Skip to main content

Broad PHP web analyzer plugin for AttackMap

Project description

attackmap-analyzer-php-web

Broad PHP web analyzer for AttackMap.

This repository is intentionally separate from AttackMap core. It focuses only on extracting structured signals from PHP repositories:

  • routes
  • outbound HTTP calls
  • datastore hints
  • auth hints
  • secret and env usage

It does not render reports and does not own global severity policy.

Analyzer identity

  • name: php-web
  • display_name: PHP Web Analyzer
  • version: 0.1.0
  • experimental: true
  • enabled_by_default: false

Scope

This analyzer is broad and heuristic. It is meant to map common PHP web application surfaces before framework-specific analyzers (for example php-laminas or omeka-s) are added.

Detection strategy

detect(repo_path) uses lightweight signals:

  • composer.json present
  • at least one .php file
  • common PHP app layout (src/, app/, module/, public/)

Extraction strategy

analyze(repo_path) scans .php files and emits structured signals using regular-expression heuristics.

Route extraction currently includes patterns such as:

  • Route::get(...)/Route::post(...) style calls
  • $app->get(...) style calls
  • PHP attributes like #[Route("/path", methods: ["GET"]) ]
  • basic config-style "path" => "/..."

Outbound calls currently include patterns such as:

  • curl_init("https://...")
  • file_get_contents("https://...")
  • common HTTP client calls such as ->request(...), ->get(...), ->post(...)

Datastore/auth/secret hints are similarly heuristic and intended as first-pass signals.

Installation

pip install attackmap-analyzer-php-web

For local development:

pip install -e .[dev]

Contract alignment with AttackMap core

This package targets the current AttackMap analyzer contract:

  • analyzer exposes metadata via metadata
  • analyzer implements detect(repo_path) and analyze(repo_path)
  • analyze returns AttackMap-style structured scan data (ScanResult shape)

The package includes a small compatibility layer so tests can run even if AttackMap core is not installed.

Future core discovery (documented, not implemented here)

AttackMap core can discover this analyzer later via one of these options:

  1. entry points (preferred long-term)
  2. explicit configured analyzer list
  3. namespace/package scanning in github.com/mlaify

This repository does not implement core-side discovery logic.

Limitations

  • regex-based extraction (not AST)
  • limited config route parsing
  • no framework-specific deep parsing yet
  • no dataflow or reachability modeling inside this analyzer

These are deliberate to keep this first external analyzer incremental and maintainable.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

attackmap_analyzer_php_web-0.1.0.tar.gz (8.9 kB view details)

Uploaded Source

Built Distribution

If you're not sure about the file name format, learn more about wheel file names.

attackmap_analyzer_php_web-0.1.0-py3-none-any.whl (7.5 kB view details)

Uploaded Python 3

File details

Details for the file attackmap_analyzer_php_web-0.1.0.tar.gz.

File metadata

File hashes

Hashes for attackmap_analyzer_php_web-0.1.0.tar.gz
Algorithm Hash digest
SHA256 278c8d67fb2a09a8d0f71066f0a9df3895572eb1ad5c7e3468f09f2ca3e2d3ff
MD5 70aa5898f9cdb0f8858465a027eda9bc
BLAKE2b-256 eba56ea90f719ef72c4cbaad5edd154b3e9189858da3480bac28c6c256f3ad0f

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap_analyzer_php_web-0.1.0.tar.gz:

Publisher: release.yml on mlaify/attackmap-analyzer-php-web

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

File details

Details for the file attackmap_analyzer_php_web-0.1.0-py3-none-any.whl.

File metadata

File hashes

Hashes for attackmap_analyzer_php_web-0.1.0-py3-none-any.whl
Algorithm Hash digest
SHA256 f3c09bfc869bfe8d7fb0c0f5d78e37f570aad0af35a0fa9286e130a50787c3c3
MD5 67ba1d22fbb0678b3480d74085d869a2
BLAKE2b-256 e364b38d7269e3e0291b6d39708203513baf4d6cbc09167710da4eeebabe7a1f

See more details on using hashes here.

Provenance

The following attestation bundles were made for attackmap_analyzer_php_web-0.1.0-py3-none-any.whl:

Publisher: release.yml on mlaify/attackmap-analyzer-php-web

Attestations: Values shown here reflect the state when the release was signed and may no longer be current.

Supported by

AWS Cloud computing and Security Sponsor Datadog Monitoring Depot Continuous Integration Fastly CDN Google Download Analytics Pingdom Monitoring Sentry Error logging StatusPage Status page