Code Analysis

Static Code Analysis - Tools

Sourcebot

Sourcebot | The Code Understanding Toolwww.sourcebot.dev

Training - Vulnerable Code Snippets

GitHub - yeswehack/vulnerable-code-snippets: Twitter vulnerable snippetsGitHub

Search for credentials

GitHub - m14r41/scan4secrets: SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.GitHub

Credentials in git repos

XSS in PHP Source Code

#!/bin/bash

# 1) save it as xssaminer
# 2) allow execution: chmod +x xssaminer
# 3) run it & check usage: ./xssaminer

if [ -z $1 ]
then
	echo -e "Usage:\n$0 FILE\n$0 -r FOLDER"
	exit
else
	f=$1
fi

sources=(GET POST REQUEST "SERVER\['PHP" "SERVER\['PATH_" "SERVER\['REQUEST_U")
sinks=(? echo die print printf print_r var_dump)

xssam(){
	for i in ${sources[@]}
	do
		a=$(grep -in "\$_${i}" $f | grep -o "\$.*=" | sed "s/[ ]\?=//g" | sort -u)

		for j in ${sinks[@]}
		do
			grep --color -in "${j}.*\$_${i}" $f

			for k in $a
			do
				grep --color -in "${j}.*$k" $f
			done
		done
	done
}

if [ $f != "-r" ]
then
	xssam
else
	for i in $(find $2 -type f -name "*.php")
	do
		echo "File: $i"
		f=$i
		xssam
	done
fi

http://brutelogic.com.br/brutal/xssaminer.txtbrutelogic.com.br

https://brutelogic.com.br/blog/looking-xss-php-source/brutelogic.com.br

PHP Code Analysis

PHP Code Auditing - CTF Wiki ENctf-wiki.mahaloz.re

SpotBugs

Java Code

GitHub - spotbugs/spotbugs: SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.GitHub

Semgrep

GitHub - semgrep/semgrep: Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.GitHub

Getting Started with Semgrep and Finding VulnerabilitiesPayatu

Semgrep A Practical IntroductionNotSoSecure

Rules - C/C++

GitHub - 0xdea/semgrep-rules: A collection of my Semgrep rules to facilitate vulnerability research.GitHub

Rules - Python, Javascript/GraphQL, Go, Rust

GitHub - trailofbits/semgrep-rules: Semgrep queries developed by Trail of Bits.GitHub

Rules - Java/Android, PHP, Kotlin

GitHub - federicodotta/semgrep-rules: A collection of my Semgrep rulesGitHub

Rules - Multiple Languages

GitHub - semgrep/semgrep-rules: Semgrep Community Edition rules, maintained by Semgrep and the community. Free to use under the Semgrep Rules License.GitHub

Opengrep

GitHub - opengrep/opengrep: 🔎 Static code analysis engine to find security issues in code.GitHub

Sonarqube

Scan

osboxes@osboxes:~/Desktop/test$ /opt/sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner   -Dsonar.projectKey=test   -Dsonar.sources=.   -Dsonar.host.url=http://localhost:9000   -Dsonar.token=sqp_298c331b3738f8a44310aece9e2de4008d82cde5

Snyk

Online

Not recommanded or remove sensitive information

Vérificateur de code | Outil gratuit et basé sur l’IA pour la sécurité du code | Analyse du code par l’IA | SnykSnyk

Snyk CLI

Guide to Snyk CLI: Install and Key Commands to KnowBright Security

https://app.snyk.io/loginapp.snyk.io

CodeQL

CodeQLcodeql.github.com

Getting started with the CodeQL CLI - GitHub DocsGitHub Docs

Example with Visual Studio:

Discovering Hidden Vulnerabilities in Portainer with CodeQLCyberArk

Vulnhuntr

GitHub - protectai/vulnhuntr: Zero shot vulnerability discovery using LLMsGitHub

PHP Static Analysis Tool

GitHub - phpstan/phpstan: PHP Static Analysis Tool - discover bugs in your code without running it!GitHub

Dependency Takeover - Node.js

GitHub - 0xaudron/dependency-takeover: A very small helper script for your dependency confusion attackGitHub

List of Static Application Security Testing (SAST) Tools

Source Code Analysis Tools | OWASP Foundationowasp.org

Resources

SEI CERT C Coding Standard

Confluence Mobile - Confluencewiki.sei.cmu.edu

SEI CERT C++ Coding Standard

Confluence Mobile - Confluencewiki.sei.cmu.edu

SEI CERT Oracle Coding Standard for Java

Confluence Mobile - Confluencewiki.sei.cmu.edu

OWASP Secure Coding Practices

OWASP Secure Coding Practices-Quick Reference Guide | OWASP Foundationowasp.org

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.