success 109917 pyrats 2008-12-27T15:25:11Z 2008-12-27T15:25:12Z IntroductionPyrats scans and analyzes your PHP source code for potential vulnerabilities. It's a command line program, that should help get PHP developers a quick survey of common commands that capitalize potential security vulnerabilities. All files of a specified directory will be recursively scanned and evaluated. The search process can be refined through different options. UsagePyrats is a tool written in Python, helping you to find malicious function calls in PHP projects as soon as possible. Pyrats can easily be launched without arguments in the Konsole/Terminal using „python pyrats“. If you don't specify a folder/directory, pyrats will browse the directory where it was launched. $ python pyrats.py It's also possible to add any directory to your search operation e.g „/var/www/test“, then this directory will be parsed as well. $ python pyrats.py /var/www/test/Pyrats parses recursively beginning from the specified directory. Only ASCII files will be parsed, no binary files though. You can get a summary of all arguments with: $ python pyrats.py --helpArguments: displays only relevant findings, no statistic output. (Standard, if XML or CSV will be selected as Output) $ python pyrats.py --no-statisticDefine your output format either in XML or CSV. $ python pyrats.py --output=xml$ python pyrats.py --output=csvParses only for specified function calls: mail, include, header, system, mysql. If this option isn't included, then pyrats will parse for all patterns. $ python pyrats.py --search=mail$ python pyrats.py --search=include$ python pyrats.py --search=header$ python pyrats.py --search=system$ python pyrats.py --search=mysql Search files only with (the) .php extension $ python pyrats.py --phpShow current pyrats version: $ python pyrats.py --version Show all arguments: $ python pyrats.py --helpPyrats was developed by Bernd Essl on Linux/Debian and should run on any platform that supports Python. Ideas, Critic and Suggestions are always welcome. DownloadThe sourcefile you can download here: http://pyrats.googlecode.com/files/pyrats.py you can test the newest release from the subversion repository: $ svn checkout http://pyrats.googlecode.com/svn/trunk/ pyrats http://code.google.com/p/pyrats pyrats 0 0 bsd BSD Copyright