PHPvuln – Linux Tool to Find Vulnerabilities in PHP Code
PHP security vulnerabilities are a major cause for concern when it comes to web applications written in the PHP language since successful exploitation of such safety defects may lead to several regularly exploited attacks. Many vulnerabilities are usually not difficult to fix, but finding them in large codebases could be challenging without the right tools. So to find these major security flaws we need a powerful automated script. PHPvuln is an automated script developed in the Python language. PHPvuln tool checks or tests the massive list of PHP files for various types of vulnerabilities like LFI, XSS, IP Exposure, etc. At the parallel time, all the vulnerabilities are tested and a quick report is generated with the point of insertion of malicious query or the location of the file is been displayed. PHPvuln tool is open-source and free to use.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux
Installation of PHPvuln Tool on Kali Linux
Step 1: First, check whether the Python Environment is Established or not, use the following command.
Step 2: Open up your Kali Linux terminal and move to Desktop using the following command.
Step 3: You are on Desktop now create a new directory called PHPvuln using the following command. In this directory, we will complete the installation of the PHPvuln tool.
Step 4: Now switch to the PHPvuln directory using the following command.
Step 5: Now you have to install the tool. You have to clone the tool from Github.
git clone https://github.com/ecriminal/phpvuln.git
Step 6: The tool has been downloaded successfully in the PHPvuln directory. Now list out the contents of the tool by using the below command.
Step 7: You can observe that there is a new directory created of the PHPvuln tool that has been generated while we were installing the tool. Now move to that directory using the below command:
Step 8: Once again to discover the contents of the tool, use the below command.
Step 9: Download the required packages for running the tool, use the following command.
pip3 install -r requirements.txt
Step 10: Now we are done with our installation, Use the below command to view the help (gives a better understanding of the tool) index of the tool.
python3 phpvuln.py -h
Working with PHPvuln Tool on Kali Linux
Example 1: Vulnerability List
python3 phpvuln.py --list-vuln
In this example, We will be displaying the list of available vulnerabilities which can be tested on PHP files.
Example 2: Find Vulnerability
python3 phpvuln.py -p /home/kali/Desktop/bWAPP_latest/bWAPP/
1. In this example, We will be testing PHP files for vulnerabilities. In the below Screenshot, We have Buggy Software’s PHP files which we are going to test.
2. In the below Screenshot, We are specifying the path of PHP files which will be tested.
3. In the below Screenshot, We have got the vulnerabilities found on the PHP files which we have tested. We have got various types of vulnerabilities like XSS, IP Exposure, etc.
Example 3: Checking Specific Vulnerability
python3 phpvuln.py -p /home/kali/Desktop/bWAPP_latest/bWAPP/ -v xss
1. In this example, We are going to test only the XSS vulnerability, as in the above example, the tool has tested all the vulnerabilities. We have used the -v tag to specify the type of vulnerability which only will be tested.
2. In the below Screenshot, We have got vulnerable files and the code snippet where the XSS Vulnerability is detected.