Threaded Mode | Linear Mode

***Back_track*** · 06-10-2010, 06:09 AM

Code:

#!/usr/bin/perl 

#

# sourcescan.pl ----> scans source for common C vulnerabilities

# By - Xtremist (xtremist@2xs.co.il) 

#        for [r00tabega.security.labs]

# 

if ($#ARGV<0) {

print "Usage : $0 <filename> <logfile>\n";

exit();

}

open (FILE,"<$ARGV[0]");

open (LOG,">$ARGV[1]");

$file=$ARGV[0];

while (<FILE>) {

Print ($file,$line,"strcpy") if (/strcpy/);

Print ($file,$line,"gets") if (/gets/); 

Print ($file,$line,"strcat") if (/strcat/); 

Print ($file,$line,"sprintf") if (/sprintf/); 

Print ($file,$line,"fscanf") if (/fscanf/); 

Print ($file,$line,"scanf") if (/scanf/); 

Print ($file,$line,"vsprintf") if (/vsprintf/); 

Print ($file,$line,"realpath") if (/realpath/); 

Print ($file,$line,"getopt") if (/getopt/); 

Print ($file,$line,"getpass") if (/getpass/); 

Print ($file,$line,"streadd") if (/streadd/); 

Print ($file,$line,"strecpy") if (/strecpy/); 

Print ($file,$line,"strtrns") if (/strtrns/); 

Print ($file,$line,"getenv") if (/getenv/); 

Print ($file,$line,"setenv") if (/setenv/); 

}

sub Print {

$fil=shift;

$lin=shift;

$stuff=shift;

print "$fil:$lin $stuff found\n";

print LOG "$fil:$lin $stuff found\n";

$line++;

}

print "\nNo of possible vulnerabilities : $line\n";

print LOG "\nNo of possible vulnerabilities : $line\n";

close (LOG);

close (FILE);

***drdebcol*** · 06-10-2010, 06:34 AM

You can see in the source what this does. It is easy to understand, though i don't know Perl.