vulnz

Tool for finding php source code vulnerabilities.

Scans PHP source code and prints out potentially dangerous lines. This tool is useful for security researchers, pentesters and bug hunters. If any file specified contains line with function call that is inside 'functions.txt' wordlist, it will echo it out.

-h, --help

usage: vulnz.py [-r] [-h] [files ...]

Vulnz, tool for finding php source code vulns.

positional arguments:
  file(s)          Specify php file(s) to look at, '*' for all

optional arguments:
  -r, --recursive  Look recursively from current directory
  -h, --help       Show this help message and exit.

Example 1)

"; ping_equipment.class.php:85 echo ""; ping_equipment.class.php:101 echo Html::scriptBlock("$(document).on('click', '#ping_ip', function(event) { ping_equipment.class.php:129 exec("ping -c 1 -w 1 " . $ip, $list); ping_equipment.class.php:131 exec("ping -c 1 -w 1 " . $ip, $list, $error); ping_equipment.class.php:146 exec("ping.exe -n 1 -w 100 -i 64 " . $ip, $list); ping_equipment.class.php:148 exec("ping.exe -n 1 -w 100 -i 64 " . $ip, $list, $error); ping_equipment.class.php:163 exec("fping -r1 -c1 -t100 " . $ip, $list); ping_equipment.class.php:165 exec("fping -r1 -c1 -t100 " . $ip, $list, $error); ping_equipment.class.php:180 exec("ping -c 1 -W 1 " . $ip, $list); ping_equipment.class.php:182 exec("ping -c 1 -W 1 " . $ip, $list, $error); ping_equipment.class.php:197 exec("ping -c 1 -t 1 " . $ip, $list); ping_equipment.class.php:199 exec("ping -c 1 -t 1 " . $ip, $list, $error); ping_equipment.class.php:233 exec("ping -c 1 -w 1 -a " . $ip, $list, $error); ping_equipment.class.php:238 exec("ping.exe -n 1 -w 100 -i 64 -a " . $ip, $list, $error);">

└─$ vulnz ping_equipment.class.php                                                                                                                                                         
ping_equipment.class.php:75     echo "";
ping_equipment.class.php:85     echo "";
ping_equipment.class.php:101    echo Html::scriptBlock("$(document).on('click', '#ping_ip', function(event) {
ping_equipment.class.php:129    exec("ping -c 1 -w 1 " . $ip, $list);
ping_equipment.class.php:131    exec("ping -c 1 -w 1 " . $ip, $list, $error);
ping_equipment.class.php:146    exec("ping.exe -n 1 -w 100 -i 64 " . $ip, $list);
ping_equipment.class.php:148    exec("ping.exe -n 1 -w 100 -i 64 " . $ip, $list, $error);
ping_equipment.class.php:163    exec("fping -r1 -c1 -t100 " . $ip, $list);
ping_equipment.class.php:165    exec("fping -r1 -c1 -t100 " . $ip, $list, $error);
ping_equipment.class.php:180    exec("ping -c 1 -W 1 " . $ip, $list);
ping_equipment.class.php:182    exec("ping -c 1 -W 1 " . $ip, $list, $error);
ping_equipment.class.php:197    exec("ping -c 1 -t 1 " . $ip, $list);
ping_equipment.class.php:199    exec("ping -c 1 -t 1 " . $ip, $list, $error);
ping_equipment.class.php:233    exec("ping -c 1 -w 1 -a " . $ip, $list, $error);
ping_equipment.class.php:238    exec("ping.exe -n 1 -w 100 -i 64 -a " . $ip, $list, $error);

Example 2)

