You can download Stranger source code form here.
You can download SemRepair source code form here.
You can download PHP vulnerability detector form here. The download consists of the following:
  • stranger.jar:this file contains the Java front end for stranger.
  • lib:this directory contains libraries used by stranger:
    • parser.jar: is the PHP parser (part of the PHP front end).
    • is the c backend for string analysis.
    • jna.jar, clib_connector.jar: is the connector that connects the c backend to the java front end.
  • config: is the directory that contains the configuration files for stranger. For more information on how to config stranger you can refer to Pixy as stranger is based on Pixy.
  • test-php-script.php: is the script used to run stranger on a single PHP script.
  • test-php-app.php: is the script used to run stranger on a whole PHP application. It will automatically and recursively iterate over all the files in a PHP application directory.
A number of benchmarks is provided here for the user to start up with and help understanding stranger. They consist of 5 vulnerable PHP scripts extracted from real world PHP applications. For each script there is a sanitized version that is similar to the original script with additional filtering functions that are used to patch the vulnerability. The benchmark name starts with the word vuln followed by its number. The sanitized secure version starts with the word vuln-sanit followed be the same number as the vulnerable one.

Running Stranger
You may refer to the Documentation page for more information.