frizb / Sourcecodesniffer
Licence: bsd-3-clause
The Source Code Sniffer is a poor man’s static code analysis tool (SCA) that leverages regular expressions. Designed to highlight high risk functions (Injection, LFI/RFI, file uploads etc) across multiple languages (ASP, Java, CSharp, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner.
Stars: ✭ 87
Programming Languages
Projects that are alternatives of or similar to Sourcecodesniffer
Arachni
Web Application Security Scanner Framework
Stars: ✭ 2,942 (+3281.61%)
Mutual labels: analysis, xss, sql-injection
Cerberus
一款功能强大的漏洞扫描器,子域名爆破使用aioDNS,asyncio异步快速扫描,覆盖目标全方位资产进行批量漏洞扫描,中间件信息收集,自动收集ip代理,探测Waf信息时自动使用来保护本机真实Ip,在本机Ip被Waf杀死后,自动切换代理Ip进行扫描,Waf信息收集(国内外100+款waf信息)包括安全狗,云锁,阿里云,云盾,腾讯云等,提供部分已知waf bypass 方案,中间件漏洞检测(Thinkphp,weblogic等 CVE-2018-5955,CVE-2018-12613,CVE-2018-11759等),支持SQL注入, XSS, 命令执行,文件包含, ssrf 漏洞扫描, 支持自定义漏洞邮箱推送功能
Stars: ✭ 389 (+347.13%)
Mutual labels: xss, sql-injection
vulnerabilities
List of every possible vulnerabilities in computer security.
Stars: ✭ 14 (-83.91%)
Mutual labels: xss, sql-injection
Protect
Proactively protect your Node.js web services
Stars: ✭ 394 (+352.87%)
Mutual labels: xss, sql-injection
Chronos
Chronos - A static race detector for the go language
Stars: ✭ 272 (+212.64%)
Mutual labels: analysis, static-code-analysis
Sonar Java
☕️ SonarSource Static Analyzer for Java Code Quality and Security
Stars: ✭ 745 (+756.32%)
Mutual labels: analysis, static-code-analysis
Phan
Phan is a static analyzer for PHP. Phan prefers to avoid false-positives and attempts to prove incorrectness rather than correctness.
Stars: ✭ 5,194 (+5870.11%)
Mutual labels: analysis, static-code-analysis
Security Code Scan
Vulnerability Patterns Detector for C# and VB.NET
Stars: ✭ 550 (+532.18%)
Mutual labels: analysis, static-code-analysis
Kube Score
Kubernetes object analysis with recommendations for improved reliability and security
Stars: ✭ 1,128 (+1196.55%)
Mutual labels: analysis, static-code-analysis
hackable
A python flask app that is purposefully vulnerable to SQL injection and XSS attacks. To be used for demonstrating attacks
Stars: ✭ 61 (-29.89%)
Mutual labels: xss, sql-injection
analysis-net
Static analysis framework for .NET programs.
Stars: ✭ 19 (-78.16%)
Mutual labels: analysis, static-code-analysis
lints
Lint all your JavaScript, CSS, HTML, Markdown and Dockerfiles with a single command
Stars: ✭ 14 (-83.91%)
Mutual labels: analysis, static-code-analysis
solutions-bwapp
In progress rough solutions to bWAPP / bee-box
Stars: ✭ 158 (+81.61%)
Mutual labels: xss, sql-injection
Hacker101
Source code for Hacker101.com - a free online web and mobile security class.
Stars: ✭ 12,246 (+13975.86%)
Mutual labels: xss, sql-injection
Dg
[LLVM Static Slicer] Various program analyses, construction of dependence graphs and program slicing of LLVM bitcode.
Stars: ✭ 242 (+178.16%)
Mutual labels: analysis, static-code-analysis
Hackerone Reports
Top disclosed reports from HackerOne
Stars: ✭ 458 (+426.44%)
Mutual labels: xss, sql-injection
Janusec
Janusec Application Gateway, Provides Fast and Secure Application Delivery. JANUSEC应用网关,提供快速、安全的应用交付。
Stars: ✭ 771 (+786.21%)
Mutual labels: xss, sql-injection
SourceCodeSniffer
The Source Code Sniffer is a poor man’s static code analysis tool (SCA) based on regular expressions. The Source Code Sniffer uses search patterns to score common high risk functions (Injection, LFI/RFI, file uploads etc) across multiple application development languages (C#, C/C++,Java, PHP, Perl, Python, JavaScript, HTML etc) in a highly configurable manner. When performing a source code review, it can help to prioritize the code files that should be reviewed.
Source Code Sniffer is written in Python 2.7 and supports both Windows and Linux.
Static Code Analysis Features and Languages
| Language | SQL Injection | LFI/RFI | XSS | File Traversal | File Uploads | Hard-coded Secrets | Command Injection | Buffer Overflow |
|---|---|---|---|---|---|---|---|---|
| PHP | ✔ | |||||||
| Python | ||||||||
| Node.js | ✔ | |||||||
| GO | ||||||||
| ASP Classic | ✔ | ✔ | ✔ | ✔ | ||||
| C# | ✔ | ✔ | ✔ | ✔ | ||||
| JAVA | ✔ | ✔ | ✔ | ✔ | ||||
| VisualBasic | ✔ | |||||||
| Ruby | ||||||||
| Perl | ||||||||
| C/C++ | ✔ | ✔ |
Syntax help
python SourceCodeSniffer.py -h
- Command Line Usage
``# C:/Users/Haxz0r/PycharmProjects/SourceCodeSniffer/SourceCodeSniff [options]``
Options
-------
====================== ==============================================================
-c --configFiles specify the config files (default=['Default.ini', 'ASP.ini', 'CSharp.ini', 'Java.ini', 'VBScript.ini', 'C.ini'])
config files should be comma separated
-p --pathToScan specify the path to scan (default=.)
use the forward slash / for both *nix and windows paths
-i --ignoreFiles specify files to not scan (default=('.html', 'robots.txt'))
ignored files and file types should be comma separated
-v --verbose verbose mode
-h --htmlReport generate an html report (experimental)
-d --debug show debug output
-l --log output to log file
====================== ==============================================================
Example:
python SourceCodeSniffer.py -c ASP.ini,CSharp.ini,Default.ini,VBScript.ini -p c:/testpath/test/ -i .html,robots.txt
Commandline Output Example - C/C++ Scan
#python SourceCodeSniffer.py -c C.ini -p "C:\SRC"
Source Code Sniffer Version: 0.6 Updated: June 12, 2018 (-h for help)
Using configuration files: ['C.ini']
Recursively sniffing path for dangerous code: C:\SRC
[################################] 3/3 - 00:00:39
Files sorted by potential risk level:
Risk File Path
0 C:\SRC\Small.c
2 C:\SRC\Gateway.c
2 C:\SRC\Library.c
Files sorted by number of potential issues:
Issues File Path
0 C:\SRC\Small.c
2679 C:\SRC\Gateway.c
12982 C:\SRC\Library.c
Report Output File Example - C/C++ Scan
Coming soon...
Note that the project description data, including the texts, logos, images, and/or trademarks,
for each open source project belongs to its rightful owner.
If you wish to add or remove any projects, please contact us at [email protected].