Broad PHP web analyzer plugin for AttackMap
Project description
attackmap-analyzer-php-web
Broad PHP web analyzer for AttackMap.
This repository is intentionally separate from AttackMap core. It focuses only on extracting structured signals from PHP repositories:
- routes
- outbound HTTP calls
- datastore hints
- auth hints
- secret and env usage
It does not render reports and does not own global severity policy.
Analyzer identity
name:php-webdisplay_name:PHP Web Analyzerversion:0.1.0experimental:trueenabled_by_default:false
Scope
This analyzer is broad and heuristic. It is meant to map common PHP web application surfaces before framework-specific analyzers (for example php-laminas or omeka-s) are added.
Detection strategy
detect(repo_path) uses lightweight signals:
composer.jsonpresent- at least one
.phpfile - common PHP app layout (
src/,app/,module/,public/)
Extraction strategy
analyze(repo_path) scans .php files and emits structured signals using regular-expression heuristics.
Route extraction currently includes patterns such as:
Route::get(...)/Route::post(...)style calls$app->get(...)style calls- PHP attributes like
#[Route("/path", methods: ["GET"]) ] - basic config-style
"path" => "/..."
Outbound calls currently include patterns such as:
curl_init("https://...")file_get_contents("https://...")- common HTTP client calls such as
->request(...),->get(...),->post(...)
Datastore/auth/secret hints are similarly heuristic and intended as first-pass signals.
Installation
pip install attackmap-analyzer-php-web
For local development:
pip install -e .[dev]
Contract alignment with AttackMap core
This package targets the current AttackMap analyzer contract:
- analyzer exposes metadata via
metadata - analyzer implements
detect(repo_path)andanalyze(repo_path) analyzereturns AttackMap-style structured scan data (ScanResultshape)
The package includes a small compatibility layer so tests can run even if AttackMap core is not installed.
Future core discovery (documented, not implemented here)
AttackMap core can discover this analyzer later via one of these options:
- entry points (preferred long-term)
- explicit configured analyzer list
- namespace/package scanning in
github.com/mlaify
This repository does not implement core-side discovery logic.
Limitations
- regex-based extraction (not AST)
- limited config route parsing
- no framework-specific deep parsing yet
- no dataflow or reachability modeling inside this analyzer
These are deliberate to keep this first external analyzer incremental and maintainable.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file attackmap_analyzer_php_web-0.1.0.tar.gz.
File metadata
- Download URL: attackmap_analyzer_php_web-0.1.0.tar.gz
- Upload date:
- Size: 8.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
278c8d67fb2a09a8d0f71066f0a9df3895572eb1ad5c7e3468f09f2ca3e2d3ff
|
|
| MD5 |
70aa5898f9cdb0f8858465a027eda9bc
|
|
| BLAKE2b-256 |
eba56ea90f719ef72c4cbaad5edd154b3e9189858da3480bac28c6c256f3ad0f
|
Provenance
The following attestation bundles were made for attackmap_analyzer_php_web-0.1.0.tar.gz:
Publisher:
release.yml on mlaify/attackmap-analyzer-php-web
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_php_web-0.1.0.tar.gz -
Subject digest:
278c8d67fb2a09a8d0f71066f0a9df3895572eb1ad5c7e3468f09f2ca3e2d3ff - Sigstore transparency entry: 1955059506
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-php-web@9bb9ed6cd2bade4f6a5c24ac79071c6027ff4be2 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@9bb9ed6cd2bade4f6a5c24ac79071c6027ff4be2 -
Trigger Event:
push
-
Statement type:
File details
Details for the file attackmap_analyzer_php_web-0.1.0-py3-none-any.whl.
File metadata
- Download URL: attackmap_analyzer_php_web-0.1.0-py3-none-any.whl
- Upload date:
- Size: 7.5 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? Yes
- Uploaded via: twine/6.1.0 CPython/3.13.12
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
f3c09bfc869bfe8d7fb0c0f5d78e37f570aad0af35a0fa9286e130a50787c3c3
|
|
| MD5 |
67ba1d22fbb0678b3480d74085d869a2
|
|
| BLAKE2b-256 |
e364b38d7269e3e0291b6d39708203513baf4d6cbc09167710da4eeebabe7a1f
|
Provenance
The following attestation bundles were made for attackmap_analyzer_php_web-0.1.0-py3-none-any.whl:
Publisher:
release.yml on mlaify/attackmap-analyzer-php-web
-
Statement:
-
Statement type:
https://in-toto.io/Statement/v1 -
Predicate type:
https://docs.pypi.org/attestations/publish/v1 -
Subject name:
attackmap_analyzer_php_web-0.1.0-py3-none-any.whl -
Subject digest:
f3c09bfc869bfe8d7fb0c0f5d78e37f570aad0af35a0fa9286e130a50787c3c3 - Sigstore transparency entry: 1955059630
- Sigstore integration time:
-
Permalink:
mlaify/attackmap-analyzer-php-web@9bb9ed6cd2bade4f6a5c24ac79071c6027ff4be2 -
Branch / Tag:
refs/tags/v0.1.0 - Owner: https://github.com/mlaify
-
Access:
public
-
Token Issuer:
https://token.actions.githubusercontent.com -
Runner Environment:
github-hosted -
Publication workflow:
release.yml@9bb9ed6cd2bade4f6a5c24ac79071c6027ff4be2 -
Trigger Event:
push
-
Statement type: