SCodeScanner stands for Source Code scanner where the user can scans the source code for finding the Critical Vulnerabilities.

Overview

SCodeScanner

The SCodeScanner stands for Source Code Scanner, where you can scan your source code files like PHP and get identify the vulnerabilities inside it. The tool can use by Pentester, Developer to quickly identify the weakness.

Learn more on http://scodescanner.info

Features

The main features for this tool are:-

  1. Scans the whole folder which contains multiple PHP files.
  2. Scans folder inside a folder, NOTE: This scans only one time, it will not scan folders inside folders inside folder
  3. It will not only notify you at which file but also which line the vulnerable code exists for quickly identified it.
  4. Scans not only the PRE-Defined PHP variables but also scans the custom variables. Like a $test1 = $_GET["aaa"], then it scans for both $test1 and the GET variables inside the source code
  5. Scans functions with a function that contains our variable. Like include(htmlentities($test)) so it will parse this and give the results like the $test variable found inside the include function. Because there might be possiblity of using base64 function instead of htmlentities.
  6. It runs on your localhost, where you will have to give the folder name for scans.
  7. Give results out for each file inside the anchors tag (So you can move on to it.)
  8. You can add more functions which are dangerous if you found missing any inside the vulnerablefunctions python file.

Test Vulnerable Folders

This tool uses vulnerable scripts from this repo:- https://github.com/snoopysecurity/Vulnerable-Code-Snippets

There are predifined folder named final, where it contains the PHP files/folder. Just for test. You can also use that folder to see how this tool will find the results in PHP.

On terminal: python scscanner.py final

Demo Video

Please go to:- http://scodescanner.info/2021/05/21/example-content/

How to run it?

Requirements

PHP, Python3

If you don't have any of these please download, then,

  1. Upload your folder which contains files inside upload directory, find it in root folder of this tool. This is important to run this tool (Working on this to make it more smoother).
  2. On terminal:- pip install -r requirements.txt
  3. On terminal:- php -S localhost:80
  4. Browse to localhost
  5. Type the foldername which contains the PHP files

OR run it on Terminal to see if any error pops up

python scscanner.py foldername

Note: Please try not to change the main file name 'scscanner.py', otherwise we will have to change the name in upload.php file.

Feedback

I would really like to hear your thoughts on this tool. And if you wanted to contribute in this tool please let me know on Twitter agrawalsmart7 or you can send me a Pull request.

Future Work

For now, I have focused only on PHP, but in future, I will make this scanner for other languages too. Focused languages are:- PHP, ASP, PYTHON JAVA. Let me know if anyone interested.

Also, I will update this tool regularly to make it more powerful.

You might also like...
CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

CamRaptor is a tool that exploits several vulnerabilities in popular DVR cameras to obtain device credentials.

SSRF search vulnerabilities exploitation extended.
SSRF search vulnerabilities exploitation extended.

This tool search for SSRF using predefined settings in different parts of a request (path, host, headers, post and get parameters).

Small python script to look for common vulnerabilities on SMTP server.
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence of a file

A script based on sqlmap that uses sql injection vulnerabilities to traverse the existence o

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities

Shodan Quick Recon A Python Tool that uses Shodan API's to perform quick recon for vulnerabilities Configuration You must edit the python code, and in

WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

wpdisect WpDisect is a wordpress hacking tool that finds misconfigurations in wordpress. Prerequisites You need to download wordpress in the wpdisect

Something I built to test for Log4J vulnerabilities on customer networks.

