FIXME Le PAD pour proposer une amΓ©lioration Γ  cette page : https://pad.zenk-security.com/p/merci

PHP

πŸ›  PHPStan v0.11.19 releases: PHP Static Analysis Tool https://securityonline.info/phpstan-php-static-analysis/

πŸ›  Cheatsheet for finding vulnerable PHP code using grep https://github.com/dustyfresh/PHP-vulnerability-audit-cheatsheet

πŸ›  We help your business to secure PHP and Java web applications with language specific code analysis. https://www.ripstech.com/

πŸ›  exakat https://www.exakat.io/

πŸ›  SensioLabs SensioLabs leverage composer.lock file to check for known security risk. https://security.sensiolabs.org/

πŸ›  phpcs-security-audit v2 https://github.com/FloeDesignTechnologies/phpcs-security-audit

πŸ›  Progpilot - A static analyzer for security purposes https://github.com/designsecurity/progpilot

πŸ›  RIPS - A static source code analyser for vulnerabilities in PHP scripts http://rips-scanner.sourceforge.net/ https://github.com/bizonix/rips-scanner https://github.com/ripsscanner/rips https://github.com/robocoder/rips-scanner

πŸ›  A static source code analyser for vulnerabilities in PHP scripts https://github.com/67iendymarm/taklamakan-scanner

πŸ›  Static source php code analyser for Security vulnerablitites https://github.com/rjcrystal/scaps

πŸ›  PHP static source code analyser https://github.com/ganbarodigital/php-fact-builder

πŸ›  Vulture - Static source code analyser for PHP web applications vulnerabilities. https://github.com/darioghilardi/vulture

πŸ›  [AppChecker](https://npo-echelon.ru/en/solutions/appchecker.php) - static analysis tool for finding bugs, weaknesses and vulnerabilities in source code

πŸ›  [Code insight](https://github.com/console-helpers/code-insight) - A tool for analysing other project code bases.

πŸ›  [Churn-PHP](https://github.com/bmitch/churn-php.git) - Discover files in need of refactoring.

πŸ›  [Eir](https://github.com/Lixody/Eir) - A static vulnerability analysis tool written in C#.

πŸ›  [Grabber] ( http://rgaucher.info/beta/grabber/ ) Grabber, a python based tool to perform hybrid analysis on a PHP-based application using PHP-SAT.

πŸ›  [Exakat](http://www.exakat.io/) - Smart static analysis.

πŸ›  [jscpd](https://github.com/kucherenko/jscpd) - Copy/paste detector for programming source code.

πŸ›  [Mondrian](https://github.com/Trismegiste/Mondrian) - A code analysis tool using Graph Theory.

πŸ›  [noverify](https://github.com/VKCOM/noverify) - Pretty fast linter (code static analysis utility) for PHP.

πŸ›  [Pfff](https://github.com/facebook/pfff) - Tools for code analysis, visualizations, or style-preserving source transformation.

πŸ›  [PHP Analysis](https://github.com/cwi-swat/php-analysis) - A library for analysing and modifying PHP Source Code in Rascal (PHP AiR).

πŸ›  [PHParch](https://github.com/j6s/phparch.git) - PHPArch is a work in progress architectural testing library for PHP projects.

πŸ›  [PHP Assumption](https://github.com/rskuipers/php-assumptions.git) - Finds <a href=β€œhttp://rskuipers.com/entry/from-assumptions-to-assertions”>weak assumptions</a> in the code, suggest to turn them into stronger validations.

πŸ›  [PhpCodeAnalyzer](https://github.com/wapmorgan/PhpCodeAnalyzer.git) - Finds usage of non-built-in extensions.

πŸ›  [PHPCodeFixer](https://github.com/wapmorgan/PhpCodeFixer) - Finds usage of deprecated functions, variables and ini directives.

πŸ›  [php7mar](https://github.com/Alexia/php7mar) - PHP 7 Migration Assistant Report.

πŸ›  [phpcallgraph](http://phpcallgraph.sourceforge.net/) - Generate static call graphs. Such a graph visualizes the call dependencies among methods or functions of an application..

πŸ›  [PHPCPD](https://github.com/sebastianbergmann/phpcpd) - Spots copy/pasted code, and help enforcing DRY rule.

πŸ›  [Phan](https://github.com/etsy/phan) - The static analyzer by Rasmus, PHP Creator.