showReservationForm($_GET["ip"], $_GET['id_addressing'], $_GET['rand']); ajax/addressing.php:37 if (isset($_POST['action']) && $_POST['action'] == 'viewFilter') { ajax/addressing.php:38 if (isset($_POST['items_id']) ajax/addressing.php:39 && isset($_POST["id"])) { ajax/addressing.php:41 $filter->showForm($_POST["id"], ['items_id' => $_POST['items_id']]); ajax/addressing.php:46 } else if (isset($_POST['action']) && $_POST['action'] == 'entities_networkip') { ajax/addressing.php:47 IPNetwork::showIPNetworkProperties($_POST['entities_id']); ajax/addressing.php:49 } else if (isset($_POST['action']) && $_POST['action'] == 'entities_location') { ajax/addressing.php:51 'value' => $_POST["value"], ajax/addressing.php:52 'entity' => $_POST['entities_id']]); ajax/addressing.php:54 } else if (isset($_POST['action']) && $_POST['action'] == 'entities_fqdn') { ajax/addressing.php:56 'value' => $_POST["value"], ajax/addressing.php:57 'entity' => $_POST['entities_id']]); ajax/seePingTab.php:41 echo Html::scriptBlock("$('#ping_item').show();"); ajax/seePingTab.php:31 if (strpos($_SERVER['PHP_SELF'], "seePingTab.php")) { ajax/seePingTab.php:39 if (isset($_POST['action']) && $_POST['action'] == "viewPingform") { ajax/seePingTab.php:44 $pingE->showPingForm($_POST['itemtype'], $_POST['items_id']); ajax/seePingTab.php:47 $_POST['name'] = "ping_item"; ajax/seePingTab.php:48 $_POST['rand'] = ""; ajax/seePingTab.php:49 Ajax::commonDropdownUpdateItem($_POST); inc/config.class.php:48 echo "

"; inc/addressing.class.php:221 echo Html::input('name', ['value' => $this->fields['name'], 'size' => 40]); inc/addressing.class.php:253 echo Html::input('_ipdeb0', ['value' => $ipexploded[0], inc/addressing.class.php:258 echo Html::input('_ipdeb1', ['value' => $ipexploded[0], inc/addressing.class.php:263 echo Html::input('_ipdeb2', ['value' => $ipexploded[0], inc/addressing.class.php:268 echo Html::input('_ipdeb3', ['value' => $ipexploded[0], inc/addressing.class.php:318 echo Html::input('_ipfin0', ['value' => $ipexploded[0], inc/addressing.class.php:324 echo Html::input('_ipfin1', ['value' => $ipexploded[0], inc/addressing.class.php:330 echo Html::input('_ipfin2', ['value' => $ipexploded[0], inc/addressing.class.php:336 echo Html::input('_ipfin3', ['value' => $ipexploded[0], inc/addressing.class.php:359 echo Html::hidden('begin_ip', ['value' => $this->fields["begin_ip"], inc/addressing.class.php:361 echo Html::hidden('end_ip', ['value' => $this->fields["end_ip"], inc/addressing.class.php:366 echo Html::scriptBlock('$(document).ready(function() {' . $js . '});'); inc/addressing.class.php:448 echo "".__('Export').""; inc/addressing.class.php:688 echo __('Number of free IP', 'addressing') . " " . $nbipf . "
"; inc/addressing.class.php:692 echo __('Number of reserved IP', 'addressing') . " " . $nbipr . "
"; inc/addressing.class.php:696 echo __('Number of assigned IP (no doubles)', 'addressing') . " " . $nbipt . "
"; inc/addressing.class.php:700 echo __('Number of doubles IP', 'addressing') . " " . $nbipd . "
"; inc/addressing.class.php:741 echo ""; inc/addressing.class.php:744 echo Html::hidden('id', ['value' => $id]); inc/addressing.class.php:849 echo __('Real free IP (Ping=KO)', 'addressing') . " " . $total_realfreeip; inc/addressing.class.php:991 echo Html::hidden($name, ['id' => $name, inc/addressing.class.php:1012 echo ""; inc/addressing.class.php:1014 echo ""; inc/addressing.class.php:471 if (isset($_GET["export"])) { inc/addressing.class.php:867 $item->showReport($_GET); inc/filter.class.php:96 echo Html::hidden('id', ['value' => $ID]); inc/filter.class.php:97 echo Html::hidden('plugin_addressing_addressings_id', ['value' => $options['items_id']]); inc/filter.class.php:100 echo Html::input('name', ['value' => $this->fields['name'], 'size' => 40]); inc/filter.class.php:135 echo Html::input('_ipdeb0', ['value' => $ipexploded[0], inc/filter.class.php:140 echo Html::input('_ipdeb1', ['value' => $ipexploded[0], inc/filter.class.php:145 echo Html::input('_ipdeb2', ['value' => $ipexploded[0], inc/filter.class.php:150 echo Html::input('_ipdeb3', ['value' => $ipexploded[0], inc/filter.class.php:190 echo Html::input('_ipfin0', ['value' => $ipexploded[0], inc/filter.class.php:196 echo Html::input('_ipfin1', ['value' => $ipexploded[0], inc/filter.class.php:202 echo Html::input('_ipfin2', ['value' => $ipexploded[0], inc/filter.class.php:208 echo Html::input('_ipfin3', ['value' => $ipexploded[0], inc/filter.class.php:221 echo Html::hidden('begin_ip', ['id' => 'plugaddr_ipdeb', 'value' => $this->fields["begin_ip"]]); inc/filter.class.php:222 echo Html::hidden('end_ip', ['id' => 'plugaddr_ipfin', 'value' => $this->fields["end_ip"]]); inc/filter.class.php:226 echo Html::scriptBlock('$(document).ready(function() {'.$js.'});'); inc/filter.class.php:265 echo "

