Audit de code

grep -ri -E "(password|pwd|mdp|pass)" --exclude=*.{ai,crt,css,csv,dat,doc,eml,htm,html,json,js,key,lock,log,mysql,pdf,pem,po,pub,ps,rtf,scss,sql,svg,twig,txt,xml,yml} --color=always -D skip * | grep -E "(md5|sha1) *\("

grep -r "'root'" --exclude=*.{ai,crt,css,csv,dat,doc,eml,htm,html,json,js,key,lock,log,pdf,pem,po,pub,ps,rtf,scss,svg,twig,txt,xml,yml} --color=always -D skip *

grep -r -E "(query|select|insert|update|delete)" --exclude=*.{ai,crt,css,csv,dat,doc,eml,htm,html,json,js,key,lock,log,mysql,pdf,pem,po,pub,ps,rtf,scss,sql,svg,twig,txt,xml,yml} --color=always -D skip * | grep -v -E "(quote)"

grep -r -E "(include|require)(.*)\\$" --exclude=*.{ai,crt,css,csv,dat,doc,eml,htm,html,json,js,key,lock,log,mysql,pdf,pem,po,pub,ps,rtf,scss,sql,svg,twig,txt,xml,yml} --color=always -D skip *

grep -r -E "move_uploaded_file(.*)tmp_name" *

grep -RPn -I "[@ ;=](passthru|exec|shell_exec|system|eval|phpinfo) *\(" --exclude=*.{ai,crt,css,csv,dat,doc,eml,htm,html,json,js,key,lock,log,mysql,pdf,pem,po,pub,ps,rtf,scss,sql,svg,twig,txt,xml,yml} --color=always -D skip  *

grep -RPn -I "(error_reporting|display_errors|display_startup_errors|print_r|mysqli_error)" --exclude=*.{ai,crt,css,csv,dat,doc,eml,htm,html,json,js,key,lock,log,mysql,pdf,pem,po,pub,ps,rtf,scss,sql,svg,twig,txt,xml,yml} --color=always -D skip  *

find ./ -type f -regex ".*\.\(back\|bak\|backup\|dat\|inc\|log\|old\|save\|sql\|temp\|tmp\)" -regex ".*.php\([^/]+\)" -o -iname "*-" -o -iname "*~" | grep -v -E "(htm|html)"

find ./ -type f \( -regex ".*\.\(3ds\|all-wcprops\|back\|backup\|bak\|bat\|bin\|bugs\|ChangeLog\|class\|cmake\|cpp\|CREDITS\|csv\|dat\|db\|dds\|dll\|DS_Store\|entries\|exe\|gitignore\|h\|inc\|INSTALL\|java\|json\|lab\|log\|Makefile\|md\|mtl\|obf\|obj\|old\|path\|pdb\|phtml\|pptx\|project\|properties\|psd\|py\|save\|scc\|scss\|sdf\|smi\|sql\|stl\|svn-base\|temp\|tmp\|txt\|url\|Vagrantfile\|wiki\|xlsx\|xml\|yml\)" -o -regex ".*\(bugs\|ChangeLog\|CREDITS\|INSTALL\|Makefile\|README\|Vagrantfile\)$" \)

find ./ -type f -exec file -b {} \; | cut -d ',' -f 1 | sort | uniq -c -i | sort -n -r

find . -type f -printf "%f\n" | rev | cut -d '.' -f1 | rev | sort | uniq -c -i | sort -n -r

grep -r -E "echo ._(COOKIE|GET|POST|REQUEST)" --exclude=*.{ai,crt,css,csv,dat,doc,eml,htm,html,json,js,key,lock,log,mysql,pdf,pem,po,pub,ps,rtf,scss,sql,svg,twig,txt,xml,yml} --color=always -D skip *

<FIND COMMAND> | sed "s~./~$URL/~" | xargs -P 10 curl --head --silent --write-out "%{http_code} %{url_effective}\n" | grep $URL --color=never | grep -v 404