_files = __scanned_files + 1
__found_entries = main(__filename, __severity)
print beautyConsole.getColor("white") + "-" * 100
print beautyConsole.getColor("green")
print "\n>>> {} file(s) scanned".format(__scanned_files)
if __found_entries > 0:
print "{}>>> {} interesting entries found\n".format(
beautyConsole.getColor("red"), __found_entries)
else:
print " No interesting entries found :( \n"
print "{}==> {}:\t {}".format(
beautyConsole.getColor("red"), "HIGH", __severity.get("high"))
print "{}==> {}:\t {}".format(beautyConsole.getColor(
"yellow"), "MEDIUM", __severity.get("medium"))
print "{}==> {}:\t {}".format(beautyConsole.getColor(
"green"), "LOW", __severity.get("low"))
