A Python script that performs static analysis on PHP source code to detect a wide range of vulnerabilities using regex patterns.
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
This tool is designed for security analysts and developers who want to identify potential security flaws in PHP applications through automated static code analysis. It helps in early detection of vulnerabilities by scanning source code without executing it, making it useful for security audits and integrating into DevSecOps pipelines.
This tool is deprecated and users are encouraged to switch to semgrep rules for better accuracy and maintenance. It relies on regex-based detection which may lead to false positives or misses compared to more advanced static analysis tools. It is primarily designed for Linux x64 platforms and requires Python 3.4 or newer.
Ensure Python 3.4 or higher is installed
Clone the repository from GitHub
Navigate to the cloned directory
Run the script directly using python3 (no additional dependencies mentioned)python3 index.py --dir vulns
Analyze the 'vulns' directory containing PHP source code for vulnerabilities
python3 index.py --plain
Run the analysis with no color in the output
python3 index.py -h
Display help and usage information
semgrep --config=./semgrep/ vulns/*.php
Recommended alternative command using semgrep rules for improved vulnerability detection