\n"; inc/filter.class.php:268 echo "function viewAddFilter" . $item_id . "$rand() {\n"; inc/filter.class.php:295 echo " "; inc/filter.class.php:319 echo $header_begin . $header_top . $header_end; inc/filter.class.php:330 echo $header_begin . $header_bottom . $header_end; inc/filter.class.php:361 echo "function viewEditFilter" . $filter["id"] . "$rand() {\n"; inc/filter.class.php:374 echo " "; inc/filter.class.php:375 echo " "; inc/filter.class.php:377 echo " "; inc/filter.class.php:378 echo " "; inc/filter.class.php:379 echo " "; inc/filter.class.php:49 self::showList($_GET); inc/reserveip.class.php:181 echo Html::hidden('ip', ['value' => $ip]); inc/reserveip.class.php:182 echo Html::hidden('id_addressing', ['value' => $id_addressing]); inc/reserveip.class.php:259 echo Html::input('name_reserveip', $option); inc/profile.class.php:66 echo ""; inc/profile.class.php:96 echo Html::hidden('id', ['value' => $profiles_id]); inc/ping_equipment.class.php:75 echo ""; inc/ping_equipment.class.php:85 echo ""; inc/ping_equipment.class.php:101 echo Html::scriptBlock("$(document).on('click', '#ping_ip', function(event) { inc/ping_equipment.class.php:129 exec("ping -c 1 -w 1 " . $ip, $list); inc/ping_equipment.class.php:131 exec("ping -c 1 -w 1 " . $ip, $list, $error); inc/ping_equipment.class.php:146 exec("ping.exe -n 1 -w 100 -i 64 " . $ip, $list); inc/ping_equipment.class.php:148 exec("ping.exe -n 1 -w 100 -i 64 " . $ip, $list, $error); inc/ping_equipment.class.php:163 exec("fping -r1 -c1 -t100 " . $ip, $list); inc/ping_equipment.class.php:165 exec("fping -r1 -c1 -t100 " . $ip, $list, $error); inc/ping_equipment.class.php:180 exec("ping -c 1 -W 1 " . $ip, $list); inc/ping_equipment.class.php:182 exec("ping -c 1 -W 1 " . $ip, $list, $error); inc/ping_equipment.class.php:197 exec("ping -c 1 -t 1 " . $ip, $list); inc/ping_equipment.class.php:199 exec("ping -c 1 -t 1 " . $ip, $list, $error); inc/ping_equipment.class.php:233 exec("ping -c 1 -w 1 -a " . $ip, $list, $error); inc/ping_equipment.class.php:238 exec("ping.exe -n 1 -w 100 -i 64 -a " . $ip, $list, $error); inc/pinginfo.class.php:202 echo $content; inc/pinginfo.class.php:206 echo "

" . $filter['name'] . "

" . Dropdown::getDropdownName('glpi_entities', $filter['entities_id']) . "

" . $types[$filter['type']] . "

" . $filter['begin_ip'] . "

" . $filter['end_ip'] . "

"; inc/filter.class.php:319 echo $header_begin . $header_top . $header_end; inc/filter.class.php:330 echo $header_begin . $header_bottom . $header_end; inc/filter.class.php:361 echo "function viewEditFilter" . $filter["id"] . "$rand() {\n"; inc/filter.class.php:374 echo "

