puzlbox(PHP程式碼稽核工具)
PuzlBox 1.0.0.9
Copyright (C) 2010 John Leitch john.leitch5@gmail.com
==Description
PuzlBox is a PHP fuzz tool that scans for several different vulnerabilities by
performing dynamic program analysis. It can detect the following vulnerabilities:
Arbitrary Command Execution
Arbitrary PHP Execution
Local File Inclusion
Aribtray File Read/Write/Change/Rename/Delete
SQL Injection
Reflected Cross-site Scripting
==Usage
PuzlBox must be run as administrator!
Do not navigate to any of the target web applications during the scan.
puzlbox [-s Server (default localhost)] [-m Scan Modes (default CFLPSX)] [Absolute Web Root] [-n No Unhook] [Application Paths (comma delimited)]
Modes:
C – Arbitrary Command Execution
F – Arbitrary File Read/Write/Change/Rename/Delete
L – Local File Inclusion
P – Arbitrary PHP Execution
S – SQL Injection
X – Reflected Cross-site Scripting
Examples:
puzlbox c:xampphtdocs MyApp
Runs all scans on MyApp, located in web root c:xampphtdocs
puzlbox -m CX c:xampphtdocs MyApp1,MyApp2
Runs Arbitrary Command Execution and Reflected Cross-site Scripting scans on MyApp1
and MyApp2 located in web root c:xampphtdocs
==Change Log
1.0.0.9
Added scan overview report
Updated SQL injection scan
Updated command scan
Minor interface updates
Fixed bug caused by use of <? open tag
使用前本地搭建環境
引數:
C – 任意命令執行
F – 任意檔案讀/寫/更改/重新命名/刪除
L – 本地檔案包含
P – 執行任意PHP
S – SQL隱碼攻擊
X – 反映跨站點指令碼
列子:
puzlbox -m sx c:wwwroot ecshop
掃描 c:wwwroot 目錄下ecshop的SQL隱碼攻擊和XSS!
puzlbox -m cf c:wwwroot ecshop,shopex
掃描c:wwwroot目錄下ecshop,shopex的任意命令執行和任意檔案讀/寫/更改/重新命名/刪除
Copyright (C) 2010 John Leitch john.leitch5@gmail.com
==Description
PuzlBox is a PHP fuzz tool that scans for several different vulnerabilities by
performing dynamic program analysis. It can detect the following vulnerabilities:
Arbitrary Command Execution
Arbitrary PHP Execution
Local File Inclusion
Aribtray File Read/Write/Change/Rename/Delete
SQL Injection
Reflected Cross-site Scripting
==Usage
PuzlBox must be run as administrator!
Do not navigate to any of the target web applications during the scan.
puzlbox [-s Server (default localhost)] [-m Scan Modes (default CFLPSX)] [Absolute Web Root] [-n No Unhook] [Application Paths (comma delimited)]
Modes:
C – Arbitrary Command Execution
F – Arbitrary File Read/Write/Change/Rename/Delete
L – Local File Inclusion
P – Arbitrary PHP Execution
S – SQL Injection
X – Reflected Cross-site Scripting
Examples:
puzlbox c:xampphtdocs MyApp
Runs all scans on MyApp, located in web root c:xampphtdocs
puzlbox -m CX c:xampphtdocs MyApp1,MyApp2
Runs Arbitrary Command Execution and Reflected Cross-site Scripting scans on MyApp1
and MyApp2 located in web root c:xampphtdocs
==Change Log
1.0.0.9
Added scan overview report
Updated SQL injection scan
Updated command scan
Minor interface updates
Fixed bug caused by use of <? open tag
使用前本地搭建環境
引數:
C – 任意命令執行
F – 任意檔案讀/寫/更改/重新命名/刪除
L – 本地檔案包含
P – 執行任意PHP
S – SQL隱碼攻擊
X – 反映跨站點指令碼
列子:
puzlbox -m sx c:wwwroot ecshop
掃描 c:wwwroot 目錄下ecshop的SQL隱碼攻擊和XSS!
puzlbox -m cf c:wwwroot ecshop,shopex
掃描c:wwwroot目錄下ecshop,shopex的任意命令執行和任意檔案讀/寫/更改/重新命名/刪除
本文轉sinojelly51CTO部落格,原文連結:http://blog.51cto.com/pnig0s1992/410773,如需轉載請自行聯絡原作者
相關文章
- PHP程式碼效能監測工具PHP
- php程式碼檢測工具使用PHP
- PHP工具箱:PHPStan —— PHP 靜態程式碼分析工具PHP
- 【GW】程式碼複稽核查表
- PHP程式碼審計常用工具PHP
- 程式碼稽核之搭建 SonarQube 環境
- PHP 程式碼除錯跟蹤工具 YtracePHP除錯
- 小程式程式碼釋出稽核未通過,文娛-資訊
- PHP 程式碼安全PHP
- 打造自己的php半自動化程式碼審計工具PHP
- PhpStorm 配置 格式化程式碼工具 PHP-cs-fixerPHPORM
- 推薦五款優秀的PHP程式碼重構工具PHP
- php乾淨程式碼PHP
- 重構 PHP 程式碼PHP
- php程式碼註釋PHP
- PHP程式碼重構PHP
- PHP程式碼審計PHP
- php分頁程式碼PHP
- PHP程式碼分享:開啟多程式PHP
- pHp程式碼覆蓋率PHP
- PHP程式碼片段記錄PHP
- php程式碼debug篇PHP
- 什麼是PHP或PHP程式碼以及PHP程式設計的工作原理PHP程式設計
- php 的字元編碼轉換工具 (轉)PHP字元
- PHP程式碼常用註釋規範(PHP Doc)PHP
- PHP多程式並行執行php指令碼PHP並行指令碼
- 搭建安卓原始碼伺服器,repo+gerrit+git環境,程式碼稽核安卓原始碼伺服器Git
- golang程式碼生成工具Golang
- Go - 程式碼生成工具Go
- 程式碼生成工具(一)
- 程式碼審查工具
- coreseek實戰(四):php介面的使用,完善php指令碼程式碼PHP指令碼
- phpMyAdminsetup.php指令碼的任意PHP程式碼注入漏洞PHP指令碼
- CCMixer/CodeMixer工具,完美替代ChaosTool,iOS新增垃圾程式碼工具,程式碼混淆工具,程式碼生成器,史上最好用的垃圾程式碼新增工具,自己開發的小工具iOS
- 利用 PHP7 的 OPcache 執行 PHP 程式碼PHPopcache
- [精選]Clean PHP Code(清晰的PHP程式碼思路)PHP
- 批量去除PHP檔案中bom的PHP程式碼PHP
- PHP程式碼的優與劣PHP