Open In App

PHPvuln – Linux Tool to Find Vulnerabilities in PHP Code

Improve
Improve
Like Article
Like
Save
Share
Report

PHP security vulnerabilities are a major cause for concern when it comes to web applications written in the PHP language since successful exploitation of such safety defects may lead to several regularly exploited attacks. Many vulnerabilities are usually not difficult to fix, but finding them in large codebases could be challenging without the right tools. So to find these major security flaws we need a powerful automated script. PHPvuln is an automated script developed in the Python language. PHPvuln tool checks or tests the massive list of PHP files for various types of vulnerabilities like LFI, XSS, IP Exposure, etc. At the parallel time, all the vulnerabilities are tested and a quick report is generated with the point of insertion of malicious query or the location of the file is been displayed. PHPvuln tool is open-source and free to use.

Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux

Installation of PHPvuln Tool on Kali Linux

Step 1: First, check whether the Python Environment is Established or not, use the following command.

python3

Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.

cd Desktop

Step 3: You are on Desktop now create a new directory called PHPvuln using the following command. In this directory, we will complete the installation of the PHPvuln tool.

mkdir PHPvuln 

Step 4: Now switch to the PHPvuln directory using the following command.

cd PHPvuln 

Step 5: Now you have to install the tool. You have to clone the tool from Github.

git clone https://github.com/ecriminal/phpvuln.git

Step 6: The tool has been downloaded successfully in the PHPvuln directory. Now list out the contents of the tool by using the below command.

ls

Step 7: You can observe that there is a new directory created of the PHPvuln tool that has been generated while we were installing the tool. Now move to that directory using the below command:

cd phpvuln

Step 8: Once again to discover the contents of the tool, use the below command.

ls

Step 9: Download the required packages for running the tool, use the following command.

pip3 install -r requirements.txt

Step 10: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.

python3 phpvuln.py -h

Working with PHPvuln Tool on Kali Linux

Example 1: Vulnerability List

python3 phpvuln.py --list-vuln

In this example, We will be displaying the list of available vulnerabilities which can be tested on PHP files.

Example 2: Find Vulnerability

python3 phpvuln.py -p /home/kali/Desktop/bWAPP_latest/bWAPP/

1. In this example, We will be testing PHP files for vulnerabilities. In the below Screenshot, We have Buggy Software’s PHP files which we are going to test.

2. In the below Screenshot, We are specifying the path of PHP files which will be tested.

3. In the below Screenshot, We have got the vulnerabilities found on the PHP files which we have tested. We have got various types of vulnerabilities like XSS, IP Exposure, etc.

Example 3: Checking Specific Vulnerability 

python3 phpvuln.py -p /home/kali/Desktop/bWAPP_latest/bWAPP/ -v xss

1. In this example, We are going to test only the XSS vulnerability, as in the above example, the tool has tested all the vulnerabilities. We have used the -v tag to specify the type of vulnerability which only will be tested.

2. In the below Screenshot, We have got vulnerable files and the code snippet where the XSS Vulnerability is detected.



Last Updated : 14 Sep, 2021
Like Article
Save Article
Previous
Next
Share your thoughts in the comments
Similar Reads