免费帮找漏洞

发php源码链接,免费帮找漏洞

2 Likes

https://raw.githubusercontent.com/pandora-next/deploy/master/best.php

看看 我怀疑有暗门

https://tol.vip/ 试下,我感觉我的代码写得没漏洞,很自信

你就发了个php单页?这echo肯定没有啊,发个压缩包过来

把源码发过来更方便点

1 Like

go自己写的,不好发。 :sob:

那你可以用我的工具自己检测,是php的源码吗

你可以自己分析分析,就是你看看你那些参数有没有过滤什么的,不会可以截图给我我帮你分析
漏洞发生点扫描

<!DOCTYPE html>
<html lang="zh">
<head>
    <meta charset="UTF-8">
    <title>漏洞扫描报告</title>
    <style>
        body { font-family: Arial, sans-serif; background-color: #f5f5f5; margin: 0; padding: 0; }
        .container { max-width: 800px; margin: 0 auto; padding: 20px; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); }
        h1 { text-align: center; color: #333; }
        .collapsible { cursor: pointer; padding: 10px; width: 100%; border: none; text-align: left; outline: none; font-size: 15px; margin-top: 5px; background-color: #e7e7e7; }
        .active, .collapsible:hover { background-color: #cccccc; }
        .content { display: none; overflow: hidden; background-color: #f9f9f9; padding: 15px; }
        table { width: 100%; border-collapse: collapse; }
        th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
        th { background-color: #f2f2f2; }
        tr:nth-child(even) { background-color: #f2f2f2; }
        .scrollable { overflow-x: auto; } /* 启用水平滚动条 */
        /* 新增CSS样式以支持垂直滚动 */
        .scrollable-text {
            max-height: 100px; /* 最大高度,根据需要调整 */
            overflow-y: auto; /* 启用垂直滚动条 */
            white-space: pre-wrap; /* 保持文本的格式,如空格和换行 */
        }
    </style>
</head>
<body>
<div class="container">
    <h1>安全扫描报告</h1>
    <?php
    $baseDir = __DIR__; // 获取当前脚本的目录
    $issuesCategories = [];
    $directory = new RecursiveDirectoryIterator($baseDir, RecursiveDirectoryIterator::SKIP_DOTS);
    $files = new RecursiveIteratorIterator($directory, RecursiveIteratorIterator::LEAVES_ONLY);
    $patterns = [
        '/\b(SELECT|INSERT|UPDATE|DELETE|CREATE|ALTER|REPLACE|TRUNCATE|DROP)\b/i' => 'SQL注入',
        '/(move_uploaded_file|copy|file_put_contents)\s*\(/i' => '文件上传',
        '/(system|exec|shell_exec|passthru|eval|assert|preg_replace|base64_decode|pcntl_exec|proc_open|popen)\s*\(/i' => '命令执行',
        '/unserialize\s*\(/i' => '反序列化漏洞',
        '/php:\/\/(input|filter|memory|temp)/i' => '伪协议漏洞',
        '/(intval|floatval|doubleval|strval|boolval)\s*\(/i' => '类型转换缺陷',
        '/(gzinflate|gzuncompress|str_rot13|strrev|base64_encode|base64_decode)\s*\(/i' => '编码/解码函数使用',
        '/(ob_start|ob_flush|ob_clean|ob_end_clean|ob_end_flush)\s*\(/i' => '输出控制函数使用',
        '/(array_map|array_filter|array_reduce|array_walk)\s*\(/i' => '数组操作函数使用',
        '/(create_function|eval)\s*\(/i' => '动态代码执行',
        '/\$_(GET|POST)\[[^\]]+\]/' => 'GET/POST参数',
        '/\b(fopen|readfile|file_get_contents|file)\s*\(/i' => '文件读取漏洞',
    ];
    $variableTracePattern = '/\$(\w+)/';

    foreach ($files as $file) {
        if ($file->getExtension() == "php") {
            $absoluteFilename = $file->getRealPath();
            $relativeFilename = str_replace($baseDir . DIRECTORY_SEPARATOR, '', $absoluteFilename); // 转换为相对路径
            $fileContent = file_get_contents($absoluteFilename);
            $lines = explode("\n", $fileContent);


            foreach ($patterns as $pattern => $issue) {
                foreach ($lines as $lineNumber => $lineContent) {
                    if (preg_match($pattern, $lineContent, $matches)) {
                        $issueDetail = [
                            'filename' => $relativeFilename, // 使用相对路径
                            'lineNumber' => $lineNumber + 1,
                            'match' => $lineContent
                        ];
                        $issuesCategories[$issue][] = $issueDetail;
                    }
                }
            }
        }
    }

    foreach ($issuesCategories as $category => $issues) {
        echo "<button class=\"collapsible\">$category (" . count($issues) . ")</button>";
        echo "<div class=\"content\">";
        echo "<table><tr><th>文件名</th><th>行号</th><th>具体代码</th></tr>";
        foreach ($issues as $issue) {
            echo "<tr><td>" . htmlentities($issue['filename']) . "</td><td>" . $issue['lineNumber'] . "</td><td class=\"scrollable-text\">" . htmlentities($issue['match']) . "</td>";
            echo "</tr>";
        }
        echo "</table></div>";
    }
    ?>
</div>