Log4J-Scanner Something I built to test for Log4J vulnerabilities on customer networks. I'm not responsible if your computer blows up, catches fire or

Visibility and Mitigation for Log4J vulnerabilities

Visibility and Mitigation for Log4J vulnerabilities Several scripts for the visibility and mitigation of Log4J vulnerabilities. Static Scanner - Linux

Comments
  • ValueError: Invalid format string

    ValueError: Invalid format string

    logger.info("Starting the scanner - " + str(time.strftime("%Y-%m-%d-%hh-%MM-%ss")) +'\n')
    

    ValueError: Invalid format string scscanner.py line:39 I changed it to logger.info("Starting the scanner - " + str(time.strftime("%Y-%m-%d")) +'\n') But I'm not sure if it's accurate,Because there is no error in the operation, but there is no result image

    opened by SkinAir 6
  • error - doesn't run

    error - doesn't run

    python scscanner.py -h

    Traceback (most recent call last): File "scscanner.py", line 3, in from helper import yaml_main, php_main File "/root/scodescanner/helper.py", line 2, in from typing import final ImportError: cannot import name 'final' from 'typing' (/root/.pyenv/versions/3.7.13/lib/python3.7/typing.py)

    opened by svchost9913 3
  • Module not found - No module named 'src.php'

    Module not found - No module named 'src.php'

    I am getting an error when running the command python3 scscanner.py --help

    Traceback (most recent call last):
      File "/home/corrupted/scodescanner/scscanner.py", line 3, in <module>
        from helper import yaml_main, php_main
      File "/home/corrupted/scodescanner/helper.py", line 4, in <module>
        from src.php.folder_parserer import folderparser, fileparser
    ModuleNotFoundError: No module named 'src.php'
    

    image

    opened by banner-prog 1
  • error - doesn't run

    error - doesn't run

    Hi,

    this is what I get when running python3 scscanner.py

    
    Traceback (most recent call last):
      File "scscanner.py", line 3, in <module>
        from helper import yaml_main, php_main
      File "/home/adrian/Downloads/tools/scodescanner/helper.py", line 10, in <module>
        from src.common.file_sender import jira_issue_creater, slack_issue_creator
    ModuleNotFoundError: No module named 'src.common'
    
    
    opened by adrian-rt 4
Releases(v3.1.0)
  • v3.1.0(Jun 3, 2022)

    CHANGELOG-

    • Added yaml scanning capability
    • Better code
    • Reduces false positives
    • Improved command agrument list
    • Added new yaml rules file - rules.yaml inside rules/yaml directory.
    • ignore low hanging fruits with severity.
    • Yaml scanner have ability to give output in beautiful JSON file.
    Source code(tar.gz)
    Source code(zip)
  • v2.1.0(Apr 20, 2022)

    CHANGELOG:

    1. Improved Code by removing unnecessary code

    2. Improved Rules.

    3. Rules now contains the tracking of the variable, Example:

        $var1 = $_GET['a'];
        $var2 = $_GET['b'];
      
       echo htmlspecialchars($var1 ); This will Ignore
       echo $var1; This will match
      
       $encryptedvalue = htmlspecialchars($var2);
       echo $encryptedvalue; this will ignore
      
       echo $var2; this will match
      
    4. Added --check flag - Which is responsible for removing the false positives.

    5. Addded Jira intergraion - Now we can send the output file directly to Jira instance.

    6. Added Slack Integration - We can send file to slack channel

    Source code(tar.gz)
    Source code(zip)
  • v2.0.0(Mar 4, 2022)

Scan your logs for CVE-2021-44228 related activity and report the attackers

jndiRep - CVE-2021-44228 Basically a bad grep on even worse drugs. search for malicious strings decode payloads print results to stdout or file report

js-on 2 Nov 24, 2022
All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

All in One CRACKER911181's Tool. This Tool For Hacking and Pentesting. 🎭

Cracker 331 Jan 01, 2023
Scans for Log4j versions effected by CVE-2021-44228

check_mkExtension to check for log4j2 CVE-2021-44228 This Plugin wraps around logpresso/CVE-2021-44228-Scanner (Apache License 2.0) How it works Run i

inett GmbH 4 Jun 30, 2022
Moodle community-based vulnerability scanner

badmoodle Moodle community-based vulnerability scanner Description badmoodle is an unofficial community-based vulnerability scanner for moodle that sc

