Working with PHPvuln Tool on Kali Linux
Example 1: Vulnerability List
python3 phpvuln.py --list-vuln
In this example, We will be displaying the list of available vulnerabilities which can be tested on PHP files.
Example 2: Find Vulnerability
python3 phpvuln.py -p /home/kali/Desktop/bWAPP_latest/bWAPP/
1. In this example, We will be testing PHP files for vulnerabilities. In the below Screenshot, We have Buggy Software’s PHP files which we are going to test.
2. In the below Screenshot, We are specifying the path of PHP files which will be tested.
3. In the below Screenshot, We have got the vulnerabilities found on the PHP files which we have tested. We have got various types of vulnerabilities like XSS, IP Exposure, etc.
Example 3: Checking Specific Vulnerability
python3 phpvuln.py -p /home/kali/Desktop/bWAPP_latest/bWAPP/ -v xss
1. In this example, We are going to test only the XSS vulnerability, as in the above example, the tool has tested all the vulnerabilities. We have used the -v tag to specify the type of vulnerability which only will be tested.
2. In the below Screenshot, We have got vulnerable files and the code snippet where the XSS Vulnerability is detected.
PHPvuln – Linux Tool to Find Vulnerabilities in PHP Code
PHP security vulnerabilities are a major cause for concern when it comes to web applications written in the PHP language since successful exploitation of such safety defects may lead to several regularly exploited attacks. Many vulnerabilities are usually not difficult to fix, but finding them in large codebases could be challenging without the right tools. So to find these major security flaws we need a powerful automated script. PHPvuln is an automated script developed in the Python language. PHPvuln tool checks or tests the massive list of PHP files for various types of vulnerabilities like LFI, XSS, IP Exposure, etc. At the parallel time, all the vulnerabilities are tested and a quick report is generated with the point of insertion of malicious query or the location of the file is been displayed. PHPvuln tool is open-source and free to use.
Note: Make Sure You have Python Installed on your System, as this is a python-based tool. Click to check the Installation process: Python Installation Steps on Linux