php源码审计工具–PHP Source Auditor 4 released



All packed up & ready for your enjoyment: PHP Source Auditor 4! So, if you have (most likely) never heard of it, this is the deal:

PSA4 is a Perl script that connects to your local webhost and scans all files (recursively) in the www root, for vulnerabilities. It scans for:

1. Remote File Inclusion //远程文件包含
2. Remote Command Execution //远程命令执行
3. Remote Code Execution //远程代码执行
4. Cross Site Scripting //跨站攻击
5. SQL injection (very weak scanning on this though) //sql注入
6. Local File Inclusion (results sometimes get buggy) //本地文件包含

The difference with other scanners is, it actually can tell whether the script is vulnerable or not since it exploits it on the fly by entering weird data into the variables. You can download it right here and (for now) nowhere else :).