<script>
    var coll = document.getElementsByClassName("collapsible");
    for (var i = 0; i < coll.length; i++) {
        coll[i].addEventListener("click", function() {
            this.classList.toggle("active");
            var content = this.nextElementSibling;
            content.style.display = content.style.display === "block" ? "none" : "block";
        });
    }
</script>
</body>
</html>


变量名追溯

<!DOCTYPE html>
<html lang="zh">
<head>
    <meta charset="UTF-8">
    <title>变量名追溯报告</title>
    <style>
        body { font-family: Arial, sans-serif; background-color: #f5f5f5; margin: 0; padding: 0; }
        .container { max-width: 800px; margin: 0 auto; padding: 20px; background-color: #fff; border-radius: 5px; box-shadow: 0 0 10px rgba(0, 0, 0, 0.1); }
        h1 { text-align: center; color: #333; }
        .form-input { text-align: center; margin-bottom: 20px; }
        input[type="text"], input[type="submit"] { padding: 10px; }
        input[type="text"] { width: 300px; margin-right: 10px; }
        .collapsible { cursor: pointer; padding: 10px; width: 100%; border: none; text-align: left; outline: none; font-size: 15px; margin-top: 5px; background-color: #e7e7e7; }
        .active, .collapsible:hover { background-color: #cccccc; }
        .content { display: none; overflow: hidden; background-color: #f9f9f9; padding: 15px; }
        table { width: 100%; border-collapse: collapse; }
        th, td { padding: 8px; text-align: left; border-bottom: 1px solid #ddd; }
        th { background-color: #f2f2f2; }
        tr:nth-child(even) { background-color: #f2f2f2; }
        .scrollable-text { max-height: 100px; overflow-y: auto; white-space: pre-wrap; }
    </style>
</head>
<body>
<div class="container">
    <h1>变量名追溯报告</h1>
    <div class="form-input">
        <form action="" method="get">
            <input type="text" name="varName" placeholder="请输入变量名" required>
            <input type="submit" value="搜索">
        </form>
    </div>
    <?php
    if (isset($_GET['varName'])) {
        $baseDir = __DIR__; // 获取当前脚本的目录
        $inputVarName = $_GET['varName'];
        $fileOccurrences = [];

        function analyzeFile($filePath, $inputVarName) {
            $content = file_get_contents($filePath);
            if (preg_match_all('/\$' . preg_quote($inputVarName, '/') . '\b/', $content, $matches)) {
                $relativePath = str_replace($GLOBALS['baseDir'] . DIRECTORY_SEPARATOR, '', $filePath);
                $lines = file($filePath);
                foreach ($lines as $lineNumber => $line) {
                    if (strpos($line, '$' . $inputVarName) !== false) {
                        $GLOBALS['fileOccurrences'][$relativePath][] = [
                            'line' => $lineNumber + 1,
                            'code' => trim($line)
                        ];
                    }
                }
            }
        }

        function listFolderFiles($dir, $inputVarName) {
            $iterator = new RecursiveIteratorIterator(
                new RecursiveDirectoryIterator($dir, FilesystemIterator::SKIP_DOTS),
                RecursiveIteratorIterator::LEAVES_ONLY
            );

            foreach ($iterator as $file) {
                if ($file->getExtension() === 'php') {
                    analyzeFile($file->getPathname(), $inputVarName);
                }
            }
        }

        listFolderFiles($baseDir, $inputVarName);

        foreach ($fileOccurrences as $filePath => $occurrences) {
            echo "<button class=\"collapsible\">文件: " . htmlspecialchars($filePath) . " (" . count($occurrences) . "个匹配项)</button>";
            echo "<div class=\"content\"><table><tr><th>行号</th><th>代码</th></tr>";
            foreach ($occurrences as $occurrence) {
                echo "<tr><td>" . htmlentities($occurrence['line']) . "</td><td class=\"scrollable-text\">" . htmlentities($occurrence['code']) . "</td></tr>";
            }
            echo "</table></div>";
        }
    }
    ?>
</div>

<script>
    var coll = document.getElementsByClassName("collapsible");
    for (var i = 0; i < coll.length; i++) {
        coll[i].addEventListener("click", function() {
            this.classList.toggle("active");
            var content = this.nextElementSibling;
            content.style.display = content.style.display === "block" ? "none" : "block";
        });
    }
</script>
</body>
</html>

GitHub - LoRexxar/Kunlun-M: KunLun-M是一个完全开源的静态白盒扫描工具,支持PHP、JavaScript的语义扫描,基础安全、组件安全扫描,Chrome Ext\Solidity的基础扫描。 这个不香么?

你说的对,我怎么以前没看到过:disappointed_relieved::scream:

但是我的小巧便捷快速

必须PHP么?

大佬牛

jbls.ide-soft.com 注入一下:smirk:

Fortify SCA, Checkmarx还有Sonarqube Datacenter Edition网上都有靠谱且安全的破解版,虽然楼主的审计工具写得很好,kunlun-m也很好,但是和顶尖的商业代码审计工具还是没法比的。另外Github项目还可以配置codeql自动代码审计,也挺强大的。个人写的审计工具的漏报率一般比这些还是要高很多的

::源码发来,源码审查方便点。