"; inc/filter.class.php:375 echo ""; inc/filter.class.php:377 echo ""; inc/filter.class.php:378 echo ""; inc/filter.class.php:379 echo "

"; inc/filter.class.php:49 self::showList($_GET); inc/reserveip.class.php:181 echo Html::hidden('ip', ['value' => $ip]); inc/reserveip.class.php:182 echo Html::hidden('id_addressing', ['value' => $id_addressing]); inc/reserveip.class.php:259 echo Html::input('name_reserveip', $option); inc/profile.class.php:66 echo ""; inc/profile.class.php:96 echo Html::hidden('id', ['value' => $profiles_id]); inc/ping_equipment.class.php:75 echo ""; inc/ping_equipment.class.php:85 echo ""; inc/ping_equipment.class.php:101 echo Html::scriptBlock("$(document).on('click', '#ping_ip', function(event) { inc/ping_equipment.class.php:129 exec("ping -c 1 -w 1 " . $ip, $list); inc/ping_equipment.class.php:131 exec("ping -c 1 -w 1 " . $ip, $list, $error); inc/ping_equipment.class.php:146 exec("ping.exe -n 1 -w 100 -i 64 " . $ip, $list); inc/ping_equipment.class.php:148 exec("ping.exe -n 1 -w 100 -i 64 " . $ip, $list, $error); inc/ping_equipment.class.php:163 exec("fping -r1 -c1 -t100 " . $ip, $list); inc/ping_equipment.class.php:165 exec("fping -r1 -c1 -t100 " . $ip, $list, $error); inc/ping_equipment.class.php:180 exec("ping -c 1 -W 1 " . $ip, $list); inc/ping_equipment.class.php:182 exec("ping -c 1 -W 1 " . $ip, $list, $error); inc/ping_equipment.class.php:197 exec("ping -c 1 -t 1 " . $ip, $list); inc/ping_equipment.class.php:199 exec("ping -c 1 -t 1 " . $ip, $list, $error); inc/ping_equipment.class.php:233 exec("ping -c 1 -w 1 -a " . $ip, $list, $error); inc/ping_equipment.class.php:238 exec("ping.exe -n 1 -w 100 -i 64 -a " . $ip, $list, $error); inc/pinginfo.class.php:202 echo $content; inc/pinginfo.class.php:206 echo "

" . $filter['name'] . "

" . Dropdown::getDropdownName('glpi_entities', $filter['entities_id']) . "

" . $types[$filter['type']] . "

" . $filter['begin_ip'] . "

" . $filter['end_ip'] . "

Tool for finding PHP source code vulnerabilities.

Related tags

Overview

vulnz

Tool for finding php source code vulnerabilities.

-h, --help

Example 1)

Example 2)

Owner

Mateo Hanžek

NoSecerets is a python script that is designed to crack hashes extremely fast. Faster even than Hashcat

IDA scripts for hypervisor (Hyper-v) analysis and reverse engineering automation

CVE-2021-21985 VMware vCenter Server远程代码执行漏洞 EXP (更新可回显EXP)

Operational information regarding the vulnerability in the Log4j logging library.

This is simple python FTP password craker. To crack FTP login using wordlist based brute force attack

This project is for finding a solution to use Security Onion Elastic data with Jupyter Notebooks.

将hw时信息收集以及简单的漏洞操作步骤简单化

Passphrase-wordlist - Shameless clone of passphrase wordlist

Windows Virus who destroy some impotants files on C:\windows\system32\

Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO

Bypass's HCaptcha by overloading their api causing it to throwback a generated uuid. (Released due to exposure)

Mass Shortlink Bypass Merupakan Tools Yang Akan Bypass Shortlink Ke Tujuan Asli, Dibuat Dengan Python 3

Scan Site - Tools For Scanning Any Site and Get Site Information

Anti-Nuke capabilities, powerful moderation features, auto punishments, captcha-verification and more.

DoSer.py - Simple DoSer in Python

The First Python Compatible Camera Hacking Tool

Consolidating and extending hosts files from several well-curated sources. You can optionally pick extensions to block pornography, social media, and other categories.

Simple script for looping a Denial Of Service (DoS) attack over one single mac address in range

compact and speedy hash cracker for md5, sha1, and sha256 hashes

Security offerings for AWS Control Tower