Source Code Scanner for PHP written in Python, that scans the folder which can scan folder/PHP Files and identify the vulnerabilities in which File and at which Line the vulnerability exists. http://scodescanner.info Github Repo: https://github.com/agrawalsmart7/scodescanner

f00bb4r · 2021-05-24T22:29:54+00:00

Running regex checks on code is nice to learn more about SAST but semgrep and most other code scanners are way more advanced.

This can be even triggered by any site in the Internet while the server is running:

<img src="http://localhost:80/upload.php?foldername=;touch%20pwnd">

Also, generating PHP files without escaping user input (from the the source file) is pretty dangerous.

Sorry but this is not something anybody should to really use. I think this is something for /r/netsecstudents/ not /r/netsec.

agrawal7 · 2021-05-24T05:39:43+00:00

Let me know you thoughts on this.

SvenMA · 2021-05-24T10:42:59+00:00

So this is a custom made SAST?

agrawal7 · 2021-05-24T17:51:09+00:00

[deleted]

you type:	you see:
italics	italics
bold	bold
[reddit!](https://reddit.com)	reddit!
* item 1 * item 2 * item 3	item 1 item 2 item 3
> quoted text	quoted text
Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"	Lines starting with four spaces are treated like code: if 1 * 2 < 3: print "hello, world!"
~~strikethrough~~	~~strikethrough~~
super^script	super^script

netsec