swisskyrepo / Vulny Code Static Analysis
Licence: other
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207
Programming Languages
python
139335 projects - #7 most used programming language
Projects that are alternatives of or similar to Vulny Code Static Analysis
Salus
Security scanner coordinator
Stars: ✭ 441 (+113.04%)
Mutual labels: static-analysis, security-tools, security-scanner, audit
Huskyci
Performing security tests inside your CI
Stars: ✭ 398 (+92.27%)
Mutual labels: static-analysis, hacktoberfest, security-tools, vulnerabilities
Horusec
Horusec is an open source tool that improves identification of vulnerabilities in your project with just one command.
Stars: ✭ 311 (+50.24%)
Mutual labels: static-analysis, hacktoberfest, vulnerabilities
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (+64.25%)
Mutual labels: security-tools, vulnerabilities, security-scanner
Applicationinspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+1771.01%)
Mutual labels: static-analysis, security-tools, security-scanner
Wssat
WEB SERVICE SECURITY ASSESSMENT TOOL
Stars: ✭ 360 (+73.91%)
Mutual labels: static-analysis, security-tools, vulnerabilities
Krane
Kubernetes RBAC static Analysis & visualisation tool
Stars: ✭ 254 (+22.71%)
Mutual labels: static-analysis, security-tools, security-scanner
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+75.36%)
Mutual labels: security-tools, vulnerabilities, security-scanner
Insider
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216 (+4.35%)
Mutual labels: static-analysis, security-tools, security-scanner
Jsprime
a javascript static security analysis tool
Stars: ✭ 556 (+168.6%)
Mutual labels: static-analysis, security-tools, security-scanner
Brakeman
A static analysis security vulnerability scanner for Ruby on Rails applications
Stars: ✭ 6,281 (+2934.3%)
Mutual labels: static-analysis, security-tools, vulnerabilities
Ossa
Open-Source Security Architecture | 开源安全架构
Stars: ✭ 796 (+284.54%)
Mutual labels: security-tools, vulnerabilities, security-scanner
Rapidscan
🆕 The Multi-Tool Web Vulnerability Scanner.
Stars: ✭ 775 (+274.4%)
Mutual labels: security-tools, vulnerabilities, security-scanner
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+4172.46%)
Mutual labels: security-tools, vulnerabilities, security-scanner
Nosqlmap
Automated NoSQL database enumeration and web application exploitation tool.
Stars: ✭ 1,928 (+831.4%)
Mutual labels: hacktoberfest, security-tools
Awesome Vulnerable
A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB.
Stars: ✭ 133 (-35.75%)
Mutual labels: hacktoberfest, vulnerabilities
Nodejsscan
nodejsscan is a static security code scanner for Node.js applications.
Stars: ✭ 1,874 (+805.31%)
Mutual labels: static-analysis, security-scanner
Semgrep Rules
Semgrep rules registry
Stars: ✭ 140 (-32.37%)
Mutual labels: static-analysis, security-scanner
Gsil
GitHub Sensitive Information Leakage(GitHub敏感信息泄露监控)
Stars: ✭ 1,764 (+752.17%)
Mutual labels: security-tools, security-scanner
Reconnoitre
A security tool for multithreaded information gathering and service enumeration whilst building directory structures to store results, along with writing out recommendations for further testing.
Stars: ✭ 1,824 (+781.16%)
Mutual labels: security-tools, security-scanner
VulnyCode - PHP Code Static Analysis 
Basic script to detect vulnerabilities into a PHP source code, it is using Regular Expression to find sinkholes.
# HELP
╭─ 👻 [email protected]: ~/Github/PHP_Code_Static_Analysis ‹master*›
╰─$ python3 index.py
usage: index.py [-h] [--dir DIR] [--plain]
optional arguments:
-h, --help show this help message and exit
--dir DIR Directory to analyse
--plain No color in output
# Example
╭─ 👻 [email protected]: ~/Github/PHP_Code_Static_Analysis ‹master*›
╰─$ python3 index.py --dir test
------------------------------------------------------------
Analyzing 'test' source code
------------------------------------------------------------
Potential vulnerability found : File Inclusion
Line 19 in test/include.php
Code : include($_GET['patisserie'])
------------------------------------------------------------
Potential vulnerability found : Insecure E-mail
Line 2 in test/mail.php
Code : mail($dest, "subject", "message", "", "-f" . $_GET['from'])
Declared at line 1 : $dest = $_GET['who'];
Currently detecting :
- Arbitrary Cookie
- Arbitrary File Deletion
- Arbitrary Variable Overwrite
- Cross Site Scripting
- File Inclusion
- File Inclusion / Path Traversal
- File Upload
- Header Injection
- Information Leak
- Insecure E-mail
- Insecure Weak Random
- LDAP Injection
- PHP Object Injection
- Remote Code Execution
- Remote Command Execution
- Server Side Request Forgery
- Server Side Template Injection
- SQL Injection
- URL Redirection
- Weak Cryptographic Hash
- XML external entity
- XPATH Injection
- Hardcoded credentials
- High Entropy string
if you want to export each vulnerabilities type into a folder use the "export.sh"
Don't forget to read the license ;)
Alternatives
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].