PHPvuln – Find Vulnerabilities in PHP Code

Hey Folks, today we have come here with a penetration testing tool called “phpvuln“. PHPvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection.

Let’s take a look :P !!

Dependencies

To control this tool, the “python3” tool must be pre-installed in your system. Let’s install it by using the following command.

apt install python3

Tool Installation

Now we move on to the installation part of this tool. Just execute the git clone command in order to download entire project from github. After the download is complete, then go inside the directory and hold the position. Now we are able to boot this tool by using the python command.

git clone https://github.com/ecriminal/phpvuln.git
cd phpvuln/
python3 phpvuln.py -h

Vulnerability List

Here you can see the list of many types of vulnerabilities that you can identify in php code with the help of this tool.

python3 phpvuln.py --list-vuln

Find Vulnerability

As you may have come to know about this tool why developers have created this tool. All we have to do is give the path of the php project that we want to investigate and it will identify all the vulnerability by itself.

Usage 🙂 !! python3 phpvuln.py -p < your path of php code >

python3 phpvuln.py -p /home/shubham/Desktop/bWAPP/

Also you can use the following command if you want to find a specific vulnerability in PHP code.

Usage 🙂 !! python3 phpvuln.py -p < your path of php code > -v < vuln name >

python3 phpvuln.py -p /home/shubham/Desktop/bWAPP/ -v rfi

Thus, you can use all the features of this tool one by one and benefit by finding significant vulnerabilities in php code.