prvd: PHP Runtime Vulnerability Detection
prvd – PHP Runtime Vulnerability Detection
prvd is able to detect the following types of vulnerabilities:
- Command Injection
- File Inclusion
- File Upload
- SQL Injection
- SQL Injection (Blind)
- Partial XSS
Installation
git clone https://github.com/fate0/prvd.git /data/prvd
composer install
install xmark extension
edit php.ini
- set auto_prepend_file to /data/prvd/src/Entry.php
- set extension to xmark.so
- for the rest of the configuration, please copy the contents of prvd.ini in this project
Configuration
edit /data/prvd/src/Config.php
define(“PRVD_FUZZER_DSN”, “”);
define(“PRVD_SENTRY_DSN”, “”);
define(“PRVD_TAINT_ENABLE”, true);
define(“PRVD_TANZI”, “xtanzi”);
define(“PRVD_LOG_FILE”, “/data/prvd/prvd.log”);
Sign up for an account at https://sentry.io or install sentry server by yourself
Example
Copyright (c) 2018 fate0
All rights reserved.
