Hello guys. I’ve got a question. What tools do you namely use for searching vulnerabilities in source code (like php)? If I will search by hand it would take away a lot of time. How can I automate the searching? Thank you!
I assume English is not your native language, so I gave your post a clean up to make it better understandable. Also, questions should be posted in the “support” category :).
As for your question, if you are looking for bad PHP code, there are no tools to do that for you. You’ll have to examine the source file by hand to find weak code.
If your goal however is to find already known vulnerabilities in webservers, then you may be more of luck. There are tons of tools out there to scan webservers like Nikto, OWASP, Burp Suite…
I’ll however get someone more knowledgeable here to help you. @pry0cc, I summon thee.
Thank you for your help:) . I told about soft like grep (for searching some functions in source code)…can you write names of tools for searching like that? I just don’t want to lost a lot of time for searching and want to optimize this proccess.
using grep to look for specific functions is the best way I know of. You could make a simple script yourself using this knowledge perhaps?
You can also try to test fuzzing the inputs. Here is the nice tips : https://dl.packetstormsecurity.net/papers/general/PHP_Fuzzing_In_Action.pdf
This topic was automatically closed after 30 days. New replies are no longer allowed.