NodeSecurityShield – A Developer And Security Engineer Friendly Package For Securing NodeJS Applications

A Developer and Security Engineer friendly package for Securing NodeJS Applications. Inspired by the log4J vulnerability (CVE-2021-44228) which can be exploited because an application can make arbitrary network calls. We felt there is an need for an application to declare what privileges it can have so that exploitation of such vulnerabilities becomes harder. To achieveRead More

Njsscan – A Semantic Aware SAST Tool That Can Find Insecure Code Patterns In Your Node.js Applications

njsscan is a static application testing (SAST) tool that can find insecure code patterns in your node.js applications using simple pattern matcher from libsast and syntax-aware semantic code pattern search tool semgrep. Installation pip install njsscan Requires Python 3.6+ and supports only Mac and Linux Command Line Options $ njsscanusage: njsscan [-h] [–json] [–sarif] [–sonarqube]Read More

Mininode – A CLI Tool To Reduce The Attack Surface Of The Node.js Applications By Using Static Analysis

Mininode is a CLI tool to reduce the attack surface of the Node.js applications by using static analysis of source code. It supports two modes of reduction (1) coarse, (2) fine. Mininode constructs the dependency graph (modules and functions used) of the application starting from main file, i.e. entry point of the application. Mininode initializesRead More

Ninjasworkout – Vulnerable NodeJS Web Application

Damn Vulnerable NodeJS Application Quick Start Download the Repo => run npm i Afer Installing all dependency just run the application node app.js or nodemon app.js ADDED BUGS Prototype Pollution No SQL Injection Cross site Scripting Broken Access Control Broken Session Management Weak Regex Implementation Race Condition CSRF -Cross Site Request Forgery Weak Bruteforce ProtectionRead More

WARCannon – High Speed/Low Cost CommonCrawl RegExp In Node.js

WARCannon was built to simplify and cheapify the process of ‘grepping the internet’. With WARCannon, you can: Build and test regex patterns against real Common Crawl data Easily load Common Crawl datasets for parallel processing Scale compute capabilities to asynchronously crunch through WARCs at frankly unreasonable capacity. Store and easily retrieve the results How itRead More

Js-X-Ray – JavaScript And Node.js Open-Source SAST Scanner (A Static Analysis Of Detecting Most Common Malicious Patterns)

JavaScript AST analysis. This package has been created to export the Node-Secure AST Analysis to enable better code evolution and allow better access to developers and researchers. The goal is to quickly identify dangerous code and patterns for developers and Security researchers. Interpreting the results of this tool will still require you to have aRead More

DVNA – Damn Vulnerable NodeJS Application

Damn Vulnerable NodeJS Application (DVNA) is a simple NodeJS application to demonstrate OWASP Top 10 Vulnerabilities and guide on fixing and avoiding these vulnerabilities. The fixes branch will contain fixes for the vulnerabilities. Fixes for vunerabilities OWASP Top 10 2017 vulnerabilities at fixes-2017 branch.The application is powered by commonly used libraries such as express, passport,Read More