Awesome
Eir
PHP vulnerability scanner written in C#. Why C#? Because! That's why!
Requirements
- .NET 4.5 or Mono 3.12.0-1
- PHP >= 5.3
- Good intentions
Getting it running
- Download project
- Install Composer (for the PHP parser)
2.1. From the PHPAnalysis-parser folder run composer update in terminal
2.2. Make sure all dependencies are correctly installed. - Fix the config.yml
- Run the application
Getting it running on Ubuntu 16.04
- Install PHP
sudo apt install php7.0-cli
- Make sure you have the XML library
sudo apt install php-xml
- Install Composer
sudo apt install composer
- Install Mono
sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
echo "deb http://download.mono-project.com/repo/ubuntu xenial main" | sudo tee /etc/apt/sources.list.d/mono-official.list
sudo apt-get update
sudo apt-get install mono-devel
- Install NuGet
sudo apt install nuget
- Install PHPAnalysis-parser dependencies with Composer
composer install
composer update
- Restore NuGet packages for PHPAnalysis solution
nuget restore
- Build solution
msbuild ./PHPAnalysis.sln
- Update the config.yml file with correct settings
- Remember to reference the FileWriter and/or the WordPress dll files if needed
- Run the analysis
mono PHPAnalysis.exe --all --target ./myPhpFile.php
Errors
A list of possible errors you might experience while setting up/using this application and possible ways to mitigate them.
"Parser error: Syntax error, unexpected EOF on line xx"
(PHP project/parser throws this error)
Make sure that there is no syntactical errors in your PHP code. This scanner does not handle syntax errors very well.
If the syntax is correct, try updating to the newest version of PHP.
CONFIGURATION ERROR
Make sure the configuration file (config.yml
) is present and has the correct format. It should look like the config-template.yml
file.
Standard rules for Yaml files apply.
Common error:
Using tabs instead of spaces. Indentation should be done using spaces.
External dependencies
-
CommandLineParser 1.9.71
-
Newtonsoft.Json 10.0.0
-
PHP-Parser 1.1.0
-
QuickGraph 3.6.61119.7
-
Microsoft.Bcl.Immutable 1.0.34
-
YamlDotNet 4.2.2
-
Moq 4.7.127
-
NUnit 3.8.1