iExploit

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Apply for Membership

Top Posters

Who's Online (1)

Powered by Vanilla. Made with Bootstrap.
Looking to introduce yourself? Look no further, and click here! We also have IRC! [irc.evilzone.org #iexploit]
Static Code Analysis - Grep Vuln Checker
  • Sh3llc0d3
    Posts: 1,910
    Based on a paper written by someone on our course, I wrote this crude
    static code analysis tool. I'll probably try improving it at some point
    or converting it to ruby. The tool basically greps files in a web
    applications directory for code known to lead to possible
    vulnerabilities. This obviously requires a deep knowledge of the owasp
    top 10.



    #!/usr/bin/perl
    print "\t\tGrep Basic Source Analyser [Sh3llc0d3]\n";
    ####################################################################
    ####################################################################
    print "\t\tEnter web applications root directory\n\t\tAll documents in this directory and\n\t\tsub-dir's will be checked eg /root/webapp1\n";
    print ">> ";
    $dir = <stdin>;
    chomp($dir); 
    print "Enter a dir for the results for example '/tmp/newdir'\n";
    $result_dir = <stdin>;
    chomp($result_dir);
    mkdir $result_dir, 0755;
    print "New dir created!\n";
    ####################################################################
    ##
    ##	XSS
    ##
    ####################################################################
    print "[+]CHECKING FOR POSSIBLE XSS\n";
    $GET = `grep -i -r '\$_GET' $dir/* | grep 'echo'`;
    if($GET)
    {
    	open(FILE,"&gt;/$result_dir/GET_XSS_INJ.txt");
    	print FILE $GET;
    	close(FILE);
    }
    $POST = `grep -i -r '\$_POST' $dir/* | grep 'echo'`;
    if($POST)
    {
    	open(FILE2,"&gt;/$result_dir/POST_XSS_INJ.txt");
    	print FILE2 $POST;
    	close(FILE2);
    }
    $COOKIE = `grep -i -r '\$_COOKIE' $dir/* | grep 'echo'`;
    if($COOKIE)
    {
    	open(FILE3,"&gt;/$result_dir/COOKIE_XSS_INJ.txt");
    	print FILE3 $COOKIE;
    	close(FILE3);
    }
    $REQUEST = `grep -i -r '\$_REQUEST' $dir/* | grep 'echo'`;
    if($REQUEST)
    {
    	open(FILE4,"&gt;/$result_dir/REQUEST_XSS_INJ.txt");
    	print FILE4 $REQUEST;
    	close(FILE4);
    }
    $BLANK = `grep -i -r '\$_' $dir/* | grep 'echo'`;
    if($BLANK)
    {
    	open(FILE5,"&gt;/$result_dir/BLANK_XSS_INJ.txt");
    	print FILE5 $BLANK;
    	close(FILE5);
    }
    ####################################################################
    ##
    ##      Command Exec
    ##
    ####################################################################
    print "[+]CHECKING FOR POSSIBLE CMD INJECTION\n";
    $eval = `grep -i -r 'eval(' $dir/*`;
    if($eval)
    {
    	open(FILE6,"&gt;/$result_dir/EVAL_CMD_INJ.txt");
    	print FILE6 $eval;
    	close(FILE6);
    }
    $assert = `grep -i -r 'assert(' $dir/*`;
    if($assert)
    {
    	open(FILE7,"&gt;/$result_dir/ASSERT_CMD_INJ.txt");
    	print FILE7 $assert;
    	close(FILE7);
    }
    $pregrep = `grep -i -r 'preg_replace' $dir/* | grep '/e'`;
    if($pregrep)
    {
    	open(FILE8,"&gt;/$result_dir/PREG_REP_CMD_INJ.txt");
    	print FILE8 $pregrep;
    	close(FILE8);
    }
    $createfunc = `grep -i -r 'create_function(' $dir/*`;
    if(createfunc)
    {
    	open(FILE9,"&gt;/$result_dir/CREATE_FUNC_CMD_INJ.txt");
    	print FILE9 $createfunc;
    	close(FILE9);
    }
    ####################################################################
    ##
    ##      SQL INJ
    ##
    ####################################################################
    print "[+]CHECKING FOR POSSIBLE SQL INJECTION\n";
    $sql1 = `grep -i -r '\$sql' $dir/*`;
    if($sql1)
    {
    	open(FILE10,"&gt;/$result_dir/SQL1_SQL_INJ.txt");
    	print FILE10 $sql2;
    	close(FILE10);
    }
    $sql2 = `grep -i -r '\$sql' $dir/* | grep '\$_'`;
    if(sql2)
    {
    	open(FILE11,"&gt;/$result_dir/SQL2_SQL_INJ.txt");
    	print FILE11 $sql2;
    	close(FILE11);
    }
    #####################################################################
    #####################################################################
    print "[+] RESULTS SENT TO FILES IN: $result_dir\n\n\n";
    print "Now you just have to go through the output ;P\n";
    </stdin></stdin>
  • Sh3llc0d3
    Posts: 1,910
    God knows why, probably an anti-xss/code-exec issue but the forum always either omits or replaces code. htmlspecialchars?

    '&gt;' = '>'
    '&lt;' = '<'
  • Mr. P-teoMr. P-teo
    Posts: 269
    this looks pretty cool but yer i also dont understand why the forum prints &gy; etc. Like you said, htmlentities or htmlspecialchars
    Skype: mrpt3o
    Twitter: MrPteo


    image
  • Xin
    Posts: 3,251
    Sh3llc0d3 said:

    God knows why, probably an anti-xss/code-exec issue but the forum always either omits or replaces code. htmlspecialchars?

    '&gt;' = '>'
    '&lt;' = '<'

    I will look into this bug and get back to you
    Xin
  • Sh3llc0d3
    Posts: 1,910
    I think it is your WAF (assuming your running one or cloudflare) as opposed to a bug but cheers for checking into it.
  • Rontino
    Posts: 1
    Hi .I just join this forum and really looking forward to share my experiences.

    Google apps add-ons
Add a Comment