A scanner named pecker, written in php,It can check dangerous functions with lexical analysis.
Config:
$config = array(
'scandir' => dirname(__FILE__),
'extend' => array('php','inc','php5'),
'function' => array('exec','system','create_function','passthru','shell_exec','proc_open','popen','curl_exec','parse_ini_file','show_source','include','preg_replace'),
);Main:
$scaner = new Pecker_Scanner();
$scaner->setPath($config['scandir']); // set directory to scan
$scaner->setExtend($config['extend']);
$scaner->setFunction($config['function']);
$scaner->run();
$result = $scaner->getReport();Result:
Array
(
[Pecker\test\1.php] => Array
(
[parser] => 1
[message] =>
[function] => Array
(
[eval] => Array
(
[0] => Array
(
[line] => 23
[code] => ( //get it
gzinflate ( $str ($str1)))
)
[1] => Array
(
[line] => 35
[code] => ('$str = time();')
)
)
[exec] => Array
(
[0] => Array
(
[line] => 25
[code] => ('dir')
)
[1] => Array
(
[line] => 36
[code] => ('dir')
)
)
)
)
[Pecker\test\111.php] => Array
(
[parser] => 1
[message] =>
[function] => Array
(
)
)
[Pecker\test\3.php] => Array
(
[parser] => 1
[message] =>
[function] => Array
(
)
)
)- Home Page:http://www.cnxct.com/pecker-scanner/
- WeiBo:http://weibo.com/n/CFC4N