πŸ›  [Phinder](https://github.com/sider/phinder.git) - PHP code piece finder

πŸ›  [Phortress](https://github.com/lowjoel/phortress) - A PHP static code analyser for potential vulnerabilities.

πŸ›  [PHP Code Static Analysis](https://github.com/joaaoleite/code-static-analysis) - PHP Code static analysis program made in nodeJS.

πŸ›  [PHP Inspection](https://plugins.jetbrains.com/plugin/7622?pr=idea) - Static analysis plugin for PHPStorm.

πŸ›  [PHP Integrator](https://github.com/php-integrator) - Indexes PHP code and performs static analysis for Atom editor.

πŸ›  [Phlint](https://gitlab.com/phlint/phlint) - Phlint is a tool with an aim to help maintain quality of php code by analyzing code and pointing out potential code issues.

πŸ›  [PHP lint](http://php.net/manual/en/features.commandline.options.php) - PHP itself, able to detect syntax error from command line.

πŸ›  [PHPlint](http://www.icosaedro.it/phplint/) - A validator and documentator for PHP 5 programs.

πŸ›  [PHP-Parallel-Lint](https://github.com/JakubOnderka/PHP-Parallel-Lint) - A parallel php linting tool for PHP 5.3.3 or newer

πŸ›  [PHP Magic Number Detector](https://github.com/povils/phpmnd) - PHP Magic Number Detector

πŸ›  [PHP-malware-finder](https://github.com/nbs-system/php-malware-finder) - Detect potentially malicious PHP files

πŸ›  [PHP Mess Detector](http://phpmd.org/) - Look for several potential problems within source code.

πŸ›  [PHP Reaper](https://github.com/emanuil/php-reaper.git) - Scan ADOdb code for SQL Injections.

πŸ›  [PHP SA](https://github.com/ovr/phpsa) - A development tool aimed at bringing complex analysis for PHP applications and libraries.

πŸ›  [PHP Stan](https://github.com/phpstan/phpstan) - Focuses on finding errors in code without actually running it.

πŸ›  [PHP Unlocker](http://emanuilslavov.com/php-unlocker/) - Detect potential, unintended DB table locks for PHP applications using ADOdb. Uses static analysis methods.

πŸ›  [PHP testability](https://github.com/edsonmedina/php_testability) - Analyses and produces a report with testability issues of a php codebase.

πŸ›  [PHP vuln hunter](https://github.com/OneSourceCat/phpvulhunter) - Scan PHP vulnerabilities automatically using static analysis methods.

πŸ›  [Progpilot](https://github.com/designsecurity/progpilot) - A static analysis tool for security purposes.

πŸ›  [Psalm](https://getpsalm.org/) - A static analysis tool for finding errors in PHP applications.

πŸ›  [psecio:parse](https://github.com/psecio/parse.git) - Parse : A PHP Security Scanner.

πŸ›  [SonarQube](http://www.sonarqube.org/) - An open platform to manage code quality. It covers PHP code.

πŸ›  [SonarPHP] (https://www.sonarsource.com/products/codeanalyzers/sonarphp.html) - SonarPHP by SonarSource uses pattern matching, data flow techniques to find vulnerabilities in PHP codes. It is a static code analyzer and integrates with Eclipse, IntelliJ

πŸ›  [Side Channel Analyzer](https://github.com/olivo/side-channel-analyzer) - Search for side-channel vulnerable code.

πŸ›  [TaintPHP](https://github.com/olivo/TaintPHP.git) - Static Taint Analyzer.

πŸ›  [Taint'em All](http://taint.spro.ink/) - A taint analysis tool for the PHP language, it makes use of Static Taint Analysis + Symbolic Execution.

πŸ›  [Tuli](https://github.com/ircmaxell/Tuli) - A static analysis engine.

πŸ›  [Unused-scanner](https://github.com/Insolita/unused-scanner.git) - Detect unused composer dependencies

πŸ›  [WAP](https://www.owasp.org/index.php/OWASP_WAP-Web_Application_Protection) - Tool to detect and correct input validation vulnerabilities in PHP (4.0 or higher) web applications and predicts false positives.

πŸ›  [PHP VarDump Check](https://github.com/JakubOnderka/PHP-Var-Dump-Check) - PHP console application for finding forgotten variable dump.

πŸ›  [17eyes](https://github.com/17eyes/17eyes) - PHP static analyzer written in Haskell.

πŸ›  [PHP Sandbox](http://sandbox.onlinephpfunctions.com/) Test your PHP code with this code tester