PHPTickler is a static analysis tool for scanning PHP codebases for common vulnerabilities, including:
- SQL Injection (SQLi)
- Cross-Site Scripting (XSS)
- Path Traversal
- RCE
This tool aims to enhance the security of PHP applications by detecting and reporting insecure code patterns and configurations.
- Scans for vulnerabilities like SQLi, XSS, Path Traversal, and RCE.
- Supports customizable scanning rules and exclusions.
- Generates detailed reports in HTML, JSON, or XML formats.
- Multi-threaded scanning for improved performance.
- Python 3.8 or higher
- Dependencies listed in requirements.txt
- Clone the repository:
git clone https://github.com/j4k0m/PHPTickler.git
cd PHPTickler- Install dependencies:
pip install -r requirements.txtScan a PHP project directory:
python phptickler.py -d /path/to/your/project- Exclude specific directories:
python phptickler.py -d /path/to/project --exclude path1 path2
- Generate a report in JSON format:
python phptickler.py -d /path/to/project --format json
- Adjust the verbosity level:
python phptickler.py -d /path/to/project -v 2
PHPTickler generates reports in the selected format:
- HTML: A user-friendly report with highlights and remediation advice.
- JSON: Structured data for integration with CI/CD pipelines.
- XML: Machine-readable format for security tools.
Upon scanning, a report is generated:
vulnerability_report.html
This project is licensed under the MIT License. See the LICENSE file for details.