Hey Folks, today we have come here with a penetration testing tool called “phpvuln“. PHPvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection.

Let’s take a look :P !!

Dependencies

To control this tool, the “python3” tool must be pre-installed in your system. Let’s install it by using the following command.

Tool Installation

Now we move on to the installation part of this tool. Just execute the git clone command in order to download entire project from github. After the download is complete, then go inside the directory and hold the position. Now we are able to boot this tool by using the python command.

Vulnerability List

Here you can see the list of many types of vulnerabilities that you can identify in php code with the help of this tool.

Find Vulnerability

As you may have come to know about this tool why developers have created this tool. All we have to do is give the path of the php project that we want to investigate and it will identify all the vulnerability by itself.

Usage 🙂 !! python3 phpvuln.py -p < your path of php code >

Also you can use the following command if you want to find a specific vulnerability in PHP code.

Usage 🙂 !! python3 phpvuln.py -p < your path of php code > -v < vuln name >

Thus, you can use all the features of this tool one by one and benefit by finding significant vulnerabilities in php code.

About the Author
Shubham Goyal Certified Ethical Hacker, information security analyst, penetration tester and researcher. Can be Contact on Linkedin.

Leave a Reply