spaf

Static Php Analysis and Fuzzer

Description :

This tool WILL NOT sploit any php scripts for you. It's a recon and helper tool for preparing pentest on local environment.

The aim of this tool is to identify every entry points of scripts (user-controlled inputs). The included fuzzer send random printable data on each entry point, and then display every triggered logs.

Input arguments :

usage: main.py [-h] -d FOLDER [-f] [-o OUTPUT] [-c COOKIES] [-n NB_TESTS] -u URL [-r] [-l LOG_FILE]

- h, --help : show this help message and exit
- d FOLDER, --directory : Php script folder matching the -u argument
- f, --fuzz : Perform fuzzing on every entry point (optional)
- o OUTPUT, --output : output type (pretty or json)
- c COOKIES, --cookies : cookies to use durng fuzzing (ex : PHPSESSID=1234567890&logged=true )
- n NB_TESTS, --nbtests : Number of random string to send during the fuzzing
- u URL, --url URL : Url matching folder value
- r, --recursive : Recursive file search in folder
- l LOG_FILE, --logfile : If you want to display logs errors triggered by fuzzing, put your error.log full path here

Usage :

####List entry points :

foo@bar ~/spaf> ./main.py -d "/var/www/exemple_script/" -r

[*] Start static scan
[+] /var/www/exemple_script/admin/gauche.php
 | [GET] line 54 : f_sid
[+] /var/www/exemple_script/languages/russian.php
 | [GET] line 168 : id_modif
[+] /var/www/exemple_script/admin/titre.php
 | [GET] line 18 : lang_edit
 | [POST] line 36 : save

####Fuzz entry points :

foo@bar ~/spaf> ./main.py -d "/var/www/exemple_script/" -u "http://localhost/exemple_script/" -r -l "/var/log/apache2/error_log" -f

[*] Start static scan
[*] Start fuzzing
2%
[...]
100%
[+] 200 get : http://localhost/exemple_script/admin/gauche.php
 |
 | f_sid : 0x65492634475f4b355b57456056492a633a51556b6f6f4051335d475279623c3a

[+] 200 get : http://localhost/exemple_script/languages/russian.php
 |
 | id_modif : 0x3124560a5d7343765467295d3d4261447d49273d205f725073606576685b6a4a
 |
 |- logs :
 |
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Stack trace:
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/exemple_script/languages/russian.php:0
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: chem_absolu in /var/www/exemple_script/languages/russian.php on line 48
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Stack trace:
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/exemple_script/languages/russian.php:0
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: exemple_script_ext in /var/www/exemple_script/languages/russian.php on line 94
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Stack trace:
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/exemple_script/languages/russian.php:0
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: exemple_script_version in /var/www/exemple_script/languages/russian.php on line 307
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Stack trace:
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/exemple_script/languages/russian.php:0
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: exemple_script_version in /var/www/exemple_script/languages/russian.php on line 308
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Stack trace:
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/exemple_script/languages/russian.php:0
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: exemple_script_version in /var/www/exemple_script/languages/russian.php on line 309
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Stack trace:
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/exemple_script/languages/russian.php:0
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: exemple_script_version in /var/www/exemple_script/languages/russian.php on line 525
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP Stack trace:
 | [Thu Apr 10 14:17:47 2014] [error] [client 127.0.0.1] PHP   1. {main}() /var/www/exemple_script/languages/russian.php:0

[+] 200 post : http://localhost/exemple_script/admin/titre.php
 |
 | save : 0x6539402e583e2b2f5b61724a09357b456b386e5b5b63552a447d232963283453

[+] 200 get : http://localhost/exemple_script/admin/titre.php
 |
 | lang_edit : 0x6539402e583e2b2f5b61724a09357b456b386e5b5b63552a447d232963283453

License :

"THE BEER-WARE LICENSE" (Revision 42):
[email protected]> wrote this file. As long as you retain this notice you
can do whatever you want with this stuff. If we meet some day, and you think
this stuff is worth it, you can buy me a beer in return. Ganapati

seabreg / spaf Goto Github PK

spaf's Introduction

spaf

Description :

Input arguments :

Usage :

License :

spaf's People

Watchers

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent