Hey Folks, today we have come here with a penetration testing tool called “phpvuln“. PHPvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection.
Let’s take a look :P !!
Dependencies
To control this tool, the “python3” tool must be pre-installed in your system. Let’s install it by using the following command.
1 | apt install python3 |
Tool Installation
Now we move on to the installation part of this tool. Just execute the git clone command in order to download entire project from github. After the download is complete, then go inside the directory and hold the position. Now we are able to boot this tool by using the python command.
1 2 3 | git clone https://github.com/ecriminal/phpvuln.git cd phpvuln/ python3 phpvuln.py -h |
Vulnerability List
Here you can see the list of many types of vulnerabilities that you can identify in php code with the help of this tool.
1 | python3 phpvuln.py --list-vuln |
Find Vulnerability
As you may have come to know about this tool why developers have created this tool. All we have to do is give the path of the php project that we want to investigate and it will identify all the vulnerability by itself.
Usage 🙂 !! python3 phpvuln.py -p < your path of php code >
1 | python3 phpvuln.py -p /home/shubham/Desktop/bWAPP/ |
Also you can use the following command if you want to find a specific vulnerability in PHP code.
Usage 🙂 !! python3 phpvuln.py -p < your path of php code > -v < vuln name >
1 | python3 phpvuln.py -p /home/shubham/Desktop/bWAPP/ -v rfi |
Thus, you can use all the features of this tool one by one and benefit by finding significant vulnerabilities in php code.
A keen learner and passionate IT student. He has done Web designing, CCNA, RedHat, Ethical hacking, Network & web penetration testing. Currently, he is completing his graduation and learning about Red teaming, CTF challenges & Blue teaming.
