Code Analysis

Static Code Analysis - Tools

Sourcebot

Sourcebot | Open-Source Code Search Tool

Training - Vulnerable Code Snippets

GitHub - yeswehack/vulnerable-code-snippets: Twitter vulnerable snippetsGitHub

Search for credentials

GitHub - m14r41/scan4secrets: SAST and DAST Scan Supported with 400 plus rules available for secrets and allow you add your own wordlist as well. lightweight source code scanner and for URL that detects hardcoded secrets like API keys, credentials, and sensitive information across files and folders.GitHub

Credentials in git repos

XSS in PHP Source Code

#!/bin/bash

# 1) save it as xssaminer
# 2) allow execution: chmod +x xssaminer
# 3) run it & check usage: ./xssaminer

if [ -z $1 ]
then
	echo -e "Usage:\n$0 FILE\n$0 -r FOLDER"
	exit
else
	f=$1
fi

sources=(GET POST REQUEST "SERVER\['PHP" "SERVER\['PATH_" "SERVER\['REQUEST_U")
sinks=(? echo die print printf print_r var_dump)

xssam(){
	for i in ${sources[@]}
	do
		a=$(grep -in "\$_${i}" $f | grep -o "\$.*=" | sed "s/[ ]\?=//g" | sort -u)

		for j in ${sinks[@]}
		do
			grep --color -in "${j}.*\$_${i}" $f

			for k in $a
			do
				grep --color -in "${j}.*$k" $f
			done
		done
	done
}

if [ $f != "-r" ]
then
	xssam
else
	for i in $(find $2 -type f -name "*.php")
	do
		echo "File: $i"
		f=$i
		xssam
	done
fi

http://brutelogic.com.br/brutal/xssaminer.txt

Looking for XSS in PHP Source CodeBrute XSS

PHP Code Analysis

PHP Code Auditing - CTF Wiki EN

SpotBugs

Java Code

GitHub - spotbugs/spotbugs: SpotBugs is FindBugs' successor. A tool for static analysis to look for bugs in Java code.GitHub

Semgrep

GitHub - semgrep/semgrep: Lightweight static analysis for many languages. Find bug variants with patterns that look like source code.GitHub

Getting Started with Semgrep and Finding VulnerabilitiesPayatu

Semgrep A Practical IntroductionNotSoSecure

Rules - C/C++

GitHub - 0xdea/semgrep-rules: A collection of my Semgrep rules to facilitate vulnerability research.GitHub

Rules - Python, Javascript/GraphQL, Go, Rust

GitHub - trailofbits/semgrep-rules: Semgrep queries developed by Trail of Bits.GitHub

Rules - Java/Android, PHP, Kotlin

GitHub - federicodotta/semgrep-rules: A collection of my Semgrep rulesGitHub

Rules - Multiple Languages

GitHub - semgrep/semgrep-rules: Semgrep rules registryGitHub

Sonarqube

Scan

osboxes@osboxes:~/Desktop/test$ /opt/sonar-scanner-5.0.1.3006-linux/bin/sonar-scanner   -Dsonar.projectKey=test   -Dsonar.sources=.   -Dsonar.host.url=http://localhost:9000   -Dsonar.token=sqp_298c331b3738f8a44310aece9e2de4008d82cde5

Snyk

Online

Not recommanded or remove sensitive information

Vérificateur de code | Outil de sécurité du code gratuit basé sur l’IA | SnykSnyk

Snyk CLI

Snyk CLI Quick Guide: Installation and Common CommandsBright Security

https://app.snyk.io/loginapp.snyk.io

CodeQL

CodeQL

Getting started with the CodeQL CLI - GitHub DocsGitHub Docs

Example with Visual Studio:

https://www.cyberark.com/resources/threat-research-blog/discovering-hidden-vulnerabilities-in-portainer-with-codeqlwww.cyberark.com

Vulnhuntr

GitHub - protectai/vulnhuntr: Zero shot vulnerability discovery using LLMsGitHub

PHP Static Analysis Tool

GitHub - phpstan/phpstan: PHP Static Analysis Tool - discover bugs in your code without running it!GitHub

Dependency Takeover - Node.js

GitHub - 0xaudron/dependency-takeover: A very small helper script for your dependency confusion attackGitHub

List of Static Application Security Testing (SAST) Tools

Source Code Analysis Tools | OWASP Foundation

Resources

SEI CERT C Coding Standard

Confluence Mobile - Confluence

SEI CERT C++ Coding Standard

Confluence Mobile - Confluence

SEI CERT Oracle Coding Standard for Java

Confluence Mobile - Confluence

OWASP Secure Coding Practices

OWASP Secure Coding Practices-Quick Reference Guide | OWASP Foundation

Interesting Books

Interesting Books

Disclaimer: As an Amazon Associate, I earn from qualifying purchases. This helps support this GitBook project at no extra cost to you.

• The Web Application Hacker’s Handbook The go-to manual for web app pentesters. Covers XSS, SQLi, logic flaws, and more

• Bug Bounty Bootcamp: The Guide to Finding and Reporting Web Vulnerabilities Learn how to perform reconnaissance on a target, how to identify vulnerabilities, and how to exploit them

• Real-World Bug Hunting: A Field Guide to Web Hacking Learn about the most common types of bugs like cross-site scripting, insecure direct object references, and server-side request forgery.

Support this Gitbook

I hope it helps you as much as it has helped me. If you can support me in any way, I would deeply appreciate it.