SuiGenchi Demonstration

Publicated on : 1205631622
After I released the program I thought it would be nice to give a head start on how to find flaws in PHP software developed for the web. After all, this is what SuiGenchi is intended for. SuiGenchi is a source code analyzer that aids programmers to quickly scan the source of their files, or for bug-hunters who want to find holes in software and write an exploit for them. The program is non-greedy in it's search, and the reason for this is simple: It would be far better to only grab the code blocks that are known to pose a threat. Then, you can analyze the output and quickly determine if flaws are being made. The program is written in one evening, and for now it only processes the files. Later on, I'm planning to build a code browser in it, and maybe a small terminal to build exploits based upon the found code blocks.



Okay, onto the demonstration. I'm not planning to host the program since it makes system calls that are sensitive. So I made screenshots while working with it. Today I grabbed a random CMS package called: MemHT Portal which is written in PHP. I scanned the sources and it took me only 2 mouse clicks to find possible juicy code blocks that needs to be tested.



Step 0x01:



Download a zip or a couple of source files and locate them in SuiGenchi, if it is a zip it will inflate and extract the archive automatically to the path you provided.







Step 0x02:



it will upload the file(s) and/or extract the zip:







Step 0x03:



First, navigate back to the index because the program needs to be updated with the newly uploaded files. Then just go to process file(s) and select a directory to browse.







Step 0x04:



Once a folder is selected, you can select the vectors to be used. Select all the files you want to process and hit submit.







Step 0x05:



This is the output of the program after you hit submit. I scanned the files folder on the MemHT portal only. The green arrows I put in with Photoshop to indicate my manual analysis of this output. I saw that a variable is used inside an include(). This could pose issues, depending where this variable was set. If requested from the Request Uri it could mean a dangerous situation. The next item that caught my eye was the: $_GET['name']; which is pushed into a session. Again, this might pose a risk. The results show me that I can analyze other files to look what the programmers are doing here, and possibly write an exploit.







So, it can be an aid to quickly determine possible holes and act upon them. It will save you plenty of time when using it. As said the next version will be more advanced. I hope you enjoy it, and if you have further questions or ideas for the next version, do let me know.



You can download the new version here: http://www.0x000000.com/suigenchi/suigenchi.rar