fate0/prvd

PHP Runtime Vulnerability Detection

Maintainers

Details

github.com/fate0/prvd

Source

Issues

Installs: 1

Dependents: 0

Suggesters: 0

Security: 0

Stars: 483

Watchers: 10

Forks: 76

Open Issues: 1

Type:project

dev-master 2019-05-25 16:27 UTC

Requires

Requires (Dev)

BSD-3-Clause 6ae3c0507f569f355b44acab1a87c6e8fbac1f64

  • fate0 <fate0.woop@fatezero.org>

This package is auto-updated.

Last update: 2024-03-26 03:38:13 UTC

README

Build Status GitHub

中文文档

Table of Contents

Introduction

PHP Runtime Vulnerability Detection

sentry_detail

Installation

  1. git clone to a non-web directory, assuming the directory is /data/prvd
git clone https://github.com/fate0/prvd.git /data/prvd
  1. composer
composer install
  1. install xmark extension
  1. edit php.ini
  • set auto_prepend_file to /data/prvd/src/Entry.php
  • set extension to xmark.so
  • for the rest of the configuration, please copy the contents of prvd.ini in this project

Configuration

edit /data/prvd/src/Config.php

define("PRVD_FUZZER_DSN", "");
define("PRVD_SENTRY_DSN", "");        
define("PRVD_TAINT_ENABLE", true);
define("PRVD_TANZI", "xtanzi");
define("PRVD_LOG_FILE", "/data/prvd/prvd.log");

Sign up for an account at https://sentry.io or install sentry server by yourself

DVWA

You can use the docker to experience prvd

docker pull fate0/prvd-dvwa
docker run -d -e "PRVD_SENTRY_DSN={YOUR_SENTRY_DSN}" -p 80:80 fate0/prvd-dvwa

The environment variables that can be set are

  • PRVD_FUZZER_DSN
  • PRVD_SENTRY_DSN
  • PRVD_TAINT_ENABLE
  • PRVD_TANZI

More about prvd-dvwa can be seen here

How it work

Ref