Stranger stands for STRing AutomatoN GEneratoR which is a string analysis tool for PHP web applications. You can use it to detect XSS, SQL Injection and MFE vulnerabilities (OWASP Top 10).

Stranger takes a PHP program as input and automatically analyzes it and outputs the possible XSS, SQLI and MFE vulnerabilities in the program. In addition to that, for each input that leads to a vulnerability, it outputs an automaton in a dot format that characterizes all possible string values for this input which may exploit the vulnerability, i.e., it outputs the vulnerability signature.

• Download Stranger from here.
• Know how to run stranger by reading the documentation and give us your valuable feed back.
• Understand the theory behind stranger by reading the publications.

This material is based upon work supported by the National Science Foundation under Grant No. CCF-0916112. Any opinions, findings and conclusions or recomendations expressed in this material are those of the author(s) and do not necessarily reflect the views of the National Science Foundation (NSF).