Michele Di Bonaventura 11 Dec 22, 2022
macOS Initial Access Payload Generator

Mystikal macOS Initial Access Payload Generator Related Blog Post: https://posts.specterops.io/introducing-mystikal-4fbd2f7ae520 Usage: Install Xcode

Leo Pitt 206 Dec 31, 2022
An ARP Spoofer attacker for windows to block away devices from your network.

arp0_attacker An ARP Spoofer-attacker for Windows -OS to block away devices from your network. INFO Built in Python 3.8.2. arp0_attackerx.py is Upgrad

Wh0_ 15 Mar 17, 2022
Client script for the fisherman phishing tool

Client script for the fisherman phishing tool

Pushkar Raj 1 Feb 23, 2022
Deltaspy - an advanced keylogger that can send keylogs and screenshots to gmail

Deltaspy Deltaspy is a advanced keylogger which sends keylogs and screenshot to

Praanesh S 1 Dec 31, 2021
CloudFlare reconnaissance, tries to uncover the IP behind CF.

CloudFlare reconnaissance, tries to uncover the IP behind CF.

Neospace 8 Dec 03, 2021
Shell hunter for AF

AF-ShellHunter AF-ShellHunter: Auto shell lookup AF-ShellHunter its a script designed to automate the search of WebShell's in AF Team How to pip3 ins

Eduardo 34 May 13, 2022
Experimental musig2 python code, not for production use!

musig2-py Experimental musig2 python code, not for production use! This is just for testing things out. All public keys are encoded as 32 bytes, assum

Samuel Dobson 14 Jul 08, 2022
Kriecher is a simple Web Scanner which will run it's own checks for the OWASP

Kriecher is a simple Web Scanner which will run it's own checks for the OWASP top 10 https://owasp.org/www-project-top-ten/# as well as run a

1 Nov 12, 2021
Implementation of RITA (Real Intelligence Threat Analytics) in Jupyter Notebook with improved scoring algorithm.

RITA (Real Intelligence Threat Analytics) in Jupyter Notebook RITA is an open source framework for network traffic analysis sponsored by Active Counte

Mehmet E. 157 Nov 24, 2022
Auerswald COMpact 8.0B Backdoors exploit

CVE-2021-40859 Auerswald COMpact 8.0B Backdoors exploit About Backdoors were discovered in Auerswald COMpact 5500R 7.8A and 8.0B devices, that allow a

Ashish Kunwar 1 Nov 24, 2022
Confluence Server Webwork OGNL injection

CVE-2021-26084 - Confluence Server Webwork OGNL injection An OGNL injection vulnerability exists that would allow an authenticated user and in some in

Fellipe Oliveira 295 Jan 06, 2023
Everything I needed to understand what was going on with "Spring4Shell" - translated source materials, exploit, links to demo apps, and more.

springcore-0day-en These are all my notes from the alleged confirmed! 0day dropped on 2022-03-29. This vulnerability is commonly referred to as "Sprin

Chris Partridge 105 Nov 26, 2022
Open source vulnerability DB and triage service.

OSV - Open Source Vulnerabilities OSV is a vulnerability database and triage infrastructure for open source projects aimed at helping both open source

Google 893 Jan 04, 2023
automatically crawl every URL and find cross site scripting (XSS)

scancss Fastest tool to find XSS. scancss is a fastest tool to detect Cross Site scripting (XSS) automatically and it's also an intelligent payload ge

Md. Nur habib 30 Sep 24, 2022
Cobalt Strike Beacon configuration extractor and parser.

Cobalt Strike Configuration Extractor and Parser Overview Pure Python library and set of scripts to extract and parse configurations (configs) from Co

Stroz Friedberg 102 Dec 18, 2022
Small python script to look for common vulnerabilities on SMTP server.

BrokenSMTP BrokenSMTP is a python3 BugBounty/Pentesting tool to look for common vulnerabilities on SMTP server. Supported Vulnerability : Spoofing - T

39 Dec 16, 2022