PHP Source Analyzer
[INFO] Please enter a directory [INFO]
[Error] does not exist or is not a directory [Error]
[Error] does not exist or is not a file [Error]
$base_dir); //Create array for holding dir_listing first entry is user argument
$php_listing = array(); //Create array for holding php files found in search
$x = 0; //set counter
if($_GET["search_style"] == "Directory") {
while($x < count($dir_listing)) { //Loop while the counter is less or equal to array count
$curr_directory = $dir_listing[$x]; //set curr_directory
$dir_handle[$x] = opendir($curr_directory); //set the directory handle for opening the dir. according to the counter
while(false !== ($file = readdir($dir_handle[$x]))) { //read directory listing and loop till the end
$curr_file = $curr_directory . $file;
if(is_dir($curr_file)) { //check if its a directory
if(($file != ".") && ($file != "..")) { //check if its a hidden dire.
$dir_listing[count($dir_listing)] = $curr_file . "\\"; //add to array . using count adds appends it count is not based on 0 start
}
}
if(is_file($curr_file)) { //Check if its a file
if(substr_count($file, ".php")) { //Check if its a php file
$php_listing[count($php_listing)] = $curr_file; //add to files found array php_listing
}
}
}
closedir($dir_handle[$x]); //close handle
$x++; //itterate count
}
} else {
$php_listing[count($php_listing)] = $base_dir;
}
/*-------------------------------------------------------------------------------------------
SOURCE SYNTAX SEARCH FUNCTION
--------------------------------------------------------------------------------------------*/
//Array holding all the strings to search for
if($_GET['custom_search'] <> NULL) { //Check to see if custome search is set to something other than nothing
$custom_search = "on"; //Set custom search on
$vuln_custom_syntax = $_GET['custom_search']; //Get was custom search string contains
$vuln_custom_syntax = explode(',', $vuln_custom_syntax); //seperate everything in custom search into an array
}
//Arrays Containing the most common strings to search for
$vuln_rfi_syntax = array("require", "include", "empty", "readfile", "fread", "fwrite", "writefile", "fopen","_GET", "_POST", "_SESSION", "_REQUEST", "_USER", "eval");
$vuln_sql_syntax = array("sql", "dbquery", "query", "WHERE", "SELECT", "DELETE", "INSERT");
$vuln_rce_syntax = array("popen", "system", "eval", "passthru");
$vuln_count = 1; //keeps track of the vulnerablities for the xhtml variables to pass to javascript
for($z=0; $z < count($php_listing); $z++) {
$vuln_found = array();
$filename = $php_listing[$z]; //holds the file to search
$handle = fopen($filename, "r"); //opens file for reading only
$contents = fread($handle, filesize($filename)); //reads all content to $contents
?>
Filename:
"") //check to see if the line is empty, and for unwanted lines comments and such
and (!strstr($exp_content[$i], "//")) //check to see if the line is a comment
and (!strstr($exp_content[$i], "/*"))
and (!strstr($exp_content[$i], "* "))
) {
$exp_content[$i] = strip_tags($exp_content[$i]); //strip all html tags before printing out
//#########################################################################################
// THIS FOLLOWING FOR LOOP CHECKS FOR CUSTOM SEARCH STRINGS PROVIDED BY THE USER
// It loops through each vulnerability for the current line of code from exp_content
// same loop as above with a different array. This seperates
//#########################################################################################
if($custom_search == "on") {
for($x=0; $x < count($vuln_custom_syntax); $x++) { //loop through the vuln. array
if(substr_count($exp_content[$i], $vuln_custom_syntax[$x])) { //check and see if the vulnerable string is found
$vuln_line = "line# " . $i . ": " . $exp_content[$i] . "\n\r\n\r"; //hold vulnerable line found in syntax: Line$ code
if (!array_search($vuln_line, $vuln_found)){ //check to see if it exists already or was already found
$vuln_found[count($vuln_found)] = $vuln_line; //if not then add to vuln_found array for future checks
?>
";
}
?>
";
}
?>
";
}
?>
";
}
?>