php代码审计辅助脚本

#!/usr/bin/env python

import sys
import os

def main():
	print '''
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
1.include/require
2.exec/system/popen/passthru/proc_open/pcntl_exec/shell_exec
3.eval/preg_replace/assert/call_user_func/create_function
4._GET/_POST/_COOKIE/_SERVER/_REQUEST/php://input/getenv
5.session/cookie
6.extract/parse_str/mb_parse_str/import_request_variables
7.readfile/fpassthru/fwrite/fopen/move_uploaded_file/file_put_contents/unlink
8.select/insert/update/delete/order by/group by/limit/in(
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
	'''

	fuck = raw_input('Choose :#') 

	if fuck == '1':
		vuls=['include(','include_once(','include ','include_once ','require(','require_once(','require','require_once ']
		for vul in vuls:
			cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
			os.system(cmd)

	elif fuck == '2':
		vuls=['exec(','exec ','system(','system (','popen(','popen ','passthru(','passthru ','proc_open(','proc_open ']
		for vul in vuls:
			cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
			os.system(cmd)

	elif fuck == '3':
		vuls=['eval(','eval ','preg_replace','assert','call_user_func','call_user_func_array','create_function']
		for vul in vuls:
			cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
			os.system(cmd)

	elif fuck == '4':
		vuls=['_GET','_POST','_COOKIE','_SERVER','_REQUEST','php://input','getenv']
		for vul in vuls:
			cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
			os.system(cmd)

	elif fuck == '5':
		vuls=['session','cookie']
		for vul in vuls:
			cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
			os.system(cmd)

	elif fuck == '6':
		vuls=['extract','parse_str','mb_parse_str','import_request_variables']
		for vul in vuls:
			cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
			os.system(cmd)

	elif fuck == '7':
		vuls=['readfile','fpassthru','fwrite','fread','move_uploaded_file','file_get_contents','file_put_contents','unlink','fopen']
		for vul in vuls:
			cmd = "grep -n '\\$' -r ./ | grep -v .js: | grep -v fuzz.py | grep '" + vul + "' --color"
			os.system(cmd)

	elif fuck == '8':
		vuls1=['select','delete']
		for vul in vuls1:
			cmd = "grep -n '\\$' -r ./ | grep -i from | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
			os.system(cmd)
		vuls2=['update','order by','group by','limit','in(']
		for vul in vuls2:
			cmd = "grep -n '\\$' -r ./ | grep where | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
			os.system(cmd)
		vuls3=['insert']
		for vul in vuls3:
			cmd = "grep -n '\\$' -r ./ | grep into | grep -v fuzz.py | grep -v .js: | grep '" + vul + "' --color"
			os.system(cmd)

if __name__ == '__main__':
	main()

根据网上的perl脚本，改了个python的脚本，主要用敏感关键字查找，代码很简单，有新的关键字，自己代码里添加关键字就好了。

用法：

把要扫描的目录和文件fuzz.py放在一起

运行python fuzz.py