Joern – Open-source Code Analysis Platform For C/C++/Java Based On Code Property Graphs

Joern’s Documentation is available here: https://docs.joern.io/home Quick Installation wget https://github.com/ShiftLeftSecurity/joern/releases/latest/download/joern-install.shchmod +x ./joern-install.shsudo ./joern-install.shjoernCompiling (synthetic)/ammonite/predef/interpBridge.scCompiling (synthetic)/ammonite/predef/replBridge.scCompiling (synthetic)/ammonite/predef/DefaultPredef.scCompiling /home/tmp/shiftleft/joern/(console) ██╗ ██████╗ ███████╗██████╗ ███╗ ██╗ ██║██╔═══██╗██╔════╝██╔══██╗████╗ ██║ ██║██║ ██║█████╗ ██████╔╝██╔██╗ ██║██ ██║██║ ██║██╔══╝ ██╔══██╗██║╚██╗██║╚█████╔╝╚██████╔╝███████╗██║ ██║██║ ╚████║ ╚════╝ ╚═════╝ ╚══════╝╚═╝ ╚═╝╚═╝ ╚═══╝joern> If the installation script fails for any reason, try ./joern-install –interactive Download Joern

Php_Code_Analysis – San your PHP code for vulnerabilities

This script will scan your code the script can find check_file_upload issues host_header_injection SQl injection insecure deserialization open_redirect SSRF XSS LFI command_injection features fast simple report usage: python code.py <file name> >>> this will scan one filepython code.py >>> this will scan full folder (.)python code.py <path> >>> scan full folder Download Php_Code_Analysis

Obfuscation_Detection – Collection Of Scripts To Pinpoint Obfuscated Code

Automatically detect control-flow flattening and other state machines Author: Tim Blazytko Description: Scripts and binaries to automatically detect control-flow flattening and other state machines in binaries. Implementation is based on Binary Ninja. Check out the following blog post for more information: Automated Detection of Control-flow Flattening Usage $ ./detect_flattening.py samples/finspy Function 0x401602 has a flattening scoreRead More

Threatspec – Continuous Threat Modeling, Through Code

Threatspec is an open source project that aims to close the gap between development and security by bringing the threat modelling process further into the development process. This is achieved by having developers and security engineers write threat modeling annotations as comments inside source code, then dynamically generating reports and data-flow diagrams from the code.Read More

Wifi-Password – Quickly Fetch Your WiFi Password And If Needed, Generate A QR Code Of Your WiFi To Allow Phones To Easily Connect

Quickly fetch your WiFi password and if needed, generate a QR code of your WiFi to allow phones to easily connect.  Works on macOS and Linux and Windows Installation Install using pip $ python3 -m pip install –user wifi-password Install using git $ git clone https://github.com/sdushantha/wifi-password$ cd wifi-password$ python3 setup.py install Install using the AURRead More

COM-Code-Helper – Two IDAPython Scripts Help You To Reconstruct Microsoft COM (Component Object Model) Code

Two IDAPython Scripts help you to reconstruct Microsoft COM (Component Object Model) Code Especially malware reversers will find this useful, as COM Code is still regularly found in malware. ClassAndInterfaceToNames.py This IDAPython script scans an idb file for class and interfaces UUIDs and creates the matching structure and its name. Make sure to copy interfaces.txtRead More

Phpvuln – Audit Tool To Find Common Vulnerabilities In PHP Source Code

phpvuln is an open source OWASP penetration testing tool written in Python 3, that can speed up the the process of finding common PHP vulnerabilities in PHP code, i.e. command injection, local/remote file inclusion and SQL injection. Installation You can download phpvuln by cloning the Git repository: git clone https://github.com/ecriminal/phpvuln.git Install the required PIP packages:Read More

Flawfinder – A Static Analysis Tool For Finding Vulnerabilities In C/C++ Source Code

This is “flawfinder” by David A. Wheeler. Flawfinder is a simple program that scans C/C++ source code and reports potential security flaws. It can be a useful tool for examining software for vulnerabilities, and it can also serve as a simple introduction to static source code analysis tools more generally. It is designed to beRead More

Drow – Injects Code Into ELF Executables Post-Build

drow is a command-line utility that is used to inject code and hook the entrypoint of ELF executables (post-build). It takes unmodified ELF executables as input and exports a modified ELF contianing an embedded user-supplied payload that executes at runtime. Slightly more detail … Drow takes the following steps to create the new patched ELF:Read More

X