Vulnerable Function Finder (PHP)
// February 1st, 2012 // 19 Comments // Personal
So I quickly threw this together to scan for functions recursively and output results. Will also add to code page and update as I see fit.
#!/bin/bash
echo "jakes quick PHP function finder"
echo "all results will be placed in files with their respective names"
echo "Enter the full path to the directory you want to scan and press [ENTER]:"
read path
echo "Scanning for MySQL injection"
echo "1/1"
grep -A3 -B3 -r -n "mysql_query(" "$path" > mysql-query.txt
echo "Done"
echo "Scanning for local / remote file inclusion"
echo "1/4"
grep -A3 -B3 -r -n "include(" "$path" > include.txt
echo "2/4"
grep -A3 -B3 -r -n "require_once(" "$path" > require-once.txt
echo "3/4"
grep -A3 -B3 -r -n "include(" "$path" > include.txt
echo "4/4"
grep -A3 -B3 -r -n "include_once(" "$path" > include-once.txt
echo "Done"
echo "Scanning for command exec"
echo "1/7"
grep -A3 -B3 -r -n "eval(" "$path" > eval.txt
echo "2/7"
grep -A3 -B3 -r -n "preg_replace(" "$path" > preg-replace.txt
echo "3/7"
grep -A3 -B3 -r -n "fwrite(" "$path" > fwrite.txt
echo "4/7"
grep -A3 -B3 -r -n "passthru(" "$path" > passthru.txt
echo "5/7"
grep -A3 -B3 -r -n "file_get_contents(" "$path" > file-get-contents.txt
echo "6/7"
grep -A3 -B3 -r -n "shell_exec(" "$path" > shell-exec.txt
echo "7/7"
grep -A3 -B3 -r -n "system(" "$path" > system.txt
echo "Done"
echo "Scanning for file system bugs"
echo "1/6"
grep -A3 -B3 -r -n "fopen(" "$path" > fopen.txt
echo "2/6"
grep -A3 -B3 -r -n "readfile(" "$path" > readfile.txt
echo "3/6"
grep -A3 -B3 -r -n "glob(" "$path" > glob.txt
echo "4/6"
grep -A3 -B3 -r -n "file(" "$path" > file.txt
echo "5/6"
grep -A3 -B3 -r -n "popen(" "$path" > popen.txt
echo "6/6"
grep -A3 -B3 -r -n "exec(" "$path" > exec.txt
echo "Done"
echo "Finished scanning"
exit