Remote File Inclusion Scanner

Hi everybody,

I'm looking for a Remote File Inclusion Scanner, that scans my php documents and says if there is an vulnerability. Is there a tool which is possible to do that ?

Thank you for your answers

Greetz NoPax

NoPax wrote: Is there a tool which is possible to do that ?

Yeah its called your brain. Oh yeah and its free too.

Yeah funny and usefull =) But if you have a lot php files it's to much work to look through everyone. Perhaps there is a tool which scanns the files and say ther is one or not.

Greetz NoPax

Not that I'm aware of. Learn about RFI, then write a quick prog to regex search your PHP file for an include statement that contains $ (looking for variables, basically). Tweak as necessary.

NoPax wrote: Yeah funny and usefull =) But if you have a lot php files it's to much work to look through everyone. Perhaps there is a tool which scanns the files and say ther is one or not.

Greetz NoPax

I believe that there isn't such thing. There are RFI scanners, which request the server with for instance the most common types of rfi, like http://google.com/index.php?page=, and then determine whether there is the vulnerability or not, but file scanner, I don't think so. Anyway why do you need it, just switch off register_globals in php.ini. And if you really want one, then just write something that looks for every include function in the file, and if found, checks whether it is properly sanitized…

dammit too late:D

I need it because it would save a lot of time if you look through new php projects and to find a vuln.

@Zaphir I can try to programm it, but I'm pretty sure it will not work =) And I have to read about this Regex in Wikipedia because I have never heard that before.

Greetz NoPax

NoPax wrote: @Zephyr I can try to programm it, but I'm pretty sure it will not work =) And I have to read about this Regex in Wikipedia because I have never heard that before.

Regex = Regular Expression

It wouldn't be difficult at all. Just look up some quick references to regex and throw something together until one works.

Yeah I will try it =) Is it possible to write it in VB 6 ? At time I don't have any other programming language on my notebook.

Greetz NoPax

NoPax wrote: Yeah I will try it =) Is it possible to write it in VB 6 ? At time I don't have any other programming language on my notebook.

Greetz NoPax

Erh? You can just go ahead and download some stuff like, compilers, and such. You -could- do it in VB6.0, you -should- do it in Python/perl, or, PHP.

I found some scripts and one programm.

So here is the code if some one is interested in it: http://snippets.dzone.com/posts/show/5094

And the prog: http://sourceforge.net/projects/securityscanner/

Thank you for your help.

Greetz NoPax

Bad scwipt kiddy.

Vewwy bad indeed.

cat filetoscan.php | grep -n include cat filetoscan.php | grep -n require_once

etc.

I might have to work on one of these, I really like the idea of have an LFI/RFI scanner.

NoPax wrote: I found some scripts and one programm. You would benefit a LOT more by writing this yourself. Also, it's a very basic thing (just some file IO and recognizing keywords), so it's a good beginner project B)

Uber0n wrote: so it's a good beginner project B)

Hey…

No I'm just kidding, I don't know tons about PHP so your right, That's one of the reasons I'm looking at making one. It seems like a good way to learn. Find something YOU want and would use, then learn what it takes to make it.

Yes I will write the prog. But I found some I possted it. And it's good for learning.

So I will post maybe my prog when it's ready.

Greetz NoPax

NoPax wrote: Yes I will write the prog. But I found some I possted it. And it's good for learning.

So I will post maybe my prog when it's ready. Great. If you really do, respect B) ^^

It wouldn't have any sense only to use that. So it's really easy to program. I will start tomorrow programming it. But next week I am away so it will be ready in two weeks =) And it's always good to learn new stuff =)

Greetz NoPax

NoPax wrote: It wouldn't have any sense only to use that. So it's really easy to program. I will start tomorrow programming it. But next week I am away so it will be ready in two weeks =) And it's always good to learn new stuff =) Exactly. I respect people who are ready to learn new things in order to solve their problems themselves, instead of just downloading premade tools ^^

japanesedude wrote: cat filetoscan.php | grep -n include cat filetoscan.php | grep -n require_once

etc.

cat filetoscan.php | egrep -n –color=auto "include|require_once" grep uses regex. Why pound at the keyboard more than you need to. :)

yeah your right but if you want to scan for example 100 files it is a lot of typing if you do it with grep

Greetz NoPax

NoPax wrote: yeah your right but if you want to scan for example 100 files it is a lot of typing if you do it with grep

Then, put it in a Bash for loop with "*.php" and pipe the output to a file. It's simple.