insidersec / Insider
Licence: mit
Static Application Security Testing (SAST) engine focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline. Support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
Stars: ✭ 216
Programming Languages
javascript
184084 projects - #8 most used programming language
go
31211 projects - #10 most used programming language
swift
15916 projects
kotlin
9241 projects
csharp
926 projects
Labels
Projects that are alternatives of or similar to Insider
Patrowlengines
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 162 (-25%)
Mutual labels: security-tools, security-scanner, security-automation
Jsprime
a javascript static security analysis tool
Stars: ✭ 556 (+157.41%)
Mutual labels: static-analysis, security-tools, security-scanner
Salus
Security scanner coordinator
Stars: ✭ 441 (+104.17%)
Mutual labels: static-analysis, security-tools, security-scanner
Huskyci
Performing security tests inside your CI
Stars: ✭ 398 (+84.26%)
Mutual labels: static-analysis, security-tools, security-automation
Amdh
Android Mobile Device Hardening
Stars: ✭ 95 (-56.02%)
Mutual labels: static-analysis, security-tools, android-security
Burpa
Burp-Automator: A Burp Suite Automation Tool with Slack Integration. It can be used with Jenkins and Selenium to automate Dynamic Application Security Testing (DAST).
Stars: ✭ 427 (+97.69%)
Mutual labels: security-tools, security-scanner, security-automation
Sbt Dependency Check
SBT Plugin for OWASP DependencyCheck. Monitor your dependencies and report if there are any publicly known vulnerabilities (e.g. CVEs). 🌈
Stars: ✭ 187 (-13.43%)
Mutual labels: static-analysis, owasp, security-automation
Super
Secure, Unified, Powerful and Extensible Rust Android Analyzer
Stars: ✭ 340 (+57.41%)
Mutual labels: security-tools, security-scanner, security-automation
Vulny Code Static Analysis
Python script to detect vulnerabilities inside PHP source code using static analysis, based on regex
Stars: ✭ 207 (-4.17%)
Mutual labels: static-analysis, security-tools, security-scanner
Mobile Security Framework Mobsf
Mobile Security Framework (MobSF) is an automated, all-in-one mobile application (Android/iOS/Windows) pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis.
Stars: ✭ 10,212 (+4627.78%)
Mutual labels: static-analysis, owasp, android-security
Applicationinspector
A source code analyzer built for surfacing features of interest and other characteristics to answer the question 'What's in the code?' quickly using static analysis with a json based rules engine. Ideal for scanning components before use or detecting feature level changes.
Stars: ✭ 3,873 (+1693.06%)
Mutual labels: static-analysis, security-tools, security-scanner
Nosqli
NoSql Injection CLI tool, for finding vulnerable websites using MongoDB.
Stars: ✭ 120 (-44.44%)
Mutual labels: security-tools, security-scanner, security-automation
Patrowlmanager
PatrOwl - Open Source, Smart and Scalable Security Operations Orchestration Platform
Stars: ✭ 363 (+68.06%)
Mutual labels: security-tools, security-scanner, security-automation
Gosec
Golang security checker
Stars: ✭ 5,694 (+2536.11%)
Mutual labels: static-analysis, security-tools, security-automation
Taipan
Web application vulnerability scanner
Stars: ✭ 359 (+66.2%)
Mutual labels: security-tools, security-scanner, security-automation
Yasuo
A ruby script that scans for vulnerable & exploitable 3rd-party web applications on a network
Stars: ✭ 517 (+139.35%)
Mutual labels: security-tools, security-scanner, security-automation
Wsltools
Web Scan Lazy Tools - Python Package
Stars: ✭ 288 (+33.33%)
Mutual labels: security-tools, security-scanner, security-automation
Shodansploit
🔎 shodansploit > v1.3.0
Stars: ✭ 342 (+58.33%)
Mutual labels: security-tools, security-scanner, security-automation
Vuls
Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices
Stars: ✭ 8,844 (+3994.44%)
Mutual labels: security-tools, security-scanner, security-automation
Patrowldocs
PatrOwl - Open Source, Free and Scalable Security Operations Orchestration Platform
Stars: ✭ 105 (-51.39%)
Mutual labels: security-tools, security-scanner, security-automation
This document is also available in Portuguese.
Insider is the OSS CLI project from the Insider Application Security Team for the community.
Insider is focused on covering the OWASP Top 10, to make source code analysis to find vulnerabilities right in the source code, focused on a agile and easy to implement software inside your DevOps pipeline.
We currently support the following technologies: Java (Maven and Android), Kotlin (Android), Swift (iOS), .NET Full Framework, C#, and Javascript (Node.js).
There is a Github Action that permits you protect your repository with Insider, free, easy to integrate and frictionless. It is the most easy way to protect your code directly on your repository. Take a look - Insider-Action
Installation
You can install Insider using precompiled binaries or from source.
Precompiled binaries
We have precompiled binaries for Linux, Windows and macOS operational systems that you can find here.
Have fun! 🚀
Usage
insider is the CLI project from the Insider Application Security Team for the community
Usage:
-exclude value
Patterns to exclude directory or files to analyze. Can be used multiple times
-jobs int
Number of analysis to execute in parallel (default 4)
-no-html
Skips the report generation in the HTML format
-no-json
Skips the report generation in the JSON format
-quiet
No output logs of execution
-security float
Set the Security level, values between 0 and 100 (default 0)
-target string
Specify where to look for files to run the specific ruleset
-tech string
Specify which technology ruleset to load
-v Enable verbose output
-version
Show version and quit with exit code 0
Supported technologies:
android
java
ios
javascript
csharp
Example of use:
# Run JavaScript analysis on specific directoty
insider -tech javascript -target <directory>
# Run Android analysis on specific directoty and ignore html and json report
insider -tech android -target <directory> -no-html -no-json
# Run Java analysis on specific directoty with a base security value to fail
insider -tech java -target <directory> -security 20
# Run JavaScript analysis on specific directoty and exclude node_modules and test files
insider -tech javascript -target <directory> -exclude tests/* -exclude node_modules/*
Example
# Check the correct release for your environment
$ wget https://github.com/insidersec/insider/releases/download/2.1.0/insider_2.1.0_linux_x86_64.tar.gz
$ tar -xf insider_2.1.0_linux_x86_64.tar.gz
$ chmod +x insider
$ ./insider --tech javascript --target <projectfolder>
Docker
You can also run insider in a container. You only need to mount the target into a volume:
$ docker run --rm -v $(pwd):/target-project insidersec/insider -tech <tech> -target /target-project
Demo
Contribution
- Your contributions and suggestions are heartily ♥ welcome. See here the contribution guidelines. Please, report bugs via issues page. See here the security policy for report security issues. (✿ ◕‿◕)
Building from source
To build Insider from source you'll need at least Go version 1.13 working.
$ go get github.com/insidersec/insider/cmd/insider
License
- This work is licensed under MIT.
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].